Secret CSO: Andrew Barber, NTT Security

Secret CSO: Andrew Barber, NTT Security

Name: Andrew Barber

Company: NTT Security

Job title: Chief Information Security Officer

Date started current role: September 2018

Location: UK

Andrew Barber is Chief Information Security Officer (CISO) at NTT Security and joined the specialised security company of NTT Group in October 2015.  With over 30 years' experience of working with global organisations in highly secure environments he is responsible for defining and delivering the company's internal global information security strategy across all of its operating locations. Previously he has worked extensively in consultancy and CISO roles, and as a former member of Her Majesty's Diplomatic Service Andrew has specialist security experience working at the centre of UK government and in diplomatic missions overseas.


What was your first job? I joined the Diplomatic Service and went to work in the Foreign & Commonwealth Office (FCO), initially in London and then in various embassies in capitals around the world

How did you get involved in cybersecurity? In the early 1990s, on leaving the FCO where I gained a wide experience in the technical security field, and in ‘re-inventing' myself for a job in the private sector, it struck me that the dawning of the internet age might bring with it some security implications.

What was your education? Do you hold any certifications? What are they? Leaving school after my ‘A' levels I was not sure that further education was for me, so I applied to join the Diplomatic Service initially as a temporary measure. The rest is history.

Explain your career path. Did you take any detours? If so, discuss. After leaving the FCO I took a number of roles as a contractor, moving around various companies and organisations in several market sectors, gaining a wide experience of the application of information security across many disciplines. But I have remained firmly connected to the security world since my very first job as a junior diplomat.

Was there anyone who has inspired or mentored you in your career? In the early days I was very fortunate to work for and alongside many senior diplomats and politicians. My inspiration in the early years was probably Lord Carrington, a statesman and leader with immense intellect but also approachable and accessible whatever your seniority or job position, a quality I have tried to emulate and encourage in others ever since. I also remember his sense of humour and, when working as a member of his Private Office, being introduced to his two dogs - Keith and Prowse - who were always to be found lounging on the sofas: "They always have the best seats in the house" he would say - an old reference to the name of a famous theatre ticket agent.

What do you feel is the most important aspect of your job? Collaborating with others - individuals, teams or even organisations - and realising that achieving my goals is not something I can do on my own.

What metrics or KPIs do you use to measure security effectiveness? I follow what I call a ‘split horizon' approach: taking into consideration metrics and KPIs that measure, for example, the effectiveness of my information security management system (ISMS) alongside the operational reality (such as, how many security breaches or incidents are being recorded). It's no use having a top rated and certified ISMS if the state of our security controls on-the-ground is telling a different story.

Is the security skills shortage affecting your organization? What roles or skills are you finding the most difficult to fill? Most definitely. Our SOC operatives and engineers are the lifeblood of the company and this is a highly sought after skills area as you can imagine.

Cybersecurity is constantly changing - how do you keep learning? Apart from keeping up to date with various publications and attending conferences and seminars, I also make time to talk with our SOC staff that are at the cutting edge of cybersecurity - it's their job after all.

What conferences are on your must-attend list? I tend to look at this from a wider angle than just cybersecurity - from the viewpoint of our customers for example, taking into consideration the far-reaching business impacts an organisation may have to tackle following a security incident. For example, BCI World - the annual showcase of the Business Continuity Institute - is a case in point of how the disciplines of cybersecurity, resilience and business continuity are rapidly converging and presenting a bigger challenge to CISOs and the wider C-suite.

What is the best current trend in cybersecurity? The worst? Echoing my point above, I strongly believe that approaching cybersecurity in context with the wider security threat landscape and the risks arising from a general lack of resilience across all security control areas is the best way forward. And I am encouraged by the fact that this trend appears to be gaining momentum. Trying to address cybersecurity in a silo inevitably brings with it additional problems and challenges.

What's the best career advice you ever received? If it feels wrong, it probably is wrong, so go and do something else.

What advice would you give to aspiring security leaders? Something I touched on earlier and that I learned a long time ago: be collaborative and encourage collaboration among your peers and colleagues. And if your goals and objectives require a team effort then make it your priority to build a great team.

What has been your greatest career achievement? As the CISO and head of business continuity in a major international telecommunications company, helping to manage the response and recovery to a major hurricane in the Caribbean and getting the affected islands back ‘online' so that people could reconnect with their worried families and loved ones around the world.

Looking back with 20:20 hindsight, what would you have done differently? Maybe I would have reconsidered my choice not to go into further education, although taking into account the experiences and opportunities that working in the FCO gave me it's a difficult one.

What is your favourite quote?‘Heroism doesn't scale'. In other words, collaborate!

What are you reading now? I tend to have a number of books on the go at any one time. At the moment I'm dividing my time between ‘The Spy and the Traitor' (the true story of how the British exfiltrated Oleg Gordievsky from the USSR) and Ikigai (‘The Japanese Secret to a Long and Happy Life'). I'm also dipping into an old read - ‘How to Win Friends and Influence People' - to remind me of the importance of others in helping me to achieve my personal and career objectives.

In my spare time, I like to… get stuck into major DIY projects. There's nothing like designing and building something from scratch!

Most people don't know that I… once lent my short-wave radio to Margaret Thatcher's private secretary during her visit to Nigeria way back in the 80s. I don't know if the great lady actually used it, and it did get returned to me but minus the batteries.

Ask me to do anything but… The ironing!


« CIO Spotlight: Allan Alford, Mitel


The CMO Files: Michael Wood, Apstra »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies


Do you think your smartphone is making you a workaholic?