Kurtis Toy is a Virtual Chief Information Security Officer (vCISO) and CEO of Onca Technologies Ltd who has been appointed as the Convenor of the CCoE. After gaining an MSc in Biology, Kurtis worked for an oil servicing company where he ended up working in IT. He became responsible for the IT information security in the company, leading to him becoming Global IT coordinator. He then gained an MSc in Information Technology, next becoming Global IT Team Leader before moving to Onca Technologies full time, which he established in 2016.

Further qualifications Kurtis has since gained include becoming a GDPR Foundation and practitioner (Data Protection Officer), ISO 9001 internal auditor training and ISO 27001 lead implementor. He is also a CISSP (Certified Information Systems Security Professional). He describes the CCOE as giving local authorities access to an umbrella of protection akin to a “validated Google of cyber security knowledge”.

Major General Martin Smith CB MBE is the Managing Director of CyberPrism, a cyber security company which protects Operational Technology (OT) and IT in the UK and internationally. Before joining CyberPrism, Major General Smith had a 33-year career in the Royal Marines, becoming Commandant General of the Royal Marines. He commanded the UK’s Amphibious Force and led the UK’s maritime counter terrorism force. He also founded the unit known as 30 Commando Information Exploitation Group.

Major General Smith is pleased to be part of the CCOE advisory forum. “CyberPrism fills a gap in that there is very little knowledge and experience in operational technology in the marketplace. Playing our part in the CCOE helps fulfil the full range of services needed by local authorities to address their cyber vulnerabilities. The CCOE is an initiative in which no single company is pretending to be able to do everything. It is a joint force of a range of experts in their own fields which will work for the good of the public sector.”

CSA began as a consultancy practice and still offers this trusted advisor service helping clients with aspects of cyber security such as assessments, help gaining certifications, incident response and general cyber road maps and development. Before starting CSA, David had a career spanning 28 years in the Royal Airforce, where he undertook a range of roles related to cyber security, including holding the position of Commanding Officer of the Ministry of Defence Cyber Defence Unit.

“The CCOE is both an information sharing platform and a one-stop-shop offering a framework of services so local authorities won’t have to go to twenty vendors, they can just come to a safe pair of hands and know that if they buy something approved by the CCOE then it is world class. We can also share intelligence on threats and lessons learned which will be invaluable to public bodies. Being a member of CCOE may stop any future attacks through monitoring and sharing information and, if the worst does still happen, the CCOE can help with key aspects of recovery and help improve the ongoing cyber security posture.”

Sandip Patel has been a Barrister for more than 30 years and was appointed Queen’s Counsel (QC), now King’s Counsel (KC), more than ten years ago. He became involved in cyber security law after being asked to prosecute several cases for the Crown Prosecution Service. His cases have included that of Glenn Mangham who stole Facebook’s source code from his bedroom in North England using an ordinary desktop computer and Seth Nolan-Mcdonagh, the boy who ‘almost broke the internet’. Sandip is also Director of cyber security consultancy Quantum Resilience International and Chief Legal Advisor at OSP Cyber Academy.

He is pleased to be involved with the CCOE to contribute knowledge of legal compliance and advising how this might evolve by looking to other countries. However, he warns that legal compliance is the minimum organisations should aim for. “Regulatory compliance is not cyber security in my view. We know local authorities are extremely vulnerable and I am pleased to play a part in helping protect these organisations.”

OSP Cyber Academy is a managed service provider of cyber, information security, data protection training and education programmes. Irene joined OSP Cyber Academy after a 30-year career in the police force in a variety of roles, including that of Chief Inspector for recruitment within Police Scotland. During her career in the police force, Irene held various roles which centred on protecting people’s data, including as Detective Inspector of the Public Protection Unit at Grampian Police. In this position she was Project Manager of the Grampian Police Vulnerable Persons Database, a project which was then rolled out across Scotland. Coyle is also a Data Protection Officer, a NCSC Certified trainer and holds a teaching degree.

OSP Cyber Academy has joined with the CCOE to provide member access to its suite of training tools. “To be involved with the CCOE is great. This new group wants to provide the best that it can for local authorities which is admirable. It is not about driving high profit for the experts involved, it’s about driving the cyber resilience capability across communities. I am excited to see where it goes and being part of building cyber resilience across the public sector.”

Tommy has previously held various roles in training auditing and safety, including several positions in the energy sector. As someone with a wide range of industry contacts and knowledge, Tommy has been instrumental in helping to establish the advisory forum for the CCOE. OSP Cyber Academy are a UK Government-certified managed service provider of cyber, information security, data protection training and education programmes. The company has joined with the CCOE to provide its members access to its suite of training tools.

“In the last five years I have been involved with just about every cyber organisation there is in the UK and overseas. The CCOE is one that has been designed and set up to make a difference and to deliver, as opposed to just talk about delivering.  The problem with cyber is that it is an ever-evolving threat landscape and things change so rapidly that the only way you can stay resilient is by keeping up to speed with what is going on. I think the CCOE will do this and has the capability to deliver for all local authorities.”

Colin Jupe is CEO of Assurity Systems, a company which provides advanced cyber security solutions to a variety of sectors including local government. Prior to launching Assurity Systems, Colin held a management consulting role where he predominantly assisted technology companies with marketing and finance strategy and was also formerly Director of a marketing database and data processing company.

“UK government and PLC are under attack more than ever and those in charge of local government have enormous pressures extending from budgetary and personnel issues through to IT. Rich private organisations are poaching all the good cyber-IT professionals which means the public sector must outsource to get access to skills. The cyber protection industry is a vendor-led industry. Who can you trust? How do you know which is the best solution for your organisation? This is a difficult problem and understanding what solutions are good for today and fit for tomorrow is almost impossible without the sort of collaboration offered by the CCOE.”

Dougie started his career in the military and from there moved to the private sector working in IT where he became interested in cyber security. From here, he progressed into law enforcement, spending eight years as the Cyber Lead for the Police Service of Northern Ireland where he started building online investigative capability looking at the online components of crimes. He finished his public sector career in the City of London Police seconded to GCHQ and NCSC where he spent five years as a Senior Coordinator at the National Cyber Security Centre (NCSC). He remains associated to the NCSC as part of its Industry 100 (i100) initiative and holds an MSc in Forensic Computing and Cyber Crime Investigation as well as other certifications.

“Opportunistic attacks are one the biggest threats we face. Anyone from the comfort of their living room can scan internet connected systems and networks globally to see if they can get in find vulnerabilities and exploit them to gain access and disrupt them, sometimes with catastrophic impacts. We have got to ensure that everything being acquired or used by a council is secure at its core and that is not there yet. If you are in a council and you are going to procure equipment or deploy technology or systems it is essential to understand the risk and threat and impacts of attacks and breaches which is something the CCOE can assist with.”