Getting to know...Scoutbee's Information Security team

Share

Getting to know...Scoutbee's Information Security team

Scoutbee has invested and built-up an information security function that has developed a bespoke framework to address the needs of our business, our industry, and our customers. The elements of Scoutbee’s security framework are designed to proactively drive improvements in quality and security, reassuring our customers that their data will be secure now, and in the future. Meet our team!

Greg van der Gaast, Chief Information Security Officer

Greg first joined Scoutbee as a consultant and became full-time CISO in September of 2021. He has nearly 25 years of experience in the security industry working roles ranging from intelligence with the US federal government to establishing comprehensive security programs for Fortune 500 companies. He is the author of Rethinking InfoSec and a frequent speaker in the security space.

What’s your role in our InfoSec team? Are you specialized in a particular aspect of cyber security?

My role is primarily a leadership one. It’s my business to understand all aspects of the organization and how my team can best contribute, not just in terms of risk assurance, but overall company performance. As such, I spend a lot of time working on business visibility, organizational health, and creating the right strategy to address our current situation and our direction. This then translates in tasking and supporting my and other teams to ensure maximum effectiveness. This is achieved not just by working smart on the right things, but also on driving morale, cooperation, and productivity.

What makes working at Scoutbee special for you?

Scoutbee is an interesting place for a number of reasons. We are a relatively small company, with extraordinarily large customers, most being household names, with serious demands on maturity and assurance.

Meeting these is challenging enough for most organizations, let alone a smaller one like ours, and we often see corners being cut in similar businesses to tick the compliance boxes. However I’m blessed with a management team that not only wants to do things right, but actually raise the bar and make security a key part of our value proposition.

We deal with a significant amount of very sensitive data including our customers’ supply chain data, but also incredibly valuable Intellectual Property at times. Sometimes our customers don’t even realize this themselves, so it’s great to inform them and pleasantly surprise them about the degree of care we put into it. It’s exciting for me to be raising the bar on what security can do both in terms of assurance and business success, for ourselves and our customers.

Robin Bylenga, Human Factors and Performance Lead

 Robin joined Scoutbee as the Human Factors and Performance Lead as a part of the Information Security team in October 2021 working remotely from London. She obtained her MSc from Royal Holloway, University of London with a specialisation in Human Factors in cybersecurity. Robin is originally from the United States but absolutely loves living abroad!

What’s your role in our InfoSec team? Are you specialized in a particular aspect of cyber security?

The field of Human Factors is not a new field in Information Security, however it is becoming one of the top areas of threat management as we work to teach cyber skills, security culture and create a human firewall – helping our employees become our greatest security assets. I am responsible for growing our security training program and developing our security culture. It is a privilege to be able to work to help everyone in our company become more secure in their personal lives as well within the company. Additionally, I will be assisting in enhancing our risk management from a human perspective, including process engineering, and working as a part of the Security Incident Response Team. 

What makes working at Scoutbee special for you?

Being a part of an escalating brand is exciting. As we grow, there will be many challenges, but also exciting opportunities to be impactful and make a difference. Personally, my job allows me to have many conversations with everyone throughout the company and I am enjoying getting to know the team! Lastly, I am honored to be on such a special Information Security team.

Carlyle Collins, Information Security Engineer

Before his entry into the Information Security field, Carlyle worked as a Forensic Scientist, supporting the justice sector. Presently, he is looking forward to applying all the skills that he currently possesses in developing the Information Security function at Scoutbee and adding new skills to his repertoire.

What’s your role in our InfoSec team? Are you specialized in a particular aspect of cyber security?

My position as Information Security Engineer is a generalist role. My duties include writing documentation, monitoring our environments for any potential security issues and collaborating with other teams in order to not only remediate them but also continuously improve our processes to minimize such occurrences.

What does a typical day at Scoutbee involve for you?

We carry out daily security reviews to check for weaknesses in Scoutbee’s environment. Most of my job entails configuring thes and reviewing the results. If the results suggest remediation activities are needed, I collaborate with the DevOps and Development teams to implement fixes. 

Also, since I’m still new to Scoutbee, a lot of time is dedicated to understanding how the company operates. Only by fully immersing myself in the company then can I understand how to protect its assets better.

What makes working at Scoutbee special for you?

Firstly, all of my teammates have an abundance of experience in the Information Security field. They are supportive and willingly share their knowledge with me which is helping me to develop as an Information Security professional. Secondly, I’m impressed by what Scoutbee offers to the procurement industry. I’m happy I get to play a small part in helping the company succeed.

Fabrizio Di Carlo, Head of Product and Infrastructure Security

Fabrizio is currently the Head of Product and Infrastructure Security for Scoutbee, prior to that he spent 6+ years in the Financial Services Industry where he designed and secured systems for some of the world’s leading financial organizations. Fabrizio holds several industry certifications and a M.Sc. in Forensics Computing and Digital Investigation from University College Dublin with a thesis on Zero Trust Architecture for IoT devices.

What’s your role in our InfoSec team? Are you specialized in a particular aspect of cyber security?

My role is Head of Product and Infrastructure Security, where I look all the technical aspects of our infrastructure and products making sure they are secure for our customers; when it comes down to what kind of specialization, my focus is mostly cloud and networking, even though during my career I’ve touched most areas within InfoSec.

What does a typical day at Scoutbee involve for you?

I am not sure a typical day exists in our field! There is always something new to learn or to play with, plus being in a very cross-functional field means one day you will work on Application Security (code scanning, etc) and another day you work on designing a secure solution and making sure our infrastructure and products are built securely from the ground up.

What makes working at Scoutbee special for you?

Supply Chain is often one of the undervalued aspects of our daily life, however, especially in this particular historical period, we all realize its importance. Scoutbee is working on optimizing the supply chain, making it more sustainable as well and I wanted to be part of this.

Mike Curtis-Dagg, Information Security Commercial Officer

Mike joined Scoutbee as the Information Security Commercial Officer in October 2021 and is based in the UK. He has been working in sales and sales management for nearly 20 years and gained significant experience in commercial negotiations, terms and delivery.

What’s your role in our InfoSec team? Are you specialized in a particular aspect of cyber security?

I’m the Information Security Commercial Officer – For many people that may sound an unusual title, and that’s because it’s a role created especially to meet the needs of our business and our clients. I take responsibility for ensuring not only that we have policies, procedures and tools in place to deliver against our contractual obligations, but that our suppliers and contractors also uphold the same high standards. In addition, I also help Scoutbee communicate its unrivaled security value proposition to its customers.

What makes working at Scoutbee special for you?

I love information security, and Scoutbee is one of very few organizations that truly takes security seriously. In many organizations security is something applied after the fact, as a grudging necessity, but at Scoutbee it’s woven into everything from the ground up with the full support of everyone from the management team down. This level of commitment to information security and makes Scoutbee a refreshing and enjoyable place to work.

What’s the best or most enjoyable part of the work your team does?

Thanks to the way the information security program has been built, we don’t operate as a siloed business unit, but function across all departments. I really enjoy the exposure to other business units and the challenges they face, as it gives me greater knowledge and appreciation of the business and my colleagues.

Rick Johnson, Information Security Analyst

Rick bee-came a member of the hive in late 2021 as an Information Security Analyst for the company. He draws from experience with a wide range of technology, risk, and analysis owing to his previous roles within disparate fields such as the military, aviation, resources (geo-technical), and the tech sector. 

What’s your role in our InfoSec team? Are you specialized in a particular aspect of cyber security?

My role at Scoutbee is Information Security Analyst, although that covers anything from SecOps to Governance Risk and Compliance, plus much in between. While I consider myself a generalist, and more towards the blue team side of things, I do have particular experience and/or certification(s) which transfer well to specific aspects of InfoSec, for example: GRC certifications (ISO27001 and ISO31000, NCSP, CIPR, PCI-DSS etc); maturing of solution capability (such as SIEMs); risk analysis (from roles within highly risk averse sectors); and an understanding of systems and their interactions down to component level. 

What does a typical day at Scoutbee involve for you?

Typical does not exist, which is what I enjoy so much about InfoSec! A day could consist of all sorts, like risk assessment, conducting internal audit activities, authoring or amending documentation, application assessment, discovery, development of tooling functionality, vendor interaction, working upon personal skill-sets, or simply keeping abreast of issues and news occurring within the InfoSec world which may prove applicable to Scoutbee and related parties.

What are you and your team looking forward to accomplishing at Scoutbee?

I am looking forward to continuously improving and maturing every single aspect of information security within the company. Ensuring InfoSec is paramount in everything we do will assist to drive Scoutbee on to ever larger success, plus set the standards others within the supply chain sector must follow.

Colin Rumsam, Security Programme and Quality Manager

Colin joined the Information Security team at Scoutbee in November 2021 as the Security Programme and Quality Manager, based in London, UK. Colin spent a significant amount of time working as a Detective and Intelligence Officer for the Metropolitan police before entering the commercial world where for the last 6 years he has headed up information security, data privacy and compliance programs for international organizations.

What’s your role in our InfoSec team? Are you specialized in a particular aspect of cyber security?

As the Security Programme and Quality Manager, I am responsible for the implementation, maintenance, and continual improvement of our bespoke security framework. This requires a lot of organizational skills, as well as interpersonal skills to engage with key stakeholders across the business. I have a broad knowledge base but also know my limits, so I bring in the specialists when it comes to scoping or implementing technical controls.

What does a typical day at Scoutbee involve for you?

Currently we are overhauling how we manage our security documentation and looking to automate our operational schedule. We are also seeking further industry related certifications.  So, I spend a lot of time planning and implementing the change, baking in automation wherever possible.

What challenges do you face and how do you deal with these?

Aside from the obvious remote working challenges, for me personally one of the biggest challenges has been getting to know how to get the best out of our current tools for planning and task tracking. I have spent many hours researching the capabilities of our tools and also used this knowledge gap as a way to build relationships with others in the business. Some people are extremely proficient with our tools so they are a fantastic source of knowledge.

What makes working at Scoutbee special for you?

My team, my boss, the vision of the company, the growth plans and the ability to put my stamp on things and make a positive difference.

What’s the best or most enjoyable part of the work your team does?

Friday end of the week team meeting and seeing how long we can talk about wine and food!

The Scoutbee approach to information security in proactive procurement will ensure our customers’ data, and our systems remain secure in the face of an evolving threat landscape for supply chains. Please follow our journey to provide state-of-the-art information security on our blog and stay tuned for the next article!

Read about “Scoutbee’s 3 P’s of Proactive Information Security” here.