The Security Circle

EP 086 James Willison: Security Convergence Forever

James Willison MA MSyI Season 1 Episode 86

Send us a text

James Willison MA MSyI

James is a distinguished international leader in Security Convergence and Enterprise Security Risk Management, currently serving as the Project and Engagement Manager at the Internet of Things (IoT) Security Foundation. His extensive career, marked by a blend of, advisory, academic and practical roles, showcases his contributions to the security industry. He has a practical application to convergence,  and streamlining delivery within a sound business framework.

  • Co-authored four white papers on Enterprise Security Risk Management (ESRM), GDPR Assurance, Trust and Smart Building Security for AXIS Communications .
  • Regular contributor to IFSEC Global and an established speaker at international security conferences.
  • Associate Senior Lecturer, Loughborough University (2013 – 2020): Mentored and assessed master’s students in Security Management,
  • MA in Security Management from Loughborough University, focused on Security Convergence.
  • Winner of the Imbert Prize 2011 for outstanding contributions to the Security Industry.
  • Shortlisted in the Security Serious Unsung Security Heroes Awards 2018 as a Security Leader/Mentor.
  • Named #13 Security Thought Leadership: IFSEC Global Influencers in Security and Fire 2019.
  • Named #8 Cyber Security Professional: IFSEC Global Influencers in Security and Fire 2020.
  • Runner-up for the David Clark Award 2023 by the UK Security Commonwealth.

 https://www.youtube.com/watch?v=ah-fcVMMbn8

https://www.youtube.com/watch?v=cr4XE0Bxj-4

https://www.youtube.com/watch?v=TGLn9CuDdgk&t=4s

https://www.youtube.com/watch?v=u4DyMHk2nqE&t=189s

https://iotsecurityfoundation.org/

https://www.unifiedsecurity.net/

Security Convergence: Managing Enterprise Security Risk

https://shop.elsevier.com/books/security-convergence/tyson/978-0-7506-8425-5


IoT Security Foundation : IoT Cybersecurity for Facilities Professionals in the Smart Built Environment.

https://iotsecurityfoundation.org/best-practice-guidelines/

Security Circle ⭕️ is an IFPOD production for IFPO the International Foundation of Protection Officers

If you enjoy the security circle podcast, please like share and comment or even better. Leave us a Fabry view. We can be found on all podcast platforms. Be sure to subscribe. The security circle every Thursday. We love Thursdays.

Yoyo:

Hi, this is Yolanda. Welcome. Welcome to the Security Circle podcast. IFPO is the International Foundation for Protection Officers, and we are dedicated to providing meaningful education and certification for all levels of security personnel and make a positive difference to our members mental health and well being. And no, I didn't mean that. Yes, I did. Our listeners are global. They are the decision makers of tomorrow, and we want to thank you wherever you are for being a part of the Security Circle journey. If you love the podcast, we are on all podcast platforms. Spotify is currently trending as the number one. Don't forget to tune in, subscribe, or just like, comment, and share this fabulous post on LinkedIn. Okay, so who have I got with me today? A fabulous guest, He is a project and engagement manager, the number one go to for anything internet of security. James Willison, welcome to the Security Circle podcast. Well, hello, Yo

James:

Yo. Great to be here.

Yoyo:

look like, I have to tell the listener this, you've got this beautiful forest kind of path behind you. It literally is like you've taken your desk out into the woods and you're sitting there with it behind you. Looks fabulous.

James:

Thank you. It's a wonderful place.

Yoyo:

I'm surprised there's no sound effects behind you going.

James:

Yeah, the birds are singing and the buzzards.

Yoyo:

It's a good sign. Look, we're in jovial spirits this morning because it is a Friday morning as we are recording this. Um, James, You've become a little bit notorious on LinkedIn lately with this security and music thing. Tell us all about it.

James:

Yes, security and music, the place to be for people who want to listen to music and share what they think about music, what really inspires them, what helps them and encourages them in their day. We all love different types of music and most of us need a bit of a pickup, a bit of a thing where I need to know, I need to feel inspired to carry on with my life. And my favorite person, Freddie Mercury, How Can I Go On, he sang with Montserrat Caballé.

Yoyo:

that was a great song, wasn't it? I found it was really emotional listening to that. I mean, I always loved the song and I remember when it came out, I was, you know, reasonably young and I remember, you know, adults around me saying things like, Oh God, this is gonna crash in the charts, but it didn't, did it? It went to number one.

James:

Amazing.

Yoyo:

But what I learned most importantly, and I think this is the magic of what you're doing when you're producing security and friends, and it's what every month, and it's at about 7pm. there's a theme each month, and it's a case of just joining everybody joins a zoom meeting. But what was you seem to have a lot of facts about you, about music. Like you told us that Montserrat Cavalier had a wonderful friendship with Freddie Mercury. Like they really loved each other.

James:

They did Well, if you watch a lot of YouTube, all you have to do really is look up Freddy Mercury and Montserrat Cavalier and they've got loads of interviews they were wonderful. Really,

Yoyo:

James, it's Kaba. All right, it's not cabriolet, it's not Montserrat cabriolet, it's a car.

James:

She's in, she's in heaven with Freddie now.

Yoyo:

I know. Can you imagine how good heaven sounds with both of them up there?

James:

Amazing.

Yoyo:

Listen, let's get down to serious business, really. Internet of Things. There are going to be some people that have an understanding of what that means, and there will be some people that have heard about it, but it hasn't really touched them. So let's talk about the Internet of Things and what everybody needs to know. You are the number one for this.

James:

That's very, very kind of you to say, I don't think it's quite true, but I'm somebody who talks about it a lot on LinkedIn, but what it is basically is everything that connects to your network, anything. So mainly for the physical security people, it's your camera, your access control, your HVAC, even, even your building systems, if you've got anything to do with them. And then for cyber, it's, well, oh, do I know about this? Is it on my network, or should I be worried about it? Is it my responsibility? Oh no, I think it's the Chief Security Officer's responsibility. So, at the Internet of Things Security Foundation, we, we look at these things, and try and help people to manage that risk. And we produce quite a lot of documentation, so that's what we're proud of. We've already actually given you 150 controls to to look at in your building. So if there's anyone out here listening and they are a bit worried about, oh, is there a Russian or a Chinese or a South American or a North American or whatever nationality they are, because they don't want to be discriminatory, they might be trying to take over your building. And if they are, what are you going to do about it? And should you be worried? And 90 percent apparently, according to G4S. Allied Universal think that their chief security people are worried about it.

Yoyo:

Yeah, they are worried about it. Um, but also we can just use hostile actors., it gets us out of trouble with any kind of potential discriminations. We don't want to get you cancelled, James. But let me refer you back to the very famous case. It's called Fish Tank Hack Casino. 2017, because you talked about all those things that can be connected to the internet. Well, in Las Vegas, a small fish tank was used to hack into a casino's computer network. The thing you've got to think about the thought processes of this hostile group. The fish tank was connected to the internet with sensors, monitoring temperature, food, and cleanliness. The hackers use the tank to access the casino's network and sensitive information. So, People, if it can happen through a fish tank, it can happen through a printer. And what are most printers attached to?

James:

Oh, the network.

Yoyo:

Out of date, um, out of date servers usually. Or, you know, because That's where we find all of our, you know, Windows 96 still connected to the internet, right?

James:

So people are worried about the critical national infrastructure. You know, last year, Oliver Dowden, bless him, he raised the critical level to number one, tier one.

Yoyo:

Who's Oliver Dowden? I remember the name, but there will be people who won't know him.

James:

Was a conservative politician But he was leaving. Um, that's when it was announced. So he announced it at CyberUK.

Yoyo:

So I think he's left now, hasn't he?

James:

Yes.

Yoyo:

Bless him. We wish him well. So it'll be interesting to see from a security perspective, who is taking over in the new government, and who is going to be setting the standard for cyber security threats. Interesting. Okay. We know a fish tank can be hacked to access, internal systems, but let's face it, there would have been issues around how the network would have been configured for somebody to access systems via a fish tank. There doesn't seem to be any, uh, segregation there.

James:

I'm more worried about the NHS attacks. And the fact that they cancel operations from, you know, cyber attacks. So it does have a physical impact on people. It's like saying, Raw doesn't matter because it's not really, you can't really see it. It does matter if you're, you've just lost all your money to a fraudster. And that was through a, through a cyber attack. So it's a real physical impact, isn't it, on So people say, you know, so this is the Internet of Things again, really. They're connecting everything. So you don't know what is your vulnerability. It could be a camera, it could be an HVAC system. I mean, the problem is, of course, there's not many sort of examples of it, apart from, say, Colonial Pipeline. You know, there are, there aren't huge numbers of examples. I mean, but you've got Dusseldorf and, you know, that example where the woman was taken to a hospital and they couldn't let her in and treat her because they had a, their systems weren't working. So she had to be moved to another hospital and while she was being taken there, she died. And the judge said to the people that the hackers were there being so prosecuted, but he said to them, I'm not going to do anything with you guys. Uh, but in the future, if this happens again and the woman, uh, wasn't going to die anyway, then I'll go for you and the hospital for not actually securing the systems properly, which is an interesting The hospital's got

Yoyo:

That transfers, doesn't it, the kind of burden of responsibility and accountability, but I worry when I look at institutions like the NHS. Because they don't have a lot of cash, if we look just at IOT, they have so many systems connected to the internet that actually they're what we call the threat attack surface is really big.

James:

Yeah, I'm worried. I was, I was there in the 80s with them doing hospital security or Portering but then we had to try and look after the information then and stop people getting hold of it, but that was more physical. You had to sort of protect, you know, the patient's notes if they were, say, the military, the soldiers we were looking after had been attacked in the Hyde Park bombing in 82. but the police then were really concerned about, well, how do we stop the press and other people getting hold of it. Getting into talking to these people. They're vulnerable now because they're, you know, really badly injured by nail bombs. They're not in a place where they can go, oh yeah, hi, you know, I'm going to talk to you. So you have to protect people. That's what it's really about, isn't it?

Yoyo:

Well, look, security convergence is becoming a very, uh, important subject to talk about. Why is it important to you, James, security convergence?

James:

I think as it brings people together, really, and on the security front, so it brings all the people in security together to look at the risk, so you can see one, have one view of who it is. That's what Saab and I like to talk about. You can have a single view of risk across the whole enterprise or the business or the company. Whereas if you don't do it, you can't really get that. And so it's really about that. The technology has been converged for decades or a long time. And that's only made worse by IOC and AI and all those other nice things now. I mean, why it's important as well to me is because even the US government, which who I love, you know, They've got it on their agenda. Um, but I, I think to me it's bringing, bringing people together. And then I like what Paul Dorey used to say to me, who was a CISO VP. He said, you know, it's this amazing fusion you get when, when they did it there. He was incredibly impressed by this energy, he said, that happened when you had the, All, everyone's together in the same team and they swap roles. So they gave people, you know, physical security person had to look after the cyber for a month and see how they got on. And that's really interesting to do.

Yoyo:

My next question to you then is, how does security convergence help ESRM, Enterprise Security Risk Management?

James:

Yeah, people like to ask this one. They think, oh yes, you don't have to do convergence now, you just have to do ESRM. They go, ha ha, now for ASIS you know, I joined ASIS in 2001 and got there to the meeting, there were about 120 people and it was all white Caucasian men. Okay. And I thought, okay, and then there were two women and I couldn't get to speak to anyone. No one would talk to me because I wasn't in the police or the military or anything. I was just an academic to them. but things have moved from there right the way through to now where we've got the wonderful Letitia leading it and it's all really dynamic and it's all multi diverse and fantastic change and improvement, I would, I would suggest. But also when I experienced, my experience of convergence over the, the first decade was that no one wanted to talk to you about it because they all wanted to keep their own little empire going. So wherever they were in the world, they would carry on doing their job. And they said, don't talk to me about that other place, cyber, or if it was a cyber. So sometimes the same. So I was a member of ISACA from 2009. But they were, they were much more multicultural and much more diverse, you know, all nations there in the, in the meeting, wonderful place to be. I thought, I couldn't believe it was like a culture shock from going from one to the other. And I thought, but it was. And, but now, as I said, Letitia and team have really transformed ASIS UK. to, to a place where it, but I mean, Dave Clark is great as well. So don't, um, I love Dave Clark, as you know, Do

Yoyo:

you know, I, I sat next to him once at, uh, and I don't often get a chance to tell this story, but I, I'd only sort of emerged into the security membership scene, I think within the first year. And I was introduced to him and I was placed next to him at one of the London luncheon things. Can't remember which one it was, but he was very involved with it. I felt like I was at the head table. I don't know why. Anyway, I, I felt quite inadequate at the time. And I just said to him, Oh, I, you know, we cheers without chinked our glasses. And I said, Oh, better not drink too much. I said, um, I, I, I'll sound like an idiot. And he said, no, I do all the time. And that was it. I just completely, uh, relaxed. We know he loved a glass of wine. Bless him. And he did a lot for women and security as well. Didn't he?

James:

I think so. I, He's an incredible person. I think he's the greatest. He said I was the greatest person on conversions, which I was very thrilled to hear. But I said, no, that's not true Dave. But I think he was, to be fair, and he was the best person I know who could bring any group of people together in one place at any time. He had that amazing kind of, um, draw. A bit like, that's why I call him the security Elvis, you see. And I think he had that charisma. And so, so sad that he died so young, but he did passionately believe in security convergence as well, you know, he said, I was, uh, you're talking about being with Dave, I was with Dave I love this story where I was with him in Vienna, the Ritz Carlton. And I said to him, Dave, there's an opportunity to come speak at CSO, 360. And he said, Oh, where is it? I said, be a nascent. Where? Where's Carlton? He said, I'm coming James. So he did. And then we sat down on the table. This is why I'm telling the story. Then we have the, the sort of traditional guide leading the conversation saying, Hey, I'm not going to do security convergence you know why it's irrelevant. It's not worth doing because we just carry on doing our job the best we can. Don't try and this is what I was telling you earlier on. And Dave stood up and said, look, you can't have this approach because if you're in a smart building like me. You've got all these sensors and IoT devices and everything else connecting. You don't know what's connecting and how you're going to secure it without doing security convergence you need to do security convergence. And because he said it, they all shut up.'cause they love him so much and, and rightly so. And so they should. And that's why I say to people in my, I write articles, I and I did talks and I said, do you know why you should join the I Security Foundation? Because Dave was a member. And why was he a member? Yeah. Because he wants to understand the risks to IOT security in his building. And unless you joined us where you've got lots of other people who actually know more about IoT security than I do, about a hundred times more than I do. We've got all these experts in the group that I just, I'm a project manager, right? So I'm, I engage everybody and I bring everybody together and then talk about how great they are. But they're the people doing all the great stuff. But unless you actually join our organization, really, you get free downloads because there's lots of free downloads from the site, which I'll let you know that link soon is cool. But then, you know. You won't experience the peer review, uh, aspect of it. You won't experience the group work where you can ask a question about your latest problem. That's what I think the beauty of ASIS is as well, actually. So what we do is similar to ASIS but on a much smaller scale. You know, it's only a few hundred of us, not 35, 000.

Yoyo:

There's something quite magical though, isn't there, about any security membership where you go and you join people who just are nuts about this stuff the same as you are, you know, it's the only way of. Explaining it, really. So, so what sort of things do you guys all talk about then at the IoT Foundation?

James:

Well, we talk about trying to secure the things that you're worried about, and how do you do that? So I mentioned these 150 controls. That's quite a lot. So when you look at all the classic ways to do risk management, you look at governance, risk, compliance, all your systems. And you go through all these different things like they do in, uh, say with COBIT which is the ISARCAS framework. So you make sure you cover all these different things. So the GRC, then the technology systems, then, um, monitoring, you know, identifying risk and all that stuff. So you've got the sort of, you know, Identify risk, then what are you going to do to reduce the risk, bring in controls. So we do all that, we take that approach and then monitoring and then business continuity, decommissioning and all that. So we look at all those different areas for the building. And we then give you practical, say, 10, 15 controls on each area. So that's why, so you've got 10 sections to look at, starting with governance, finishing with decommissioning. You're, you're looking at really, you know, the whole spectrum of the, the enterprise risk management.

Yoyo:

Most people know that I talk a lot about convergence because I've moved from physical security for 16 years and into Into cyber security. And in fact, for those that are interested, um, and most of my conversations with people are looking at and talking about a track into cyber from physical. COBIT is actually a really good thing to become familiar with. ISACA, if you Google COBIT, you'll pick up ISACA very quickly. It's a great framework for optimizing and optimizing. enterprise IT governance and you'll know very quickly if you love this stuff. It's like, if you love this shit, you can't stay away from it. And I also recommend that people look at NIST as well and look at ISO 27001. And these frameworks you'll find when you're going for roles. Convergence roles, like the one that I'm in, for example, they'll be looking for experience and knowledge around COBIT NIST or ISO 27001. They're all separate disciplines, but if you wanted to do a little bit of homework and understand the importance of these frameworks, and why they're so good, that's a really good start, isn't it, James?

James:

Yeah, I completely agree. COBIT I've been looking at since 2009

Yoyo:

God, how old are you, James? I'm

James:

very, very old. Not as old as Elvis the man, the king.

Yoyo:

Yeah, but in fairness, didn't Elvis clock stop when he died? Or do you think he's still alive?

James:

Well, he's alive in heaven and he's looking down on me saying James, go for it. Tell them about me. But seriously, I think there's something about these people, going back to security and music, you know, Freddie Mercury. There's spirits around, you know, they're inspirational, more than some of the other people I know.

Yoyo:

Yes, exactly.

James:

I'd ISACA have been a member since 2009. I think any of their qualifications, if you can get them, they're quite hard to get, are worth doing because they always look at COBIT and if people doubt COBIT they should look at, well, actually it's referenced in the NIST frameworks. So they, when you look at the controls, they're actually using COBIT controls and ISO, like you said. when I was studying at Loughborough, so it's. I got into convergence really? Somebody said to me, I was doing physical security like yourself, in Burberry. And um, somebody said, do you wanna stay doing retail? I said, well, no. It's a bit dangerous. We sort of running after shoplifters.'cause they don't always, um, They don't always stop to say Hi James. I said, at one time I caught somebody, this guy said to me, what are you doing? You know, just meant to pretend we're not paying you to stop them. That's the police's job. I said, what? You mean I'm standing here? Well, anyway, well, somebody said, if you want to get out of this sort of difficult situation, which I was in, why don't you study at Loughborough? and that's how I got found out about information security more, you know, because the course was 50 50 or actually mainly computer security and broad and IT. Very cool. It's not running anymore, unfortunately. It's the oldest security management course, but no longer there.

Yoyo:

But if anybody does want to go down the academic route, Coventry University has so many great security qualifications and degrees. Um, But look, I've always maintained, I don't have a degree, James, you don't need a degree to get through life. I don't know sometimes whether it's, let's talk about this because security professionals tend to come from a mishmash, don't we? Of all sorts of different plASIS. And that means we bring into the industry an amazing diverse skill set. I'm thinking if I had gone to university, I would have wanted to have studied journalism because that was my, my track was, ironically, isn't it? And I now write a column. I never thought I would have done that. But I was really interested in the journalism side. Here I am interviewing you to see how it all blends in, but I don't get how a degree in journalism or anything linked to journalism would have helped me 10 years ago as I'm stepping up the career in physical security. I just think, I think it's a bit potluck really, whether your degree is really going to support the journey you need to go on. And we change our journeys. I mean, have you changed your career at all, James? Yes.

James:

Well, yes, guess what my first degree was?

Yoyo:

Um, Arts. Arts and Crafts. Um, Needlework. Tapestry. Um, Ancient Egyptian Waxworks. I don't know.

James:

Theology. Really? Theology. So the, but, Theology is the most protective, caring, It is all about caring for people, so it takes the premise that God cares for you, and therefore you should care for other people. So it says if you are a true theologian, God cares, and therefore you should care for others. And you should care for yourself. Look,

Yoyo:

that's not, that's not a bad mandate for anybody to have, but I understand the study about theology is the study of religion, which means you understand and learn all the religions and how they, how,

James:

I did, I went, I did RE teaching after that, which is all religions. and yeah, so that means you've got, uh, well, this empathy, well, we were talking about before unless you've got this. So, and also the international context of the world is important for, I think, for security people. I mentioned this World Economic Forum book, which we might come on to, about why does it matter to take a sort of broad international, global perspective on, on risk, and then, because it's all peoples of different cultures and different responses and attitudes and understandings of life, and then. How can you love and care for them, like my best friend?

Yoyo:

I think the study of geopolitics, which I studied with Coventry University, ironically, uh, it's not a degree course, but it's like, um, it's like, it's like, hey, are you interested in doing a degree? Let's tease you and do this course, right? studying geopolitics and understanding the power of hegemony in big global decisions was a big eye opener for me. That was a door I remember opening and walking through and going, Whoa, okay. Because you understand, you know, the difference between presidents in America can have a huge impact on the hegemony of the United States and then looking at emerging hegemonies. When you saw countries like Indonesia really coming to the forefront during COBIT with great COBIT solutions. And you're seeing Brazil. a hegemony that both people are kind of terrified of, but need to protect at the same time because it basically holds the lungs to our planet. And so, and then you look at obviously China, Russia, strong hegemony. And the other thing I learned is there are a number of different hostile actors that want to damage hegemony. Trump will do it by himself. He's not interested in global movements. He doesn't want to be a part of the Paris Agreement. He's just focusing on America first. So he weakens hegemony by doing that. But Russia weakened our hegemony when they got involved with Brexit and they started stimulating conversation to make people leave Europe. Because Europe was a very powerful hegemony. And without the UK in it, actually, it affected the balance a lot, didn't it, James?

James:

Yeah, and even people's favorite policy, one of them, was Winston Churchill, who I think did found Europe, I know people have got different opinions about what that meant and everything, whether he really believed in the Europe that we have today, but I still, I still love listening to his speeches, which were about, you know, forming the Council of Europe and, and expanding it and making it, you know, So

Yoyo:

you just think of the word alliance, don't you? When you hear Churchill's speeches.

James:

Yeah, they're very very emo I don't think he'd be happy with, with a Brexit, but that's a, only my opinion. You know, I found it difficult going into. Going to ASIS Europe, for example, but they're okay now with us, but I think, well,

Yoyo:

I've been to Europe a few times since Brexit, and every time I like my customs, border control, everything, and I'm like, oh, roll my eyes. I didn't vote for Brexit. I always, I'd like want to wear a T shirt. Like, it needs to be like a tattoo on my forehead. I wanted to remain like this because I felt we were always going to be better as one. You know, it's the whole Star Trek philosophy, isn't it? The needs of the many outweigh the needs of the few. And I just think, trekkies triggered!

James:

Shall we call it what? Shall

Yoyo:

we call it? Because I said that, I triggered some Trekkies, who, Trekkies, who will be hearing that and go, oh, I don't know what that means.

James:

Yeah, there's a great video on risk by William Shatner. He talks about risk. It's like, I don't know if you've seen that one, I'll have to show you.

Yoyo:

No, I don't

James:

know

Yoyo:

what it is, like I really love William Shatner and I, yes I have seen all of TJ Hooker and it's great, um, bit repetitive but great, and of course, I'm a Trekkie. In fact, I think, one of my favourites, uh, William Shatner, Star Trek movies when he played Kirk, is Undiscovered Country, and I, and I think, for those that don't know, my god, where have you been? But anyway, Undiscovered Country. is where at the very Sulu, first of all, is Captain Sulu. He has his own ship. And Praxis, the Klingon moon, suffers an incredible explosion due to over mining, and literally obliterates itself, sending a shockwave throughout the galaxy. And this means ultimately, because Praxis was their main energy production, it meant the Klingon empire literally only had 50 years to live. So the Federation kind of gets together and they say, look, now's the time to have conversations about working together. And of course we all know through Worf joining generations with the next generation with Picard, we know that we do work with the Klingons, but This is a time where tensions are really high, and from a security perspective, a lot of very senior people within the United Federation of Planets were worried that allowing the Klingons to join the Federation and become allies was, represented a huge amount of risk in lowering the security posture, for example. So I, I think I like that episode because it's very security and geopolitically oriented.

James:

Right.

Yoyo:

I just, I just love it. Anyway, I see you don't love it as much as me, but that's okay.

James:

I used, I watched all the, you know, the episodes in the sixties, the first William and I saw one of his other films more recently.

Yoyo:

So, look, kudos to Gene Roddenberry, really, who had the vision and insight. I consider him to be an amazing prophet. To, even sort of have these crazy batshit ideas about how the human race would be killing each other, and annihilating each other, and harming each other, and dominating. And he just, he's a prophet, I think. In a non religious sense, maybe a Trekkie religion sense, but it's important, isn't it, to have the big picture involved. There's no point in being an Internet of Security things expert if you don't understand the threat vector, and the threat vector is quite often a number of different hostile actors. Take us through that.

James:

Well, yes, so that's where conversions in the SRM is more helpful, probably. So, I was pleased, to be involved in a standard, an international security standard by ASIS, on the security awareness standard. And what we did was, we said, well, okay, I get all this, the international global geopolitical stance, oh dear, so what can we do, little us, as a response? Well, we can establish cross functional teams to manage the cyber physical risk. Because the cyber physical risk is now, as you say, convergence in a way. It's the big problem, it's a big problem, because if our critical national infrastructure, is brought down, then we've got about, as one of my friends, the IOT Security Foundation said, about three days before we've got complete chaos in our country because the electricity doesn't work. And some, that is a real worry. And I think, if our enemies have got this capability, why aren't we doing more on monitoring? So as some people might know, I've, InifSec Converged Security Center for five years. And it's important because you mentioned journalism, but Informa, they're the largest, marketing group. And they run the big events like Black Hat and others, and loads of events. But they, for five years, they promoted our Converged Security Center, where we're saying, look, we've got the problem, we've got the technology, but as you said earlier before, we don't have the investment, we don't want to invest in it, we don't want to buy the products or the services. So a lot of my friends are in, Axis and, uh, Gallagher and, others, you know, ACIS, and across the world trying to, they're trying to stop the attacks. I'm trying to respond to the problem and there is a problem, there's a global problem, and part of it's to do with IOT, but they're using IOT to sort of manipulate and exploit because that's where the vulnerabilities are. So the router has got the vulnerability, so unless your router, going to the basics, is protected and secure, When we're sort of, it's a game over really, because anyone can get through to that, then they can control your business. If it's a small business, you should be really worried. And so, that sort of thing is, it does make a difference.

Yoyo:

It's like if you look at it from a physical security aspect, why would you just put a lock on the front door? If everybody can get in the windows or, what, why shut the back door? If you've got a lock on the front door and the internet of security really is about looking at all of the different vulnerabilities that you can get into a house, right? Including the roof and the chimney and the air conductor system, HVAC. And we call that, there's so many Americanisms that we've adopted. Mike's going to love that. HVAC. HVAC. ESIAS! And actually ASIS

James:

Do

Yoyo:

you know but they've been, they've been told to stop saying Azzes. Azzes, yeah, so we've got to correct them. ASIS. Yeah, it's not Azzes. As there's a, yeah, there's another mic. He says, as is a lot, and I'm like, Mike is A-A-S-I-S, but there's more mics than women in security. Do you know that In fact, I know quite, I know quite a few. James'. James as well.

James:

There's a few James' sort of sixties people.

Yoyo:

I wanna draw you back to while we finish up, you talked about Klaus Schwab's books. on the fourth industrial revolution. There'll be some people who'll be thinking, oh crikey, Kazia will be getting a notepad and pen out right now and making a note of Klaus Schwab. That's S C H W A B, S C H W A B. Yes. Why is this interesting to you? Because he writes about the fourth industrial revolution, doesn't he? He

James:

does. Well, he, the why it's interesting to me is obviously he talks about everything, sort of. AI and all that, all quantum computing, internet of things, lots of different things to talk about. So he gets all his team to talk about those, he's got experienced professionals in the World Economic Forum who write about this and are very learned. And then he compiled a book and I thought, oh, well, I look at the book and I read the book and I thought, interesting, because he talks about four different things about, um, People to focus on is having a sort of a contextual, emotional, inspired and physical leadership. So what does that mean? It talks about the context. We've got to understand the global context, which you mentioned before. You've got to be emotional. You've got to be able to empathize and listen to people and help them and care for them, really. And then you've got to be inspired. So it's all about music and what motivates you to live. And then you've got to look after your physical wellbeing. So he has these four different things to, to address as, um, if you're going to be a mature leader, because the trouble is, as we know, There's a lot of bullying around in our industry, and it's got better, but I'm, I'm personally unhappy with it. I think that it's the reason why convergence and women in security hasn't progressed as at the speed it should have done, because, that in, you know, there's too much negativity, too much. It's all about my world, my career, my progress. How can I. I know you have to look after yourself, but then what about other people and being kind? So the kindness games, for example, it's like you need to, if you're going to be a mature individual and be caring and responsible and look out for other people, which is what security should be about protecting others and stopping harm getting to them. What is the harm? Trying to reduce the harm, obviously. Um, but also, not only that, but also caring and, um, this emotional intelligence that Klaus Schwab talks about from the heart. So that's why I don't think it's true for everyone. but that's where it got to lead more. but the heart and the emotional and the caring for others, which is, I know, characteristic of women, so to speak, unquote, and therefore they are better at security, quote, unquote. Um, but men have got hearts too, and they should be, you know, King David, who the Jewish people look to as we talk about religion, he was called a man after God's own heart. And that's why he was a great leader. And the same with Eric Liddle. He was a man who had integrity. But there are a few of us who can even match these people. But we are called to follow their example. I'm not claiming to be Eric Liddle or anything, but he was such a great person. And everybody loves chariots of fire, but would they have the integrity and the strength to stand up to the king, which he had?, And then win as well as after doing that, you know, having that strength, but also then to go and win in a race. He hadn't even trained for really much, very much a few months and he wasn't expected to win. He had, he hadn't won any of the other rASIS. So Chariots Fire the best movie ever,

Yoyo:

You know, because the, because the euros are on right now at the time we're recording this and um, go England. Um, I think, um, there's, there's a lot of funny video clips going around and means and stuff. There's this, um, Harry Enfield clip. I ask anybody who's listening to, uh, go to YouTube and Google the Harry, where's the bloke? Where's the bloke? Uh, skit, comedy skit. It's um. There's a woman, uh, interviewing two fairly famously known, uh, football pundits and she's asking them some very decent questions and they just completely blank her. And then after the third question, they say nothing. And then one of them says, where's the bloke, love? Where's the bloke? Yeah. And then the other one, where's the bloke? Yeah, love, where's the bloke? Go make us a cuppa. Where's the bloke? Where's the bloke that comes out half time? All right. They wouldn't. But you see, I see that now as comedy. And there are probably some women listening thinking, oh, you know, you know, it's not that long ago before we were very invisible. And I'm thinking, yeah, but it is in the past now. And you have to kind of see comedy like that. To see how Harry Enfield was doing a lot of great work really in highlighting the ignorance and doing it in a very, very clever way. He certainly wasn't getting kicks out of women's behaviors. He was, we were getting the kicks out of the ridiculous men's behavior. And there's a real skill to that. And there's a real skill to, how women and men are working together in this industry. I see it now. I don't know if it's cause I'm mature or not. Like you said, maturity does account for a lot, but I just, I don't feel like I have any big shoulders to nudge up on anybody. I feel like I have my own breathing space and it feels nice.

James:

Great. Well, that's really great. I mean, 10 years ago, I don't know if you could have said that, if you were sitting in, no, you couldn't. No, I

Yoyo:

was, I was kept in the closet under the stairs, quite frankly, James, metaphorically and physically, that's where my office was. I

James:

could see the stairs in the background.

Yoyo:

But in physical security, most of our offices were either in the third basement, which is the third one down, or in the, under the stairs or in a cupboard somewhere, so.

James:

Yes, you're right.

Yoyo:

I think we should get people to comment on the post and say, what was the most ridiculous place they've had to work? I remember turning up to a site once and the security officer was sat in his car and it was really cold, right? It was really cold night. And I remember I was in, I was in Essex. So I'd driven, I've driven quite a long way. My car was warm and I went up to him and said, dude, what sat in the car? He goes, Oh, I'm just trying to keep warm. He, he, he didn't even have an office. He had no place of work. But he was required to be there, and I just felt really sorry for him. So, like, he didn't even have anywhere to go to the toilet because they wouldn't let him go into the warehouse. Stuff like that, you know? Um, have you, have you witnessed any kind of really weird places people have to work?

James:

Um, the mortuary. I

Yoyo:

don't want to do the night shift. I had to

James:

do that for two weeks, looking after the mortuary.

Yoyo:

Did you experience any, did you experience any, did you experience, did you experience any creaky noises?

James:

Uh, the most amazing thing was this woman, uh, she was from Africa, she'd just flown into the, into the airport, Heathrow, and she collapsed with a heart attack. She was only about 45, and she died. And I thought, oh no, how sad. And so I was asked, James, can you take her to the mortuary? I thought, what an honor. and I didn't realize it. She, I got her to the mortuary, got her in there, and I was preparing her face, and she was shining. I thought, wow, this woman's amazing. What, what, incredible. And, then the, the people came into the chapel, they were all singing really loud and crying, wailing, because she was from Africa, right? I haven't been to Africa, but I was like, I was in Africa then. And it was amazing, it was really amazing. And, and no one else wanted to stay with me, so they left. And I said But you missed it. It was such like, like angels were here. The other ports of security didn't want to stay in the room. But I thought, no, I'm staying. Although, you might say, why would you want to be in a mortuary? I mean, it's not the best, but you must, you might have been to one. Because police, police do have to go to the mortuary. And, but they don't want to stay either, really, normally speaking. But I'm happy to be there. If the angels are there as well, which is sometimes the case.

Yoyo:

We usually have to do the continuity piece, we've usually been at the home or the residence or the location where the body was deceased, found deceased or, deliberately deceased. And, uh, then we have to do the continuity to the pathologist, uh, with the, with the ID so that we don't get the names, Crossed over and mixed up, which obviously has happened in the past. But I remember chatting to the mortician and you know me. I'm like super curious. I had this pathologist here and I said, Doctor, So how many bodies, roughly, dead bodies do we process in a week? And he was kind of like, well, About, you know, 50 a week, 45, 50 a week on average. Also, it's like a static figure then, oh yeah, yeah, yeah, unless it's the full moon and we have an extra third on top every single week, religiously. The full moon, more people cough it.

James:

Didn't know that.

Yoyo:

Isn't it weird? It is. I I know, but he said it's true. I believed him. He's a pathologist. But I'll say, I remember once I went to the, oh gosh, and my, my vocab is a little rusty because I left the police like 17 years ago. My God, that makes me sound, I know, right? Didn't that make me sound old? That dated me because I joined WC when I was 13. Um, and I was special case as we know. I went to a, one of those, um, sessions where the pathologist conducts the investigations on the body. So what they do is they trigger for, organs discussion. They remove the critical organs from the body, weigh them, and examine them. They're looking for cause of death, and that's called a certain procedure, and I forget the name of it. There's probably, there's people now calling the name out loud, driving, and walking, and running. And, you get to see the skull being sawed open. It's like a horror movie. There's this kind of membrane, this kind of like cling filmy type substance. They pull that back and there's the brain. I mean, it literally looks like a brain, like in the movies. Yeah. And, we weigh the brain and, and then everything kind of gets bagged up and put together and ultimately the body gets sewn up again with the organs inside for the partition. and uh, to make him look pretty. And I, I remember seeing the kidneys and heart, on this sort of very silvery looking pan that was being weighed and I was getting hungry. And I was like, my stomach's going like this and I'm thinking, I'm getting really hungry and like saliva. And I'm thinking, I like, I looked at my watch, how long is it till lunchtime? And I said to the pathologist, this doctor, why do I feel hungry looking at all? And he said, it's so normal. He said, our brains are hardwired to see red meat and be stimulated for hunger enzymes to start moving in the body. I was like, thank God, because I thought I was a serial killer. he said, you're either utterly repulsed by it and want to vomit and he said, I'm glad you haven't. Or he said, you start to feel hungry. Yeah. Phenomenal.

James:

Wow. What a story.

Yoyo:

Well, you know, James, you can end with a story. Have you got a story to end with?

James:

I've got a story to end with. Talk about women in security. My women in security is my mom and my sister who brought me up in a single parent family. I love my dad, but he left us. And. But we had a great little family and we're still together now with my wife. But it's a story because, you know, it's a sort of over the years story where, my sister gave me lots of advice talking about books and writing. She's a, she's an author now. So that you can have, out of the sort of quite difficult situation in life, you can have really great outcomes, can't you? Sorry. Here's me championing convergence. But my sister's sort of, doing her thing with prisoners and things.

Yoyo:

That's not an easy job. It's such a sweet share that, James, it really is a sweet share. Wishing you all the best for this year. And I hope to see you on the circuit. I haven't been into London this year. I try to avoid it if I can, but, only because I had literally 10 years of commuting there. I think it's nice to take a break, but. We need to mingle and breathe the same air, peoples. So, are GSX?

James:

No, I can't really, sadly. I wish I was, because I'd like to see Chuck and his, well, in the States, and other people. Their own environment. But you're Perry.

Yoyo:

Yeah, I am going. I'm booked. I'm booked and I'm gonna take some vacation while I'm out there as well. So, staying with, Mike Hurst, but not in his, villa. We've hired condos. Great. I'm staying, I'm staying with two other amazing women, Deb Anderson and Pam Schoen, and we met there last year, so we're kind of having a girls reunion. We're going to be in the same resort as Mike and his daughter and Kekeshan, and obviously we're going to be hanging out, and we just decided to book an extra few days just to chill out and enjoy the weather, because it's a long way to go for us, and the jet lag is pretty brutal as well.

James:

Sounds fantastic. Sick.

Yoyo:

Well, James, I do hope to see you soon. I can only say I never thought we'd get Elvis into a security podcast with Churchill, but who knows? It's you. Anything was possible. Thank you so much for joining us on the Security Circle podcast.

James:

Thank you. Thank you so much.