Talking cybersecurity and diversity with Des Massicott
What does it mean to be an inclusive events employer? And why is diversity particularly important to cybersecurity? Des Massicott, Chief Information Security Officer for RX, was recently named amongst the UK’s top cybersecurity leaders. He shares his insights and his own career journey.
Q1. What attracted you to information security as a career?
It started a long time ago when I was a teenager. I have always been inquisitive and like taking things apart, software and hardware. I was a ‘hacker’ in the old sense of the word – it never used to have a negative connotation. I would reverse engineer games to achieve the best scores and dismantle hardware to see if I could improve on those hardware devices. I have always been inquisitive and that lit the spark that got me interested in technology.
Q2. Tell us about your journey to RX and your current responsibilities.
My very first job in tech was with British Telecom. This was followed by five years as a Technical Team Leader at Computacenter and 10 years at Sony/Sony Ericsson where I was appointed Security Compliance Officer in 2006. After gaining further experience with Rolls Royce and Sainsburys as a senior security analyst I joined RX in 2013 as Global Cyber Security Manager, becoming Chief Information Security Officer in 2019. Today I lead a team that manages the global security of RX, which has 3,500 employees, and over 400 in-person and online events in 22 countries. I am responsible for creating and developing cybersecurity policies, procedures, and standards, and collaborating with business and technical leaders to implement these policies.
Q3. What are the key challenges you face?
I became the CISO for RX at a particularly challenging time when COVID forced us to transition very quickly to digital and hybrid events, with all the additional cyber exposure this brought. I have had to build a team from scratch, which includes supporting radical career transition paths (including one from legal publishing!). My approach is focused on ensuring diverse talents (race, gender, background, thought) and a strong community culture both within the security team and across the wider business. Key to our success is our shared services support team in the Philippines who provide round-the-clock support for increasingly complex challenges, which has grown from two members in 2021 to 12 in 2022.
Q4: Why is it important to have a diverse cybersecurity team?
Cyber security is not just about technology, but it’s also about people, process and problem solving. People approach situations differently, based on their skills and personal experiences, and just as people who carry out attacks don’t all look the same, or come from the same background, diverse teams are more alert to, and better equipped to deal with, a wider range of cyber threats. And yet, according to the latest NCSC report on diversity, just 15% of UK professionals working in the cybersecurity identify are from black, Asian or mixed ethnic groups, and 36% identify as women. On my team I have several women and an African American who I consider to be among the best in the business. Neither of them are from a cyber security background, and both are excelling. As a company we are heading in the right direction, but there is much more to do.
Q5. As a person of colour in tech what kind of personal challenges have you faced in your career?
I have experienced racism both in the workplace and outside it. It has guided me and shaped me, but it hasn’t deterred me. Instead, I have used it, working doubly hard to achieve my goals and to become a better person, both in and out of work. My experiences have also taught me the power of support and mentorship. During the past three years, under Hugh Jones’ leadership, there has been real change at RX, with diversity and inclusion now at the heart of our company culture. I was recently contacted by a member of my team – a person of colour – who said she felt empowered seeing me in my role and that it made her believe that she can achieve her ambitions too.
Q6. Tell us more about RX’s inclusive culture
RX has formed Global Diversity Committees for different diversity dimensions, to help drive achievement of our inclusion goals around race and ethnicity, gender equity, LGBTQIA+ and gender identity, disability, and generations. We also have a network of Employee Resource Groups (ERGs) which give everyone in RX a voice. I was a founding member of the race committee which aims to push our diversity agenda across the business both internally and externally; and last year I was asked to share my career story at a RELX-wide event organised by our African American Network in the US.
Q7. In 2022 you were named among the UK’s top 30 IT leaders in the annual CSO 30 UK awards. What does it mean to you?
I was honoured to receive the award in recognition of our Cyber Security programme and gratified to accept it on behalf of RX, my Cyber Security Team, and our Executive Leadership Team. CSO30UK plays an important role in recognising cybersecurity challenges, including stress, burnout and mental health in cybersecurity, improving diversity & inclusion and cybersecurity awareness. I am inspired to continue my journey in improving diversity and inclusion within RX and the wider cyber security community, and to help address the skills gap through mentoring the next generation of diverse cyber security talent.
Q8. What advice would you offer minority candidates looking to further their cybersecurity careers?
Studies have shown that women, people of colour and people with disabilities are less likely to apply for jobs unless they meet every single qualification. At RX we are dedicated to building a diverse and inclusive cybersecurity team, so if you’re excited about a role but your experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply. You may be just the right candidate for this or other roles!