'We deliver options to ensure the most informed decisions are made'
With the increasing reliance on digital technologies and online services, cybersecurity has become an indispensable aspect of ensuring business continuity and mitigating cyber risks that can harm reputation, financial stability, and customer trust.
Computing's Security Excellence Awards honour the companies and individuals keeping the rest of the industry - and in fact, every industry - safe.
This year's winners will be announced at a live awards ceremony on Thursday, 27th April in London.
One of those finalists is Neil Peacock, CISO at Next Generation Security (NGS) UK, on the shortlist for CISO/CSO of the Year.
We talked to Neil Peacock to ask him more about the company's priorities for the next 12 months.
Neil is an (ISC)2 Certified Information Systems Security Professional (CISSP) in good standing with over 20 years in the IT industry. Having worked for NGS and Epaton for 5 years, Neil is also responsible for the NGS' successful Virtual CISO service, designed to help businesses make strategic security decisions, manage their security risks, and provide ad-hoc help whenever it is needed. As a Cyber Essentials, IASME IG and IoT Lead Auditor, Neil's extensive knowledge is second-to-none, evident in the growing Technical team's capabilities and impeccable customer feedback. Neil also offers ISO27001 consultancy and is supported by a full governance, risk and compliance team.
Computing: Please provide some background on your company for our readers.
Neil Peacock: Formed in 2018, Next Generation Security (NGS) are independent, trusted advisors, providing all-encompassing solutions from the best-of-breed technology providers. As recognised by leaders within the cyber-security industry, NGS constantly research the threat landscape and how to protect our client's critical assets. We deliver options to ensure the most informed decisions are made, offering consultation and pre-sales services, then supply, install and support services, providing everything from concept to completion.
With growing sales and technical teams in both our Leeds and London offices, Next Generation Security is supported by dedicated and passionate experts with an excellent understanding of our client's requirements and budgets. Through our managed, technical and support service offerings, we position ourselves as an extension of your IT team.
What makes you different from other technology companies?
Our broad range of services enables us to differentiate ourselves from other resellers and solution providers. We also have another company, Epaton, a vendor-independent specialist in next generation storage and backup technologies, which allows us to have an extensive understanding and knowledge of the cyber industry landscape. By working for two companies that collaborate, we are able to advise our 200+ customers about different technologies that fit their requirements. An example of this is our virtual CISO service, which I deliver to many customers.
As a security practitioner, I use my culmination of cybersecurity and industry experience to help organisations with developing and managing the implementation of their security strategy, along with presenting the state of their IT to the board, executive team, auditors and regulators. With CISOs being in demand, but challenging to recruit due to budgets and experience, this service is a consumption-based option, where I perform the tasks based on the agreed scope of work. I am able to use my experience, along with the wider technical team at NGS, to offer consultancy and then deliver the service. As an extension of an organisation's team, we are able to tailor the service to individual needs and support throughout the process, whilst offering impartial advice and acting in our customer's best interests.
Personally, I believe our technical expertise is second to none. This is evident through NGS having two Juniper Global Ambassadors within the technical team, as well as a full time penetration tester and Governance, Risk and Compliance department. Internally, we run regular enablement and refresher sessions for the Technical, Sales and Marketing departments to keep staff updated with topical issues, technologies and service offerings. We find this incredibly beneficial to staff individually, which positively impacts our growth as a business.
What one company achievement in the last 12 months are you most proud of?
Over the past year, we have been delivering a number of programmes and services to our 200+ customers, to improve security performance and provide visibility for all our customer's security posture. Our Technical team delivers services to over 100 customers including Virtual CISO, penetration testing, Checkpoint consultancy and managed service for Microsoft Sentinel, to name a few.
We are continuously designing, implementing and delivering services including our new managed SIEM through Microsoft Sentinel, which has been particularly successful within the public sector, with our most recent win being with an NHS trust. Through intensive research and analysis, our team has been able to create and deliver this service in less than 12 months. In house analysis of market verticals is conducted to reduce MITRE attacks, which we then apply to our customers to give them actual risk reduction by understanding threat actors in their sector.
What are you working on this year?
2023 is another busy year for us here at NGS, as we are expanding our delivery for Critical National Infrastructure (CNI) and Operation Technology, for the GOV Assure scheme and Civil Aviation Authority (CAA). This provides great opportunities for us as a business as well as developing our understanding of the critical infrastructure threat landscape.
We are also continuing on our ISO 27001 certification journey. We have completed Stage 1, are on track to complete Stage 2 and are working towards SOC2 (Systems and Organisation Controls 2), with an estimated completion date of 2024. SOC2 compliance means that a company has established and follows strict information security policies and procedures, which takes a significant amount of planning and work to achieve. We believe this is highly beneficial for us as a business, as it distinguishes us from other resellers and technology providers, along with protecting our company.
Additionally, we have maintained all certifications, including IOT Assurance, Cyber Assurance Scheme and the Cyber Essentials Scheme, which we will continue in 2023.
Why are events like Security Excellence Awards important to the IT industry?
In an ever-changing industry, it is brilliant to have events like the Security Excellence Awards in the calendar, as it showcases individual talent who are making waves within the cyber-space. To be personally recognised for my work is humbling, especially when nominated alongside excellent talent as I have been this year. Like any industry, it can be easy to get lost in the general hustle and bustle and these award ceremonies are a great reminder that the hard work is worth it. It also provides a good opportunity for our company to receive recognition and highlight our extensive capabilities.