In this latest edition of Senior Tech Talk, we sat down with Steve, Head of Cyber Security Profession at the Home Office, for an insightful conversation on how the profession has evolved the IT landscape and how the Home Office Cyber Security Operating Centre is constantly evolving to stay one step ahead of cyber criminals targeting government systems.
Can you tell us a little about your journey into tech and how you came to join the Home Office.
My interest in technology began early. My parents bought our first computer when I was around 10 years old and I remember experimenting with basic code. For my first programme you entered your name and it responded saying ‘Hello Steve’ for example. If your name was Peter (my brother’s name), it would reply ‘Hello Peter, you’re stupid’. From this early interaction with tech, I was fascinated by how systems worked and this set me on my path into the world of IT and eventually to my degree in Computer Science.
After graduating, I wasn’t ready to go straight into an office-based IT job, so I joined the Royal Air Force as an Intelligence Officer. It was the perfect blend for me; the excitement of military life combined with a cerebral role grounded in intelligence work. Eight years later, including two spent at GCHQ, I moved to the Police to support the Olympic Intelligence Centre, helping protect the London 2012 Olympic Games. From there I shifted to the private sector, working in risk during the period when ‘Denial of Service’ attacks were starting to significantly disrupt banks and large organisations.
I then ventured back into education to study for a Cyber Security PhD, where I spent four years researching and writing about the Crypto Wars. That led me into the Cabinet Office to contribute to the National Cyber Security Strategy, followed by roles at DWP, and into my current position within the Home Office.
The Cyber Security profession has grown rapidly in recent years, evolving into one of the fastest-growing tech sectors. How has it changed during your career?
When I first began my degree, security was barely an afterthought in software design. It was always a back-office IT function, something added on to the job of IT professionals. The focus was on efficiency, performance and functionality, not on the idea that malicious actors would actively try to exploit systems. Only in the last 20 years has cyber security begun to be seen as a field and as it grew the language also changed. Information Security became Cyber Security, and the profession adopted the language of warfare and spy craft.
Today, Cyber Security is embedded into the heart of digital delivery and is a fully fledged, exciting specialism in its own right. We have sophisticated monitoring tools, and principles like ‘Secure by Design’ to ensure that security is foundational rather than an add-on. This shift has largely been driven by the ingenuity of threat actors. As they discovered the benefits of exploiting vulnerable systems, the profession had to respond.
With the advancement in technology, the Home Office must be a big target for Cyber criminals. What role does the Cyber Security profession play in protecting the Home Office?
The Home Office is one of the UK’s largest government departments, safeguarding our citizens every day – from securing borders to tackling terrorism, meaning we’re a huge target for cyber criminals. Everyday our digital infrastructure faces relentless cyber threats from criminal groups that are sophisticated, persistent and constantly evolving, and we need to stay one step ahead.
To detect and respond to these attacks, we have some of the most advanced defensive measures in place. Our 24/7 Cyber Security Operating Centre never sleeps and is always alert to emerging threats. While technology is vital, our greatest strength is our people. We rely on an enormous breadth of skills: technical experts, communicators, behavioural specialists, and collaborators, who can engage with the business, stakeholders, and at ministerial level. Recruiting, developing, and retaining this talent is essential to staying ahead.
It sounds like the work of the Cyber Security profession at the Home Office is incredibly important. How does technology underpin the work that gets done?
At its core, Cyber Security is a technical arms race. We must identify and fix vulnerabilities before threat actors exploit them, detect intrusions while adversaries attempt to conceal themselves, and respond to incidents before they can cause harm. Every one of these tasks is powered by technology, but technology alone isn’t enough. The pace of change, particularly with automated attacks, demands that we constantly adapt how we work.
Looking forward, we’re transforming how we operate to ensure security is built into everything the Home Office delivers, and one of the things we've recently delivered is a new approach called 'Secure by Design’. The Home Office, like other organisations, also has a range of legacy technology which can present different challenges in terms of protection to make sure security is embedded into every new product we deliver, our ‘Secure by Design’ approach will ensure that security measures are built into new technology at all stages of its life cycle. At the same time, we have to keep pace with the increasing automation used by attackers, ensuring our own tools and processes develop just as rapidly.
Why is Manchester an important city for the Home Office, and the Cyber Security profession?
The heart of Home Office Cyber Security is Manchester. The city is becoming a major UK cyber hub, with a five-year plan to grow its cyber ecosystem and an influx of top talent into the region. GCHQ’s presence places national capability right at the heart of the city, and the Home Office’s Cyber Security Operating Centre is also based here. It’s a vibrant, ambitious environment that strengthens the profession and broadens opportunities for collaboration.
Finally, what advice would you give to somebody who is interested in joining the Cyber Security team at the Home Office?
As a first step, register with Civil Service Jobs, and set up alerts relating to cyber roles. It is also worth joining LinkedIn and following our UK Home Office Careers page to keep up to date with live roles, news, and event listings.
There is a common misconception that cyber is just about highly technical roles, but there’s a huge range of different requirements and variety across the profession, which makes it an exciting area to be involved with. In addition to this, we have a real focus on developing and investing in our people, enabling them to learn the skills and knowledge they need to thrive in their roles. So don’t be put off if you can’t tick every box on the job advert, there are plenty of opportunities to develop. Take that first step
Thank you Steve!
You can find out more about the Cyber Security professions by visiting the Home Office Digital career’s website.
