Graham Bye has spent 30 years in law enforcement, and a further 7 informing and advising businesses about the cyber threat. As an independent consultant with close connections to the CyberScotland Partnership and throughout the Cyber Essentials Certification Body network in Scotland, he is a man who brings people together, builds bridges and finds solutions. IASME is extremely honoured to welcome him as one of the team. It’s great to have you on board Graham, we look forward to working with you.
Tell us a little bit about your transition from police detective to cyber security advocate.
During my time in the police, I moved from crime investigation to covert intelligence development, and eventually progressed to senior management and command positions. All through my service, regardless of what the problem was, I’ve always focused on a solution-based approach. After retiring from the police, in 2016 I was appointed as the Cyber security Information Shared Partnership (CiSP) Coordinator for Scotland and was aligned to what was then the Scottish Business Resilience Centre (now called the Cyber and Fraud Centre Scotland).
CiSP is a trusted exchange forum and platform that provides members with an opportunity to share and absorb intelligence from a wider community than otherwise might be accessible. My role was to go out to businesses in Scotland and raise awareness of the cyber threat, share intelligence and signpost to helpful information. But when I started to do that, people would ask me what they could do to make their business safer. As Cyber Essentials was the government’s standard for cyber security, it seemed to be the obvious fit. I identified that there were Certification Bodies (CBs) based and working in Scotland and I reached out to them and invited them into the centre to ask, ‘what can we do in Scotland to promote Cyber Essentials? The response was fantastic, and even though there was only about 15 or 16 CBs based in Scotland at that time, there was a real appetite to work together. Along with the Scottish Business Resilience Centre, which was supported by the Scottish Government, we established a trusted partner network, and met quarterly to look at how we could help businesses protect themselves with the Cyber Essentials controls. That group, now made up of about 28 companies, still meets four times a year.
Despite all my experience in the police, at first, I did not fully understand cyber security and I got my eyes opened to just how much threat was out there. As far as I was concerned, cyber crime was out of control; attacks were happening on a daily basis and of course only a very small proportion were ever reported to the police. I quickly learned that the vast majority of the attacks were actually low sophistication, high volume attacks that can be fairly easily prevented. The message was clear, if you’re using the internet, you are just as likely to be attacked as anybody else. Cyber Essentials covers the most important cyber security measures that can protect you from over 80% of the most common cyber attacks. For those wary of high costs, I reassured them that they could actually do quite a lot relatively cheaply to protect themselves.
As a non-technical person, I felt that I could talk to business owners in an accessible way to pass on an important message. I was speaking to CEOs and board members who, by and large, were not from a technical background, but did need to understand which questions to ask. It is so important not to switch people off with too much tech talk and I know that these softer skills are now part of the training for the Cyber Advisors so they can go out and talk to businesses in everyday language.
What is your new role at IASME all about?
The CyberScotland Partnership (CSP) was formally launched in 2021 with 16 Strategic Stakeholders that includes Scottish Government, NCSC and Police Scotland. The Partnership has been amplifying key advice and guidance to organisations, businesses and individuals to help raise awareness of the current cyber threat and signposting through a dedicated website and bulletins how to access that information. Through my work with the Partnership, I have a great deal of experience of getting people together to work collectively towards a common goal. It has meant that our message of cyber security and resilience for organisations is clear and consistent, and people can trust that it comes from a reliable source.
IASME is part of the CyberScotland Partnership, and I am delighted to work with the growing IASME team based in Scotland to help build more strong partnerships. Last year, IASME opened an office in Dalgety Bay and now have three staff members based there. I think this will go a long way towards establishing IASME as a nationwide organisation. Having already established a working relationship with Cyber Essentials Certification Bodies (CBs) across Scotland, my role within IASME will help strengthen the presence in Scotland and confirm that IASME is a fully committed and proactive member of the CyberScotland Partnership.
On 21st September, I was in Glasgow with IASME who led an inclusion event with the CyberScotland Partnership and Scottish Government. The event brought together influential people from across the industry to understand the issues associated with diversity and inclusion. We worked together to find actionable outcomes which would make a positive difference to diversity in the Scottish Cyber Security Sector. IASME will be developing these into a set of projects which can be taken forward by the CyberScotland Partnership and the wider cyber security ecosystem.
Read Graham’s blog, ‘procrastination is the thief of time’
Listen to the Cyber Scotland podcast, hosted by Graham Bye and featuring COO of IASME, Chris Pinder. John Macleod, the Commercial Director at Leask Marine, International Marine Contractors in Orkney talks about the process of achieving Cyber Essentials certification. They are joined by Robbie Ross, Chief Security Officer at Converged Communications Solutions in Aberdeen who are a licensed Cyber Essentials Certification Body.