Louise Dunne is co-founder and CEO of Auriga Consulting – cybersecurity advisors to high-level government departments, and strategic partners to identifi Global.
Louise’s lifelong experience in ethical security and assurance – she’d rather not say ‘cyber’ – has given her a unique perspective on the industry and what it needs.
identifi: To start us off, Louise, how did you end up in cybersecurity?
Louise Dunne: I actually wanted to be a cop – I was a cadet and then a special constable – but early on I realised I wanted to do something that was in the orbit of police work, but on the ethics side. I started out with a company that’s now known as Kroll Ontrack – a data recovery firm, specialising in forensics analysis, working with the police and intelligence services. We’d take devices that were seized and extract electronic evidence from them, and we had to go to court and tell them how.
Alongside Adrian Palmer, I helped build Kroll Ontrack’s global electronic evidence services, and then I moved on to start my first Company Evidex – which trained police officers on how to follow chain of custody procedures. I did a number of years with Information Risk Management in London, five years retraining and consultancy as a cyber professional, and then in 2012 I started Auriga.
identifi: So – why does Auriga exist?
Louise: It started when I was working on the National Offender Management System – putting together prisons and probations systems and services. It was a total merger – building, people, process, systems – with very strict data protection and security guidelines, and some soft skills challenges in getting the departments to work together culturally.
I came in on the business side, Jamal was technical, Paul Boam was operational security. That dream team looked at how the delivery was going across the project and I remember saying to Jamal, “we could do this better.” So we set up the company – although Paul left in the second year to take a PhD. Jamal and I kept on recruiting and growing.
You may like: Interview: Darren Argyle, former CISO Qantas Airlines
Our services follow a journey, which we break down into three stages. The first is strategic – boardroom and business transformation consultancy. The second is Risk Management, Governance and Compliance as well as technical architecture, design – and implementation. And the third stage is monitoring and SOC services. The only SME in the UK who have designed our own SOC using in-house developed IPR.
identifi: And you guys have just launched a new product – Cybergator?
Louise: Yes. CyberGator is a product in essence a decentralised SOC , pitched at SMEs who are spending around £10k on IT per year. They don’t want to pay more for advisory on cyber security in addition to that. I wanted to build something that was cost-effective, easy to use, could be used internally even by SMEs who outsource their IT, and could start at something sensible like £10 a month.
identifi: Sticking with the SMEs – are they up to speed on cyber matters, or lagging behind?
Louise: Really lagging behind. A lot are trying to get their head around ‘cyber’ – a term which is a real bugbear for the industry, to be honest. It was made up by marketeers – and I can see why they did it – but it describes a market that’s full of different skill sets, capabilities, business requirements and responsibilities. We prefer to say ‘information assurance’ or ‘security’ when we talk about our work – calling it what it is.
Beyond that: budgets are a big factor. Legislation that’s put upon them is a big factor – GDPR is a prime example. Most of them are worried about where they put their data and how they store it, and they know they’re vulnerable in court proceedings if they don’t have a watertight system there.
They’re also aware that unethical hackers – the black hats – use small business’ systems to commit crimes, because their infrastructure is often vulnerable. And these small businesses don’t have time to patch – they don’t always know what patching is and how to achieve it. They know that the threat exists, but not exactly what it is or how to manage it.
identifi: And how does Auriga go about helping them?
Louise: I’ll give you an example: it’s about GDPR, of course. The whole industry has jumped on GDPR. It’s such a cash cow, because people – especially SME leaders – are aware of it but don’t understand it, so people can say, “you’ve got to spend thousands of pounds on getting ready, because it’s legislation” and be believed.
We buck the industry trends. I tell people, “stop panicking about it.” If you have your ISO certifications in order – which means you have 9001 and 27001 – you’re halfway there.
Beyond that, our USP is security – that’s all we do. We don’t upsell into “hey, look at our cloud storage” or “look at our data room”.
We’re an SME ourselves, we’re endorsed by government – there isn’t a department in Westminster that we don’t work with – and if we’re good enough for homeland security, we’re good enough for anyone.
identifi: How do you go about recruiting to keep up that standard?
Louise: Well – we don’t use any other recruiters. Present company excepted, they’re worse than the bloody estate agents. One firm we worked with sent over a CV to someone here who had no authority to recruit; HR got hold of that CV and rebuffed it.
Five months later, we actually employed that person for eighteen months – but because there was a month left of some imagined six-month covenant when we hired him, the recruiter actually took us to court. Their name is PeopleSource. Bear in mind that when they sent that CV in we hadn’t interviewed him, we hadn’t responded, we hadn’t signed anything – they’d just seen a grey area they could jump on to make some money.
identifi: What’s different about working with us? Apart from us not taking you to court, obviously…
Louise: We have an exclusive arrangement with identifi – a true partnership.
I do a forecast per year for my recruitment against our growth and utilisation of delivery, and pay a static fee per month to identifi. That means I can forecast finance behind recruitment, rather than have lots of different levels to pay at different times. It’s a retainer, effectively, for Pete – who actually placed me on the NOMS project, back in the day – so he’s known Auriga since the very start. He knows me, my vision, and the direction for the company.
Pete’s a dedicated account manager who supplies all our personnel for cyber security – and none for HR, sales, admin or finance. He knows our business inside out, so he’s bloody efficient, and he can be upfront. If he doesn’t think he can achieve something, he’ll tell me, and it is written – I don’t have to think about it again.
We take on about seven people a year – junior consultants, consultant senior leads and principals. Pete knows the sort of personnel I need for each level, he gets me the CVs, and we generally recruit seven out of ten of the people he sends me.
Our thanks to Louise for her insight – and for not being afraid to speak her mind. To find out more about opportunities with Auriga (or any other role for that matter), take a look at our current jobs. Or call 01908 886 048.
