Insights with Cyber Leaders with Ian Glover, President of CREST
Date: 6 September 2018
CREST president Ian Glover sat down with Amar Singh, CEO and co-founder of Cyber Management Alliance, to talk about his career and pass on some of the insights he has gained over the course of his long and fruitful career in information technology.
Ian Glover has been in the information technology industry for 14 years. He started his career in a retail environment, working for a publisher. Glover’s responsibility was to help the publisher set up its first computer system, which provided him with a wealth of experience that he used later in life on a number of occasions.
“I’ve been in the industry for 14 years, and I’ve enjoyed every minute of it.”
To advance his skill set, Glover was taking evening classes while working for the publisher. When a job came up in the United Kingdom Ministry of Defence, one that allowed him to attend college at the same time, he decided to embrace the opportunity and was hired to work at the Defence Operational Analysis Establishment (DOAE) as a computer operator.
In certain ways, working as a computer operator was a step backward in Glover’s career, but, as is often the case, the benefits outweighed the cons in the long run. For starters, Glover had unlimited access to mainframe systems and spent most of his days either coding or reviewing the code of others, thus sharpening his analytical abilities by solving real-world problems. What’s more, the job allowed Glover to save enough money to eventually leave the Ministry of Defense and finish his degree.
As unbelievable as it may sound, Glover started building artificial intelligence systems early in the 1980s, initially focusing on the identification of unexploded bomb to help bomb disposal units safely disarm unexploded ordnance. He and his team at the time then used the system for missile recognition, while also building statistical models for battle simulations and working on the interface between microcomputers and mainframes.
The next stop in Glover’s career was the Central Computer and Telecommunications Agency (CCTA), which is a UK government agency providing computer and telecoms support to government departments. There, Glover was able to use his experience with artificial intelligence and apply it to risk analysis and building generalized risk management models on the international stage.
At the bottom of the economic recession, Glover decided to leverage his industry experience and, along with his partners, start a company called Insight Consulting, which was one of the leading independent IT security consultancies. The company quickly grew to more than 150 employees, who provided services to the UK government and businesses alike. In addition to Insight Consulting, Glover also managed a training organization and a specialist recruitment organization.
Ultimately, Glover and his partners decided to sell Insight Consulting to Siemens, earning him a place on the Board of Siemens Communications and providing him with the opportunity to understand the bureaucracy associated with technology-based organizations and some of the difficulties associated with working on boards.
Foundation of CREST
Glover recognizes the limits of UK’s CHECK scheme, which enables National Cyber Security Centre (NCSC) approved companies to carry out penetration testing of HMG (Her Majesty's Government) and other public sector bodies IT systems using qualified personnel, and he decided to set up CREST to serve the needs of an information security marketplace that requires the services of regulated and professional security professionals.
“We’re trying to professionalize the technical security industry by providing consistency, growth, and standards.”
CREST is a not for profit organization that promotes research and development in standards for professional technical Information Assurance practices, offering internationally-recognized qualifications for penetration testing, intrusion analysis, reverse engineering, and security architecture. It’s also worth noting that CREST is part of a consortium with the Institute of Information Security Professionals (IISP) and Royal Holloway College London to provide IA certification services to the UK Government.
Recently, CREST has extended its scope of operation, providing the same services to other governments around the world as well, including the government of Hong Kong, Singapore, and Malaysia.
During the interview, Glover explained that companies that have been accredited by CREST successfully demonstrated excellence and proved themselves to be trustworthy partners for anyone who wishes to buy penetration testing services, threat intelligence, or incident response services.
CREST retests all member companies every three years, which, as Glover pointed out, is absolutely essential considering the rapid pace of technological development and the increasing sophistication from business processes. Should a company fail to meet CREST’s strict requirements, it may even be excluded from doing work in the financial sector and elsewhere.
Helping Young Professionals Start Their Career
“It’s very difficult for people to articulate what they want to be.”
Glover believes that young people who are interested in moving into the information technology space often struggle to articulate what they want to be. To solve this problem, CREST is now providing a growing library of video content, trying to present the human side of information technology and lay down clear pathways for young people to follow.
CREST also offers a 3-tier program that allows people to move in from other industries, creates opportunities for internships, and educates people about the possible career paths in the information technology industry.
Lastly, Glover has praised the information technology industry for being relatively diverse, but he also pointed out that gender diversity can still be significantly improved. Glover criticized some of the current efforts how to combat the lack of gender diversity in the information technology industry, saying that they make women feel like minorities and focus too much on certain traits that have been traditionally associated with the concept of femininity.