AJ Bell Group

Is 'no' the only word the Information Security Team know?

5 minute read

You know the saying – before you judge someone, you should walk a mile in their shoes. Or something like that.

It’s easy to form an opinion of a person or a team, based on what you think you know about them. The Information Security Team is no different – I thought I knew what they did, but that was before I joined the team.

Now I’d like to share what I’ve discovered…

A bit of background

I joined AJ Bell in December 2013 and have spent most of my time in the Service Delivery Team, first as an Analyst fixing issues, then as a Team Leader, then Manager.

I helped ensure incidents were resolved and that teams across the business were able to do their jobs and provide the world-class service our customers have come to expect.

Although I worked with all parts of the business and tried as best I could to get to know them, I often only ever scratched the surface in understanding what they did and how their processes and procedures worked.

I guess I’m saying it’s often very easy, looking from the outside, to form an opinion of what a team does.

This is especially true for our Information Security Team, who in my interactions with them often seemed to be telling us what we couldn’t do – their favourite word seemingly was ‘no’!

I must confess, having spent so much of my career in a service role where I was there to help and support the business, saying ‘no’ goes against the grain and it did cause frustration.

Surely we just want to help the business achieve its objectives.

Under the wire

Earlier this year, after several discussions around my future ambitions and career path at AJ Bell, a new opportunity appeared. However, it meant that I had go under the wire and join the other side – Information Security!

I am now several weeks into my new role as an Information Security Operations Analyst, and you can guess what’s coming next…

My preconceptions about the Information Security Team were completely false.

It’s not about saying no or being a blocker – we are here to enable the business to function safely. So, you might think the internet filter is just stopping you seeing the content you want to view on the internet, when it is in fact monitoring and protecting our web traffic from external threats.

The same with the email system which filters our inbound and outbound mail, protecting us from harmful phishing attacks, amongst other threats (Patching & Phishing).

An eye opener

Seeing how much work goes into protecting our systems, let alone ensuring any new systems put in place are protected in the future is eye opening.

Given the nature of our business, there is a constant threat from the outside world.

One of our greatest battles is keeping the company safe, so sometimes that might mean saying ‘no’!

But hopefully, we should be saying, ‘…no we can’t do it that way because it’s not secure, but this is how we can do it and at the same time protect ourselves and our customers…’

I’d like to change the perception of the team. Hence this blog – well, it’s a start!

Let me know what you think and if you’d like to know anything else about the work of the Information Security Team.

By Stephen, Information Security Manager