Information Assurance Manager, Maddy
What is your role?
I’m an Information Assurance and Cyber Security Manager in the Information Management & IT function.
What does your role entail?
My role is to articulate the way the organisation manages its information and security. I’m also responsible for governance, compliance and risk.
How did you get into information assurance?
I graduated with a degree in Economics and Politics. I decided to join the Civil Service due to the variety of roles and experiences on offer, joining DE&S in 2017 as part of the IT Helpdesk. During my two years in this role, I developed an interest in information assurance and maintaining the security of our information – something that’s especially important given the nature of the organisation. I created opportunities to learn more by taking on side projects and attending meetings to expand my network. Through these new contacts, I discovered the advert for my current role and successfully applied.
Can you tell me about your team?
I work in a team of around 70 information assurance professionals and our job is to identify risk and articulate it in a way everyone can understand, to enable our decision makers to make effective decisions. The wider team is divided into specialists in Information Security and specialists in Information Management. The people in Information Security look at the confidentiality, integrity, and availability of information, while Information Management look at how accessible information is and ensuring it is organised so the relevant people can find it. There’s a variety of people in my team with a range of different backgrounds and experience – from people who have worked as librarians to those with a technical or programming background.
What does your day to day role look like?
I meet with stakeholders to help them understand their information security requirements, and work with them to find solutions where a situation makes it challenging to implement a standard security measure. We collaborate to find a way to achieve what they need securely. I work with known security standards and identify, assess and treat risk.
What do you enjoy about working in this field?
In my role I get to meet a lot of people, both internal and external. This field of work is a huge growth area so there are lots of development opportunities and it acquires a lot of interest from the wider organisation which is really motivating and exciting to be a part of. I also enjoy working with stakeholders to achieve a secure outcome. It’s a really rewarding and satisfying part of my role.
Why is information assurance so important?
Information assurance safeguards the value of what we’re doing for the taxpayer. We’re making large investments in equipment and processes; if we can’t safeguard these investments then we can’t safeguard their value. Our role as civil servants helps to defend the nation by looking after the security of our government institutions.
What transferable skills might people already possess that would be relevant to a career in information assurance?
Communication is key as it’s important to relay complex information clearly and concisely to others in a way that they understand, to enable them to make informed decisions. Due to the nature of the role and the variety of people you speak to, being approachable, having a high level of attention to detail, being adaptable to change and being good at problem solving are also great skills to possess to help you succeed.
What emerging technologies or trends are interesting or challenging?
There are new standards being tested for assuring the security of interconnected devices, which is interesting. There are lots of devices that you might not normally associate with your phone or computer, which could be connected to a network, for example thermostats or Smart Speakers. This is a really fascinating topic as it evolves to become the new frontier.
What advice would you give someone who was looking to pursue career in information assurance?
My advice would be to constantly challenge yourself to keep learning. Continual improvement is the vein that runs through everything in information assurance and cyber security, and you have to be keen to foster that approach in every aspect of your job. Cyber technology is constantly evolving so you must be interested to learn and open to change, in order to adapt to new ways of working.
There isn’t one linear learning path in this field, there’s lots of niche areas of expertise that you might be interested in specialising in. There are so many different opportunities that will be presented to you and it’s important to make the most of them.
How has DE&S supported your professional development?
I’m currently working towards my master’s degree in information assurance. This is funded through work and it’s a great opportunity to gain an official qualification and access to useful resources. There are lots of other people from the MOD on my course, both civilian and military, so it’s really interesting to hear the range of experiences and to be able to discuss ideas with other specialists in this area.
I’ve also benefited from other formal training, such as security and risk certifications which have been invaluable throughout my career development. I receive mentoring from colleagues which has been very useful, and I’m part of the Women in Defence mentoring programme, too. At DE&S everyone is willing to help other people develop in their careers – you really feel supported to achieve your ambitions.
Can you tell us a bit more about the Women in Defence mentoring programme?
The Women in Defence mentoring programme is a way for people in the defence sector, both private and public, to share their experiences. My mentor is a woman from Dell and I’m looking forward to what this mentorship will bring. I also had the opportunity to attend the Women in Defence awards. It was a great experience to be able to see all the people who had been nominated across the whole of defence and hear about their experiences. I came away feeling really inspired about everything we achieve in defence and security.
With hybrid working in mind, what do you do as a team to help everyone stay connected and supported?
We run social events as a team, such as quizzes and walks, and have a weekly call that brings everyone together to discuss anything anyone needs help with and provide regular updates. We also recognise people’s hard work and achievements through an award scheme.
What makes DE&S a great place to work?
DE&S is the first organisation where I have worked and felt recognised as an individual. They see you for who you are and make the most of the skills you have. They value everyone’s strengths while providing a wide range of opportunities to help you succeed.