This article was originally published on 13 February 2024.
You can read the original article on the 6point6 website here.
Andy highlights how information assurance is much broader than cyber security and discusses the art of balancing risk and cost for companies who are facing unprecedented challenges in a hyper-digital world.
What I do
I joined 6point6 as an information assurance principal consultant in 2020. I focus on ensuring that we suitably manage the risks in our clients’ data systems and business practices. Information assurance is about helping organisations protect their information and networks, building protective rings around a virtual and offline information ecosystem looking across cyber security, information security and risk management. It’s all good having the latest cyber security software, but what about other likely scenarios? For example, an employee accidentally sharing sensitive customer information or someone walking out with a company laptop potentially containing confidential information – these are the broader risks that must be considered alongside the usual cyber attacks or threat actors.
Information security continues to face an unprecedented level of change. Organisations often feel lost in a sea of changing regulations, policies and best practice, making compliance and data protection a challenging process. And no organisation has unlimited resources for security. I help clients to find the right balance by providing that much-needed wraparound service so their systems, data, and business practices are protected.
A day in my working life
There’s never a dull moment when working in cyber or information assurance! Assurance management is about deploying a combination of tools, technologies and techniques that focus on cyber security, information security and risk. My job is to make sure they all work together to create the right level of confidence for my clients’ day-to-day operations, and to support them through major reforms and digital transformational programmes. For example, I worked with HM Courts & Tribunals Service to securely launch its online service as part of a £1 billion digital transformation project. I was part of the team that helped to modernise their information assurance programme to support agile releases of new digital services.
One of the most rewarding aspects about my role is the opportunity I have to educate others about cyber assurance and security. I get a great sense of achievement helping people understand what threats might exist so they can factor them into their business planning. Helping others is also what drives my approach as a leader in our information assurance team. I believe leadership is about setting people up for success – empowering those around me with the skills they need to be confident, fulfilled and independent. My job is about doing the right thing, not the easy thing. When people come to me with an issue I act as a sounding board, helping them to rationalise and solve their problem. This approach of guiding rather than directing means we not only address the immediate challenges but also build a stronger sense of self-empowerment and ownership.
Career highlights
Helping others to achieve their potential is what I enjoy most. Volunteering has always been a big part of my life – whether becoming a scuba diving instructor, being part of a Cliff Rescue Team in Wales or fundraising for the Royal British Legion’s Poppy Appeal. Supporting the development of young cyber professionals has also been a top priority for me, which has led me to oversee 6point6’s corporate sponsorship of the UK Cyber 9/12 Strategy Challenge. Having volunteered as a judge since 2021, it’s fantastic to see university students come together to solve brilliantly complex problems. I’m passionate that we leverage our support to make a career in cyber really tangible for young people, connecting our cyber specialists within 6point6 with the next generation of tech leaders and policy makers, inspiring them to use their talent to do amazing things.
Another top highlight has been leading a volunteer response to support the White Eagle Club, a community centre in London that had been overwhelmed with humanitarian aid for refugees in Ukraine. After an unprecedented response from the community, the centre needed support with resources and logistics to process the tonnes of donations pouring in. 6point6 funded the provision of vans and gave us time to transport, sort and store donations for delivery to Ukraine. As a result, we shifted 17 tonnes of aid in a single day – something that wouldn’t have been possible without help from volunteers across the business, including members of the leadership team.
Information assurance is one the best jobs in the world because…
If you like varied work dealing with a constantly changing landscape, then information assurance is your calling. Every client is different and will come with a different set of challenges. Working at 6point6 has an extra advantage as it involves driving security assurance programmes for some of the most high-profile institutions operating in complex areas like defence or the public sector. Ultimately, we’re building and protecting the systems that process the sensitive information of millions of people.
As an assurance manager, problem solving with confidence and leading with evidence are crucial components of our role. This is where security reporting and data come into play. A key aspect of working with clients is how you communicate risk. You need to be able to cut across the jargon to provide real and practical advice for a non-technical audience. Taking your clients on a security journey means injecting an element of co-design, where you help them spot future risks and problems and collaborate with them to find solutions.
Andy Kershaw, Principal Consultant, Information Assurance at 6point6 | Part of Accenture
Andy is a highly experienced, adaptable and articulate cyber consultant, operating across a diverse spectrum of environments successfully delivering information assurance, cyber threat intelligence and cyber education. Since 2021, Andy has served as a judge and masterclass presenter at the UK Cyber 9/12 Strategy Challenge, helping to nurture the next generation of policy and strategy leaders for the cyber security challenges of the future.
