Education

I was pottering about (not like a wizard, more like a cold infected zombie!) and an email hit my mailbox with the “Head of Cyber Architecture” at BA. I have no intention of applying but I thought.. I wonder if this is a good exercise to show people how I would go about the exercise? Well to even begin this I need to write down some notes. So I guess here we go… how far I get into this “fantast football” style scenario who knows, but hopefully it will show some people how I might do things! First up let’s look at the raw requirement:

Job Description

Head of Cyber Architecture
This is a key time to be joining British Airways as we Build a Better BA. We take huge pride in our past – but we’re looking to the future as an airline that loves embracing the best of modern Britain. Our country’s creativity, diversity, style, wit and warmth are the same special qualities that make us who we are. If you’re made of the same qualities as us, you could soon be part of the next chapter of our story. Together as one team, we’re connecting Britain with the world and the world to Britain like no one else   We have a brand new Head of Cyber Architecture role, with an opportunity to demonstrate your cyber experience and further develop your career. What’s more, if you like to travel, you can make use of your flight benefits to travel the world too!   This role reports to the Director of Cyber & IT Risk for British Airways and you will work closely with multiple partners across British Airways and IAG Tech to embed security by design in a varied and sophisticated technical landscape.   You’ll be using your experience of cyber security design requirements to produce reference cyber architectures, patterns and standards which can be used by our Cyber Delivery Assurance Lead’s to enable security and privacy by design in all BA product and project delivery.   You will represent BA Cyber on the group Architecture Review Board, Foundational Architecture Board and work closely with the Cloud Centre of Excellence. You will manage a team of cloud and digital cyber specialists as well as security architects to support BA’s cyber strategies, mentoring and building cyber design capability within the BA Cyber team and broader IAG BA Tech delivery teams.   If you are passionate about cyber security and aviation, have high attention to detail, enjoy complex environments, are pragmatic and collaborative, all while communicating effectively and positively to gain buy in and commitment, then this is the role for you!   Our Corporate and Support roles come with big potential to make your mark on our business. The airline industry changes so fast that we’re constantly evolving and finding new ways to impress customers and get ahead of our competitors. If you’re an innovator and brave and bold thinker, you will be in your element at British Airways.   Your impact on British Airways will be rewarded with a competitive rewards package plus the opportunity to develop and progress your career in many directions.   Not only will you have the chance to further your career development within BA, you’ll have access to our competitive reward and benefits package. This includes core company paid benefits such as a Defined Contribution pension scheme, generous Life Assurance cover and a whole host of options to support your physical, mental and financial wellbeing. You can also sign up for a range of voluntary benefits such as Private Medical cover, Dental and Critical Illness cover, Technology Scheme, Cycle to Work and Electric Car Scheme. And of course, you’ll be able to enjoy the benefit of staff travel as soon as you join us   We are an equal opportunities employer and value diversity at British Airways. We do not discriminate on the basis of race, religion, age, marital status, veteran status or disability status. This job description is intended to convey information essential to understanding the scope of the job and the general nature and level of work performed by job holders within this job. However, this job description is not intended to be an exhaustive list of qualifications, skills, efforts, duties, responsibilities or working conditions associated with the position.   N.B. We reserve the right to close a vacancy before the closing date in the event of an overwhelming response or a change in business priorities

Steps to Take

If I was going to apply to this role I would review the description/requirements. Then I would:

  • I would tailor my CV (ok I don’t actually have on of these but I would write one if I was applying) based on this requirement
  • I would ensure key words were mirrored.
  • I would provide examples of historic projects/roles where I have achieved the same/similar business/security outcomes.
  • I would probably/possibly write a covering letter or paragraph (I’m not overly verbose/flowery with wording but its probably a good idea to highlight interest but also maybe add references to online resources (LinkedIn Profile/Blog/Mentions in Media Outlets etc.)
This is a key time to be joining British Airways as we Build a Better BA. We take huge pride in our past – but we’re looking to the future as an airline that loves embracing the best of modern Britain. Our country’s creativity, diversity, style, wit and warmth are the same special qualities that make us who we are. If you’re made of the same qualities as us, you could soon be part of the next chapter of our story. Together as one team, we’re connecting Britain with the world and the world to Britain like no one else   We have a brand new Head of Cyber Architecture role, with an opportunity to demonstrate your cyber experience and further develop your career. What’s more, if you like to travel, you can make use of your flight benefits to travel the world too!   This role reports to the Director of Cyber & IT Risk for British Airways and you will work closely with multiple partners across British Airways and IAG Tech to embed security by design in a varied and sophisticated technical landscape.   You’ll be using your experience of cyber security design requirements to produce reference cyber architectures, patterns and standards which can be used by our Cyber Delivery Assurance Lead’s to enable security and privacy by design in all BA product and project delivery.   You will represent BA Cyber on the group Architecture Review Board, Foundational Architecture Board and work closely with the Cloud Centre of Excellence. You will manage a team of cloud and digital cyber specialists as well as security architects to support BA’s cyber strategies, mentoring and building cyber design capability within the BA Cyber team and broader IAG BA Tech delivery teams.   If you are passionate about cyber security and aviation, have high attention to detail, enjoy complex environments, are pragmatic and collaborative, all while communicating effectively and positively to gain buy in and commitment, then this is the role for you!   Our Corporate and Support roles come with big potential to make your mark on our business. The airline industry changes so fast that we’re constantly evolving and finding new ways to impress customers and get ahead of our competitors. If you’re an innovator and brave and bold thinker, you will be in your element at British Airways.   Your impact on British Airways will be rewarded with a competitive rewards package plus the opportunity to develop and progress your career in many directions.   Not only will you have the chance to further your career development within BA, you’ll have access to our competitive reward and benefits package. This includes core company paid benefits such as a Defined Contribution pension scheme, generous Life Assurance cover and a whole host of options to support your physical, mental and financial wellbeing. You can also sign up for a range of voluntary benefits such as Private Medical cover, Dental and Critical Illness cover, Technology Scheme, Cycle to Work and Electric Car Scheme. And of course, you’ll be able to enjoy the benefit of staff travel as soon as you join us   We are an equal opportunities employer and value diversity at British Airways. We do not discriminate on the basis of race, religion, age, marital status, veteran status or disability status. This job description is intended to convey information essential to understanding the scope of the job and the general nature and level of work performed by job holders within this job. However, this job description is not intended to be an exhaustive list of qualifications, skills, efforts, duties, responsibilities or working conditions associated with the position.   N.B. We reserve the right to close a vacancy before the closing date in the event of an overwhelming response or a change in business priorities

Now If I was doing this for real, I’d also have mirrored the wording around the remaining areas as well (if they fit me, if they didn’t I wouldn’t because I honestly have better things to do in my life than be fake!)

Status Report

Ok so far:

  • I have taken a quick look at requirements.
  • I have documented these, analysed them, and come up with key requirements.
  • I have tailored or built artifacts to capture requirements and created artifacts to outline how/if there is a suitable match between requirements and experience/skills and capability.

(I changed all these to I from WE because I naturally approach things as a team, and I don’t really get along with “I” but people that interview people can get funny about this!)

Hack The Planet

Great ok, boring part out of the way, the next stage would be to do research! Since I’m a hacker (you know legal scientist who does hax!) we would need to do some research. I’m not going to do this but I will outline roughly what I would do at a high level:

  1. Find who I would be reporting to/interviewed by
  2. Download BA’s annual reports and read the relevant sections
  3. Conduct passive discovery against BA’s internet surface
  4. Conduct research against BA’s regulatory landscape
  5. Conduct research against BA’s historic incidents
  6. Look to identify attack surface, technology deployment, supply chain and people
  7. Look to identify size/scale/complexity
  8. I would do threat research to look for vertical and specific threats (e.g. Aerospace and the target org)

I would be trying to get a feel for the organisation, its people, its posture, it’s business architecture and it’s security posture.

Once I had done enough (a reasonable amount probably at least 5 cups of tea’s worth!) of OSINT I would also them moving to HUMINT. I would start trying to locate contacts in the target org, I would also look to leverage my network to find contacts in the org but also look to friends on competitors or adjacent industries.

Clicking the Apply Button

Once I had built up a decent understanding of:

  • The org
  • The challenge
  • The landscape

I would then check if this felt like an organisation I would want to work for, that’s a really important question. If you are going to work somewhere, you probably want to work somewhere that is going to at least have some hope of enabling you to be happy. My life force (time) is highly important and so is others, so making sure I even want to go through a process of form filling, interviews let alone “move in” to an organisation to me at least would be no light decision.

Fire the Lasers

Now if you are really hunting for a role you might do a lighweight version of this then apply, if you get into round 1 you might be more thorough, you need to balance time investment with personal goals and objectives (I’m super fussy when it comes to who I’d work for (I’m quite fussy who I work with as well but the approach is different for consulting as you position means your aim is to leave!)).

Then I’d hit the apply button etc.

Summary

Well that’s not very long, there is tea to be made and baddies to chase, but hopefully it gives some insight into how I look at things. Job hunting is possibly one of my least favourite parts of my career, it’s a dreary awful experience largely, so if you are going to apply for something, me personally, would do loads of research, after all, applying for a job is a 2 ways process, you both get interviewed, but you should also be interviewing back!

If you are a job hunter, I wish you well with on the journey, if you are just here to read my ramblings, hopefully this was useful, you can apply this general approach to lots of other areas! #HackThePlanet