Neil Peacock
Today’s hyper connected world has made cybersecurity vital for the safeguarding of confidential data and intellectual property, and the availability of critical infrastructure.
The Computing Security Excellence Awards recognise and celebrate the best in cybersecurity innovation and excellence.
Neil Peacock is CISO at cybersecurity specialist Next Generation Security UK, and finalist in the CISO/CSO of the Year category. He is an (ISC)2 Certified Information Systems Security Professional (CISSP) in good standing with over 20 years in the IT industry.
Having worked for NGS and Epaton for 6 years, Neil is also responsible for the NGS' successful Virtual CISO service, designed to help businesses make strategic security decisions, manage their security risks, and provide ad-hoc help whenever it is needed.
As a Cyber Essentials, IASME IG and IoT Lead Auditor, Neil's extensive knowledge is second-to-none, evident in the growing technical team's capabilities and impeccable customer feedback. Neil also offers ISO27001 consultancy and is supported by a full governance, risk and compliance team. In his time at NGS, Neil has implemented their internal ISMS from the ground up and maintained accreditation against ISO27001, as well as the certification against the Cyber Essentials and IASME Cyber Assured Schemes.
Computing caught up with Neil before the awards to reflect on some of the challenges of the last year and the opportunities ahead.
Please provide some background on your company for our readers. What makes you different from other companies?
Neil Peacock: Established in 2018, Next Generation Security (NGS) UK are specialist providers of cutting-edge cyber security solutions, recognised and trusted by industry leaders across numerous sectors.
Personally, I believe our technical expertise is second to none. This is evident through NGS having two Juniper Global Ambassadors within the technical team, both of which are published authors and experts within the field of networking.
We also have a full-time penetration-testing and Governance, Risk and Compliance department. This department delivers a large portion of our professional services, alongside hosting our status as an official IASME certification body. This enables us to deliver government recognised schemes such as Cyber Essentials, Cyber Essentials Plus and Cyber Assured.
Alongside this, we offer further consultancy services such as V-CISO and ISO27001 guidance.
What one company achievement in the last 12 months are you most proud of?
NP: To name one specific instance of company achievement, I would have to say the services and consultation we provided to a large and rather well-known public sector organsisation that unfortunately, suffered from a brutal ransomware attack.
Not only were we able to provide the necessary threat intelligence to understand how such an attack had occurred in the first place but we also aided the organisation's efforts to rebuild their systems from the ground up - only this time, with a greater emphasis and strong approach to security in mind.
A challenging and difficult experience for all involved but, one that the team here at NGS can really be proud of. We pride ourselves in going above and beyond and I feel that this is a great example of the expertise we have within our ranks and how effective we can be in keeping our customers' security posture as airtight as possible.
Why are events like the Security Excellence Awards important to the IT industry?
NP: In an ever-changing industry, I believe Security Excellence Awards provide a platform to showcase individual talents who are making waves within the cyber-space and celebrate their achievements within the field.
To be personally recognised for my work is incredibly humbling, especially when nominated alongside excellent talent as I have been this year. Like any industry, it can be easy to get lost in the noise and these award ceremonies are a great reminder that the hard work is worth it.
It also provides an excellent opportunity for our company to receive recognition and highlight our extensive capabilities to those that may not yet be aware of us.
What have been the biggest challenges of 2024 so far and how have you overcome them?
NP: Tight budgets, lack of resources and understaffed IT departments are just a few examples of industry-wide challenges, and almost no company is exempt. As a fractional CISO for organisations across both public and private sectors, I see different challenges affecting businesses at different times.
However, a widely discussed topic across the board is that of cloud security posture management. Effective CSPM helps organisations maintain a strong security posture by continuously monitoring and assessing their cloud infrastructure for potential risks and misconfigurations, which are to blame for 80% of ransomware attacks. It can be incredibly difficult and time consuming trying to get a clear understanding of an entire cloud infrastructure picture, often leaving IT departments unaware of their security risks and compliance issues. Implementing a solution that fits your organisation's requirements, whilst being easy to use and cost effective, needn't be a pain and this is a conversation we are having regularly.
What do you see as the main opportunities for the IT industry in the coming year? How do you plan to capitalise on those opportunities?
NP: 2024 has, so far, been no different to years prior as we have been as busy as we have ever been. We continue our journey of working towards achieving SOC2 (Systems and Organisation controls 2) which we strongly believe will distinguish us from other cyber-security resellers and technology providers, along with protecting our company.
We are also planning on aiding in the reduction of security gaps that we continuously recognised throughout 2023 and the beginning of 2024. As more and more organisations move to rely on SaaS based solutions and infrastructure, it is crucial that the appropriate steps are in place to keep these service models secure. An emphasis on threat intelligence, consolidation of security toolsets and minimising vulnerabilities through appropriate misconfiguration management are the three major points of focus that spring to mind.
The Computing Security Excellence Awards will take place on 2nd May in London. Click here to see the finalists and here to book your table.
