My journey into cyber leadership started over 20 years ago, working within industrial control systems or Operational Technology as it is more commonly known in 2024. I still recall the organisational preparations and tests I put in place to mitigate the impact of the “millennium bug” and the global hysteria around what this could mean for businesses and users that had grown reliant on computer-based systems during everyday life.

More than 20 years later coupled with the exponential increase in the use of computer systems and the internet, the exploitation of similar but considerably more complex vulnerabilities within these systems is the goal of the cybercriminal. Today’s cyber risks are significant. To mitigate these risks whilst benefiting from the use of advanced digital capabilities, businesses need highly capable cybersecurity leaders to ensure safe, secure and sustainable business operations into the future. This was my motivation for joining the Lancaster University Cyber Security Executive MBA (CEMBA) programme.

Re-entering part-time study, I had all the usual concerns around balancing study with work and family commitments, along with overcoming the technical debt I had built up since my early career studies. The CEMBA team were on hand to help with all these concerns. I very quickly settled into understanding how to use the online resources and to make use of them in my own time and at my own pace. The face-to-face contact time of around 3 days (Thu - Sat) every 6 weeks was demanding but achievable and modules were balanced between leadership, business, cyber technical, group working and role-played cyber security event scenarios.

The study of cyber risk was a personal highlight that included the quote, “Computers don’t hack computers, people hack computers”. Behaviours are key, insider risks are real and people vulnerabilities can be targeted in combination with technical vulnerabilities. I expect Cohort 2 are currently debating this in the context of AI, underlining how quickly technology is progressing as both an enabler to society but also as a source of potential cyber risk.

Whilst I was aware of cyber-attacks such as WannaCry, Stuxnet, Solarwinds and Notpetya, I now have these and many others as detailed reference cases for what can happen to businesses and people in the event of a successful cyber-attack. As I write this blog in May 2024, there have been 2 cyber security news stories scrolling across my screen. The first was a ransomware attack on an NHS trust and the second was a suspected nation-state cyber-attack on a UK government department. Headlines of this type are becoming all too frequent and underline the need for highly capable cyber leaders. These leaders need to understand evolving cyber risks, ensure cyber is recognised as a board level business risk and mitigations are delivered through effective policies, strategies and plans - all of these aspects are covered within the CEMBA.

There is no doubt that my dogs have had fewer walks, the DIY jobs have backed up, and withdrawals have been made from my emotional bank accounts, particularly my wife, to whom I am especially grateful. However, I have learned an incredible amount and met some fantastic people studying the CEMBA at Lancaster University. The academic experts, the industry leaders, and the programme support teams have all been excellent and fully invested in supporting my cyber leadership development journey. A big thanks to you all.

Progressing into the final stages of CEMBA and reflecting on my own journey, was it worth it? Absolutely. Would I recommend this course to other aspiring cyber leaders? Definitely.

Author

Lee Carr MSc BEng CEng FIET is part of the first cohort of Cyber Security Executive MBA students. Lee currently works for the Nuclear Decommissioning Authority.

Related Blogs

• 

  Educational Profile of a Cybersecurity Leader

• 

  MBA Movers and Shakers March 2024

• 

  MBA movers and shakers December 2023

Disclaimer

The opinions expressed by our bloggers and those providing comments are personal, and may not necessarily reflect the opinions of Lancaster University. Responsibility for the accuracy of any of the information contained within blog posts belongs to the blogger.