New Cyber Group Chair Appointed
We are pleased to welcome Alex Stezycki as the new Chair of the Cyber Group and look forward to hearing his plans for upcoming activities. We would like to take this opportunity to thank Dian Leeson IRMCert for all of her valuable contributions to the group's activities and wish her all the best for the future.
Alex Stezycki (pronounced Stez-ee-key) has worked in information and cyber security for approximately 16 years with a further 7 years of IT experience as a systems administrator.
Alex began his IT and Security careers at British Gas where he started in 1991 as a Service Clerk. British Gas demerged in 1997 which is when he moved as part of the restructure across from Centrica to Transco into an IT role covering the North Thames Region. In 2002 Transco merged with National Grid, again providing Alex with the opportunity to relocate to the Midlands joining a fantastically skilled ICT team who built and supported National Grid’s new Midlands Head Office.
Shortly after the merger, National Grid outsourced its ICT services whereupon Alex transferred across to CSC who again provided new opportunities, this time in the growing field of Information Security, which he moved into in 2005.
To get a broad breadth of security knowledge Alex pursued a part-time course in Information Security run by the Royal Holloway University and QCC, allowing him the privilege to meet both John Austen who set up the Metropolitan Police's Computer Crime Unit (CCU) and Professor Fred Piper, renowned cryptographer, who played a leading role in the establishment of the Institute of Information Security Professionals (IISP). Both inspired Alex with their vision for a recognised Professional Information Security institute chiming with his own aspirations for industry recognition and professionalisation. Alex joined the IISP in 2008 as an Associate achieving Full Membership in 2015.
In 2012 Alex joined Capgemini’s Cyber Security Unit and he worked in a variety of Private and Public sector roles in various security consultancy roles, including risk assessor, architect, manager, etc. In 2018, the IISP was granted the Royal Charter and became the Chartered Institute of Information Security (CIISec). During this time he wanted to mature my risk management skills and undertook the International Certificate in Enterprise Risk Management (IRMCert).
Since then Alex has contemplated how Infosec/Cyber Risk Management matures and integrates into Enterprise Risk Management, as to date in his experience the two tend to run independently and are siloed. To this end, Alex once again feels privileged to be given the opportunity and be appointed as Chair for the Cyber Group within the IRM and hopes to do his bit to move the agenda forward for the benefit of all.
We asked Alex for his thoughts on a few questions relating to the future of the group, here's what he said.
What are your plans for the group under your leadership?
It is the ambition of the Cyber Group to promote better knowledge of cyber risk management with the aim to connect cyber risk into corporate enterprise risk management for a more holistic risk management approach. And to ensure that cyber risk is recognised as a board-level agenda item; in the same way, as for example legal risk is,
“…I don’t think any chief exec would get away with saying they don’t need to understand legal risk because they have a General Counsel. I think the same should be true of cyber risk. This is a board-level issue…” Lindy Cameron, CEO at NCSC, from Cyber 2021.
The Cyber Group aims to connect the existing risk management profession to cyber risk practitioners and membership organisations to enable a mutual exchange of experience and knowledge to mature cyber risk management by learning from more mature risk management sectors.
What would you say are the top issues facing Risk Managers working in Infrastructure and what is the importance of good/qualified risk managers?
The relative immaturity and diversity of cyber risk management approaches can make managing cyber risk confusing for cyber risk professionals.
The ever increasing and relentless onslaught of cyber-attacks and what it means to global society as we enter the Fourth Industrial Revolution.
Addressing the lack of skilled cyber security risk managers and professionals by tapping into the wider and broader range of talent by promoting diversity and upskilling.
Why should risk managers in cyber join this group?
The only way to move the cyber risk topic agenda forward is through active contribution and collaboration and we urge IRM members and risk practitioners, both cyber and non-cyber, to get involved to facilitate the exploitation of digital advances whilst addressing the risks of doing so and on a more personal level to improve your own professional networks.
If you feel like you could make a difference and help drive the group, then you may be able to join the group's committee. This is a great opportunity to contribute to the risk management community and Institute's thought leadership outputs whilst networking and enhancing your CV. Get in touch if you'd like to find out more.