Lädt...


📰 The Royal Mint’s diversification means all change for IT and security


Nachrichtenbereich: 📰 IT Security Nachrichten
🔗 Quelle: cio.com

It’s a new era for The Royal Mint, Britain’s oldest recognised company and the official maker of UK coins.

Six months have passed since the death of Queen Elizabeth II, but that’s not all that’s changed at an institution established back in 886 AD. More recently, The Royal Mint has evolved its business model in the face of declining cash usage, from its core business of coins and metal manufacturing through to bullion trading, a new consumer business and jewellery line, as well as tentative steps into digital gold and recycling e-waste.

It makes a challenging proposition for Rich Hobbs, The Royal Mint’s group technology director, tasked with not only supporting business transformation, in areas as wide-ranging as e-commerce, CRM and data analytics, but also ensuring cybersecurity isn’t forgotten at a time Royal establishments are seen as fair game for newly-minted cybercriminal groups.

The Queen’s death brings e-commerce innovation

Hobbs joined The Royal Mint in January 2020, bringing 20 years of experience from financial services, where he worked for Barclays Bank, Barclaycard, Lloyds Banking Group and Admiral Insurance.

Now as group technology director at The Royal Mint, a limited company wholly owned by HM Treasury, Hobbs has looked to transform the technology landscape, modernise cybersecurity, and grow the IT function amid the organisation becoming, in his words, “more of a suite of businesses”.

The technology team has grown from 25 to 60 people over the last three years, with Hobbs now supported by heads of development, data, operations and digital performance, as well as a CISO and head of delivery. He says that IT remains largely in-house across helpdesk, data analytics, cybersecurity and development, bar small pockets of outsourced capability for software development and testing, and suggests that business growth hasn’t been the only challenge—not least in the days after Queen Elizabeth II’s death last September.

Hobbs says a hive of activity kicked off, noting new projects to redesign the website, for content delivery, and greater web resilience and security. The Royal Mint also had to prepare for the launch of the King Charles III coin.

“As a function, I brought together a core team and we started addressing the immediate needs,” he says. “Starting with the website, we needed to build new content and elevate existing content to reflect the event, which included a number of new web pages being built. As our link to the monarchy is extremely strong, we quickly recognised the need to ensure our website was prepared for the considerable interest from the public globally. We needed to scale up our platform and make sure customers still received the great experience they were used to.”

Cybersecurity threats require business language lift

This heightened business demand, along with the Royal moniker, does, however, come with risks. In the aftermath of the Queen’s death, Hobbs says there was a surge in website visits and online transactions—with up to 40 transactions a minute in an 18-hour period. An unfortunate by-product was a variety of cyberattacks.

“Our attack surface is huge,” says Hobbs. “Our [network] perimeter is scanned 30,000 a day.” This he attributes to the ‘Royal’ name, press coverage of new collector coins, and cybercriminals looking to disrupt service through DDoS attacks.

Hobbs has nonetheless looked to modernise security by communicating with the board and raising the business risk, working hand-in-hand on aligning tech and security objectives with CISO Rich Fowler.

The Royal Mint now sees cybersecurity as a competitive advantage over its competitors, boldly proclaiming its intention to be the most secure mint in the world. Yet Hobbs admits there was a degree of fortune about the timing.

“We’ve been lucky that our transformation of cyber happened with digital transformation, so the last two years we’ve talked a lot to the board about technology,” he says, adding that even as a non-executive member (he reports to head of supply chain), he’s been to the boardroom approximately 50 times during this period.

“We’ve had to lift the language,” he adds. “[Members of the board] don’t care only about the technology. What they need to make sure is that the system is up and running—and it’s delivering for our customers.”

To land his message about cybersecurity, Hobbs said there was a focus on transparency and business language in the boardroom.

“We simply took away the technical detail and focused on a single goal that our executive team could buy into,” he says. “We used a security scorecard benchmark and said we could become the most secure global mint.” They then reported back on the score’s movement of the score, going from68 to 98 in a year based on 10 core security metrics provided by securityscorecard.com, with 100 meaning there were no vulnerabilities on the visible attack surface.

“At each release point, or vulnerability fix, we noted the score change and then reported it and its causes,” he adds. “For example, we undertook a three-week vulnerability hackathon where all operations resources were allocated to cyber tickets. The responding improvement in score outlined two critical levers we could pull to improve our score: increased visibility of vulnerabilities allows for better prioritisation, and focused resource over a short period of time can make real-world improvements.

“It made further discussions with the exec more black and white without the need for more detailed, technical discussions.”

Talent pipeline starts with valued university partnerships

Staff attraction and retention have been similarly challenging, especially in Llantrisant, southeast Wales, where The Royal Mint is based.

The firm is competing with Lloyds Bank and local start-ups for tech talent, but Hobbs attributes his growing team to robust professional development pathways, workplace flexibility and an expanding footprint at the local university. He’s also realistic that IT team members may one day move on.

“We’re really strong in accreditation, so every member of the technology team has an individual career path,” he says. “And included in that is, what accreditations do you want? How do they benefit you? How do they benefit the business? And if there’s a point in two or three years where someone says, ‘I don’t think you can give me anything more here’, then I’ll happily help you find something else.”

To develop this strong talent pipeline, The Royal Mint has partnered with the University of South Wales and the National Cyber Security Academy, while working with the Network 75 scheme on technical apprenticeships. Three of the team—two cyber engineers and a risk manager—were hired directly from the University in their third years, prior to graduation.

“We work closely with the University of South Wales, National Cyber Security Academy, and support them in a number of ways,” says Hobbs. “We undertake project and dissertation support, guest sessions with students, and also provide case study scenarios for assessments. In return, we get the opportunity to scout for talent among their undergraduate population and perhaps beat the competition to the punch when recruiting.”

The future is about modernisation and experimentation

The future, says Hobbs, is about continuing to strengthen the firm’s cybersecurity posture, enhance the e-commerce experience, migrate the server stack to Microsoft Azure, and continue inroads with its new data strategy and ERP implementation.

He says nothing is being held back yet despite cost-of-living pressures and recession, with experimentation underway on VR training, and leveraging AI and digital twin technology to digitise manufacturing processes. “We’ve made huge strides in all aspects, from strategic planning, tactical implementations, recruitment, technology enablement and engagement with the business that it’s really hard to not be overambitious with our plans for the next year,” says Hobbs. “We’re now in a position to stabilise these huge improvements and start to scale activity.”

Data and Information Security, Digital Transformation, IT Leadership, IT Management, IT Operations
...

📰 The Royal Mint’s diversification means all change for IT and security


📈 83.32 Punkte
📰 IT Security Nachrichten

🔧 Tìm Hiểu Về RAG: Công Nghệ Đột Phá Đang "Làm Mưa Làm Gió" Trong Thế Giới Chatbot


📈 39.47 Punkte
🔧 Programmierung

📰 SHARED INTEL: The non-stop advance and diversification of ransomware extortion tactics


📈 31.91 Punkte
📰 IT Security Nachrichten

📰 ASX thanks tech diversification play for AU$242 million first-half profit


📈 30.3 Punkte
📰 IT Nachrichten

📰 Cloud diversification brings complex data management challenges


📈 30.3 Punkte
📰 IT Security Nachrichten

🍏 Apple instructs suppliers to source batteries from India in supply chain diversification effort


📈 30.3 Punkte
🍏 iOS / Mac OS

🐧 I made Firefox themes that are based on Linux Mint's Mint-Y and Mint-Y-Dark themes.


📈 30.23 Punkte
🐧 Linux Tipps

🐧 Today I learned Open Source means never achieving a Return on Investment...Royal TS


📈 27.06 Punkte
🐧 Linux Tipps

🎥 Autonomous - I don't think that word means what you think it means - ESW #359


📈 25.88 Punkte
🎥 IT Security Video

🍏 AI: A Means to an End or a Means to Our End?


📈 25.88 Punkte
🍏 iOS / Mac OS

📰 Royal Australian Mint Releases Coin With Code-Breaking Challenge In the Design


📈 23.66 Punkte
📰 IT Security Nachrichten

📰 Plans For Royal Mint NFT Dropped By UK Government


📈 23.66 Punkte
📰 IT Security Nachrichten

📰 UK Royal Mint To Extract Gold From E-Waste


📈 23.66 Punkte
📰 IT Security Nachrichten

🐧 It's 2020, and that means it's time to change "disk space" to "storage media. "


📈 22.29 Punkte
🐧 Linux Tipps

🍏 How to change iPhone name, rename AirPods, change names of Apple Watch or iPad, and all your Apple devices


📈 22.26 Punkte
🍏 iOS / Mac OS

📰 Durov, Musk, and Zuckerberg: Tech Oligarchs Cry Censorship and What It All Means


📈 21.35 Punkte
📰 IT Security Nachrichten

🪟 Persona 5 Royal to include all DLC on Xbox and Windows PC


📈 20.91 Punkte
🪟 Windows Tipps

📰 Linux Mint 19 and Linux Mint Debian Edition 3 Announced, Coming 2018


📈 20.69 Punkte
📰 IT Security Nachrichten

🐧 How to dual boot windows and mint starting off with mint.


📈 20.69 Punkte
🐧 Linux Tipps

🐧 Linux Mint 20 Reveals New Mint-Y Theme Changes And More Features


📈 20.69 Punkte
🐧 Linux Tipps

🐧 Upgrade to Linux Mint 21 and 21.1 from Mint 20.3 [Complete Guide]


📈 20.69 Punkte
🐧 Linux Tipps

📰 The change means apps that let people mine coins on their phones will soon be purged.


📈 20.67 Punkte
📰 IT Security Nachrichten

📰 The current rate of technological change means lifelong-learning is now a must


📈 20.67 Punkte
📰 IT Security Nachrichten

📰 Change Means Business: Apple-Veranstaltungen von und für Gründer


📈 20.67 Punkte
📰 IT Nachrichten

🍏 Supreme Court decision means major iPhone app change is on the way


📈 20.67 Punkte
🍏 iOS / Mac OS

matomo