As Head of Role for Security Architecture in DWP, I am enthusiastic about promoting the professionalism and capability of our team and the strong business benefits that arise from managing security risks using design-led approaches.
Currently, I am working with pensions colleagues to help modernise their services, including putting them securely online for public use. Check your State Pension has become an award-winning collaboration with HMRC – people can check their future State Pension at any age; Get your State Pension is due to be trialled with the public as a means to activate their State Pension; Bereavement Support will enable a number of legislative reforms. These services are being delivered using agile processes supported by cloud-based deployment, authentication of the citizen and assurance of the financial aspects such as bank account validation.
So, what is security architecture?
Back in the 1970s people realised that patching systems in order to secure them did not work. Tiger teams (penetration testing teams of the day) were able to carry out testing and show that the required security characteristics were not supported. In response to this David Bell and Len Padula created the Bell-LaPadula model which was an early example of a security model. Over the years, security architecture and design has developed as a discipline – recognised by the Institute of Information Security Professionals, the British Computer Society and other professional bodies. It is a way of ensuring that security controls are developed in a harmonious way starting from the drawing board. These controls must be proportionate to the security risks present in the system – for DWP, we are very often facing substantial financial risks so preventative approaches to fraud loss are a major focus.
Why DWP is a great place to work
Information security is not always a garden of roses as many of the challenges that face us relate to malicious and criminal elements. But with effective training and a strong collaborative working ethos we are able to confront and overcome these challenges. What we do is in the tradition of the British Civil Service which places a high value on personal integrity and professional competence.
Join our Security Architect community
In my opinion, there are few jobs which are as rewarding as that of DWP Security Architect because we are safeguarding a system which protects the most vulnerable in society: pensioners, children, the unemployed and those with disabilities and ill-health. In doing this we are protecting the system from those who would attack it (and seek to benefit fraudulently), especially over the Internet. This has enormous social value as well as being a formidable technical challenge. I would encourage anyone with the right skills to come and join us. Our people are supported through continued professional development and appropriate on-the-job training such as vendor education sessions with prominent IT security companies and joint problem solving with recognised technical authorities such as CESG. As a community, we value diversity and we operate flexibly from a range of locations. We have family friendly policies and a culture that encourages people to be authentic and play to their strengths; it’s a great place to work.