We meet with Roz Woodward to learn about Securious, a cyber security compliance company based at Exeter Science Park and the South West Cyber Security Cluster (SWCSC) a not-for-profit collaboration raising cyber security awareness and best practice in the South West.
Roz a director of Securious, is a qualified accountant (FCCA), and is an ISO 27001 Lead implementer and GDPR practitioner. Her background also includes roles as chief financial officer of an innovative mortgage broker and european director of finance for a pioneering mortgage lender.
Roz is a key steering group member of the SWCSC., the group enables professionals to work alongside the police to raise awareness of cyber security threats through events, independent step by step advice on its website and encouraging professionals to share knowledge and best practice.
Tell us more about Securious
Securious exists to help organisations understand where they may be vulnerable in terms of cyber and data security, and to provide clear steps and processes to help them mitigate these risks.
For example, any business that takes payments by credit card is at risk and Securious are proud to be a Payment Card Industry Qualified Security Assessor Company, (PCI QSAC) one of only 370 worldwide and the first Cyber Essentials Certification body in the South West. This means we can assess and advise on the systems in place to ensure compliance at the appropriate level. We are also ISO 27001 implementers, the International Standard for information Security, and are members of the BSI Associate Consultant programme.
Helping clients demonstrate that they are taking cyber security seriously is central to the service we provide. This process helps clients confidently demonstrate to their stakeholders that the organisation is compliant with cyber security standards such as PCI DSS, the Government backed Cyber Essentials Scheme and ISO 27001. It also demonstrates that appropriate controls are in place to meet the requirements of GDPR.
In this role we provide an independent overview working in partnership with organisations as their cyber security team. We also help them review and test their systems, and those of their third parties, through processes such as vulnerability scanning and penetration testing.
Providing qualified industry specialists and developing talent in the South West is a key part of our strategy. We are at the forefront of developing a leading-edge cyber security sector in the region, speaking regularly at events and with the media, as well as nurturing and encouraging young talent.
Tell us about your average day
My normal start at 6am is an early run, off road, with our dogs, followed by a 45-minute commute into the Science Park in Exeter, which is when I have time to think.
We focus on results, rather than on chargeable time, so I will spend time with clients, helping them to identify risks, showing them how to embed the necessary controls, and explaining everything from a non-technical point of view.
I am from an auditing background and one of the highlights of my work is learning about other businesses. You can learn a great deal by asking questions, and then listening, and seeing clients realise for themselves risks that they were completely oblivious to and then see them starting to take control of their own information security.
What do you wish other people knew about your work?
I wish more people understood how we can work most effectively and cost-efficiently as an internal resource for their business, helping them ensure information security is at the heart of their business operations and strategy, rather than waiting until something awful has happened and using us to mop up the mess. I also wish people could see how passionate we all are as a team about getting the results clients need within the time scales they need it, we genuinely all get involved with every client at some level.
What changes have you seen as tech has advanced?
Businesses are becoming more agile, and the opportunities to achieve accelerated growth are huge now. So far, many organisations, including large brands, have not built security as an important part of their growth plans. However, those organisations that are able to demonstrate a commitment to cyber security and best practice are now seeing significant benefits with increased trust in their business and brand, moving cyber security from a necessary evil to a market enabler.
How do you see the business developing in the next 5 years?
We have some very exciting projects in the pipeline including helping clients to automate and track their various cyber security compliance requirements and building our cyber security operations centre which will enable clients to monitor their networks against threats 24/7. There will increasingly be a requirement for qualified professionals, and we see Securious continuing to focus on developing local talent and being an employer of choice in our industry.
Why did you choose to base your business in Exeter?
Exeter has a real vibrancy with a lot of dynamic, entrepreneurial businesses starting to make waves on national and international levels. The city and its business community provide an environment where new businesses are supported and encouraged: we have a strong community spirit and celebrate the successes of each other and our city.
It goes without saying that we live in the most beautiful part of the country and from the first time I came here with my father in 1981 to visit the places he grew to love when he was evacuated here during the war, there was only ever one place I wanted to live and work.
www.southwestcsc.org The SWCSC publish a number of helpful guides if your business is facing a cyber security threat, see ‘URGENT HELP’ tab