Home>Security>Cyber Crime>National Cyber Security Centre appoints Lindy Cameron as new CEO
Home>Security>IT Security >National Cyber Security Centre appoints Lindy Cameron as new CEO
Home>Security Matters>Security Matters>National Cyber Security Centre appoints Lindy Cameron as new CEO

National Cyber Security Centre appoints Lindy Cameron as new CEO

05 August 2020

THE NATIONAL Cyber Security Centre – itself a part of GCHQ – has announced that Lindy Cameron will become its new CEO. Cameron will lead the UK’s principal technical authority on cyber security as it continues to help make the UK the safest place in which to live and work online.

Cameron’s role will include overseeing the organisation’s response to hundreds of cyber incidents each year, improving the cyber resilience of the UK’s Critical National Infrastructure, identifying the risks and opportunities for the UK in emerging technologies and leading the NCSC’s ongoing response to the Coronavirus pandemic.

Cameron joins the NCSC with over two decades’ experience in national security policy and crisis management. She’s currently second in command at the Northern Ireland Office and was previously the director general responsible for the Department for International Development’s programmes in Africa, Asia and the Middle East with a budget of £4 billion per annum and over 30 country offices. Cameron was appointed CB in Her Majesty The Queen’s 2020 New Year’s Honours List for her services to international development.

Looking back, Cameron started her career in the private sector with McKinsey and has served across Government at home and overseas, including in Baghdad and Kabul with DFID and in Helmand for the Foreign Office. She was in the Cabinet Office during the 2008 financial crisis and is a graduate of the Ministry of Defence’s Royal College of Defence Studies.

Transformational approach

Commenting on her new appointment, Lindy Cameron said: “Over the past four years, the NCSC has transformed the UK’s approach towards cyber security and set a benchmark for other countries to follow. I’m delighted to join the NCSC and relish the opportunity to take this world-leading organisation to the next level.”

The position of CEO at the NCSC is a director general level appointment within GCHQ and reports directly to the organisation’s director Jeremy Fleming, who stated: “I’m excited to welcome Lindy to the NCSC and GCHQ. She joins at a time when cyber security has never been more essential to the nation’s resilience and prosperity. Lindy’s unique blend of experience in Government, her work overseas and in security and policy issues make her the ideal leader to take the NCSC into the next stage of its delivery.”

Cameron will formally become CEO in October following a handover period with her predecessor, Ciaran Martin. Martin, who was appointed as the GCHQ Board member for cyber security back in December 2013 and set up the NCSC in 2016, will remain CEO until 31 August.

Fleming added: “I would like to thank Ciaran Martin for the way in which he has pioneered cyber security in the UK. He leaves the NCSC having led the development of a world-leading capability. We wish him the best of success as he embarks on the next stage of his career in academia and business.”

Oxford University has announced that Martin will be taking up an appointment as Professor of Practice in Public Management based at the Blavatnik School of Government. His new appointment at the University of Oxford – which has been made in full accordance with the Business Appointment Rules for Civil Servants – will commence on 1 September.

Commitment to diversity and inclusion

The news of Cameron’s appointment emerges in parallel with security chiefs committing to lead a drive towards improving diversity and inclusion in the workforce after the publication of a major survey.

The NCSC and KPMG UK have jointly published the first annual Decrypting Diversity: Diversity and Inclusion in Cyber Security report which sets a benchmark for improving the experiences and opportunities for existing and future staff working in the industry.

The report provides a mixed picture, revealing that in some areas minority representation was above average for the country, but also highlighting discrimination and a lack of inclusivity across gender, sexual orientation, social mobility and ethnicity. It finds that there’s more to be done by the industry.

In addition to accepting all of the report’s recommendations, the NCSC has committed to publishing specific actions designed to improve diversity and inclusion within the organisation before the end of the year.

Ciaran Martin explained: “It cannot be right that, in the year 2020, there are still people within our industry who feel they cannot be themselves or who face discrimination because of who they are. This report should drive our determination to act. There is far more to do on diversity and inclusion and the NCSC is determined to be a leader in this field, but a cross-sector effort is required. I urge all cyber security leaders to read the report and act on it.”

The recommendations in the report – which are published on the NCSC’s website – urge cyber security leaders to become accountable for diversity and inclusion within their organisations and set up comprehensive analysis of data to understand and track representation within their workforce.

The NCSC also calls for the industry to significantly improve how it learns from Best Practice both within the cyber security sector and other areas.

Innovation and inclusion

Bernard Brown, partner and vice-chair at KPMG UK, commented: “If the UK is to continue to play a leadership role in cyber security, we need to create an innovative and inclusive workplace that attracts the finest minds from our communities. Highly-skilled cyber security specialists are an imperative in a rapidly expanding digital economy supercharged by COVID-19. Our findings show that the cyber industry has a lot to do if it’s to build truly inclusive workplaces. The report provides a route map for change and a call to action for a collective response to the issues raised.”

Among the report’s findings – which were collated based on responses from no less than 1,252 cyber security professionals – are the following:

*Female representation in the industry is 31%

*LGB representation is higher than the UK average, with 10% of respondents identifying as lesbian, gay or bisexual compared with 2.2% in the general population (ONS: 2020)

*The ethnic diversity of the workforce is broadly similar to that of the UK population

*41% of black, African, Caribbean or black British feel confident in their identity within the workplace compared to 75% of white respondents

*14% of respondents experienced barriers to career progression and/or resigned because of their employer’s approach to diversity and inclusion issues

*74% of negative incidents as a result of diversity and inclusion were not reported

The survey on which this report is based was launched in February and sought to benchmark gender, sexual orientation, social mobility and ethnicity data across the cyber security industry as well understand issues around discrimination and inclusivity. The next iteration of the survey will seek to capture the nuances and issues within disability and neurodiverse communities across the cyber security industry.