Focus on a Chartered Security Professional – Ben Brown CSyP
In our ongoing series of articles spotlighting Chartered Security Professionals, we interview Ben Brown CSyP for an insight into his career path and why he chose to apply to the Register.
Q: What has been your career path to becoming a Chartered Security Professional?
A: I didn’t actually plan to become a security professional, it slowly happened over time. I have always worked with large, high-value IT systems for financial organisations, where security is always a requirement.
I started working as an IT support technician, before moving into consultancy roles and then into management. Many of my early roles were based in the City of London at a time when large terrorist attacks were more common than they are now, which helped me develop my risk and incident and disaster management skills.
I’ve worked for many of the largest investment and retail banks in the UK, but one of my most challenging roles was working for Guardian News and Media (publisher of the Guardian and Observer newspapers) as their Head of Systems. This role meant I was responsible for some very high-profile systems as well as ensuring that their move to new offices in King’s Cross went smoothly.
Q: What training and qualifications do you have?
A: Being dyslexic, I really struggled at school, and left with a bunch of reasonable, but not noteworthy, GCSE grades. This allowed me to get into technical college where I studied general engineering, which was a mix of mechanical, electrical and production engineering. Although, at first glance, it bears little relationship to security, I learned a great deal about completing work to industry standards, documentation, minimising waste, following processes and ethical skills which set me in good stead for much of my career. And, of course, an understanding of mechanical systems and electronics has been a huge help when assessing, and trying to defeat, physical and digital security systems.
In addition to academic qualifications, I also hold security qualifications from security vendors, the Certified Ethical Hacker, and Certified Information Systems Security Professional qualifications, which many see as the two certifications which define a cyber security professional.
Q: Are there any key individuals who have mentored or supported you?
A: One of the people who has helped me the most in my career was Richard Norman, CISM, CRISC, CISA, CGEIT, CDPSE, who I had the opportunity to work with at a UK retail bank. Richard is an expert on risk, and he really helped to challenge my understanding of risk, risk management and how risk affects a business.
The other person who has supported me over my career is my wife, Kerry. As a Data Protection professional, she’s constantly keeping me updated on the latest decisions of the Information Commissioner’s Office and advising on the legal requirements that the security controls I specify should meet.
Q: What made you decide to apply for the Register of Chartered Security Professionals?
A: I had been considering it for a while, for a number of reasons. The information and cyber security fields are far less organised than the physical security fields; there is a lot of very poor advice out there, and this had got me thinking about how helpful it would be for security professionals to have an industry-recognised mark of quality to help others identify them.
Although there are several professional bodies which cover IT, cyber and information security, some of which offer their own chartered professional awards, the only scheme which covers security in its entirety is the Chartered Security Professional. This is becoming extremely important as the digital and physical security worlds are converging extremely rapidly, meaning that the traditional divisions are fast becoming less relevant.
Lastly, I like to do outreach by mentoring the next generation of security professionals as well as advising both the financial services industry and public on security matters. Although the CSyP isn’t as well known as it could be in the commercial sector, it’s well known in the public sector and being on the register seemed to be the perfect way of demonstrating that my skills are relevant, current and considered to be at a good standard.
Q: What would you say to others considering applying?
A: I would strongly recommend applying to anyone who is thinking about it. The process is challenging, and it will help you get a good understanding of your skills and weaknesses. If possible, reach out to a CSyP as they’ll be able to give you some helpful advice about the process and what being a CSyP involves. Registering an Expression of Interest (EOI) with the Registrar is a fantastic, and risk-free, way of ensuring your skills are where they need to be before committing to the full application process.
