Hugo, you are at a party and someone asks you what you do as a Business Security consultant. What do you answer?
“Party? What’s a –? Oh right, an activity from the Before-Corona-Time. At parties, my answer is usually: as an Information Security Advisor, I help model information security processes and measures in organizations.
But whatever I say about my role at Northwave, I want people to know that we, as consultants, unburden our clients. Every client faces unique challenges in their own environment and with specific factors (technology, stakeholders etc.). And we can help to navigate these challenges because we know the bottom line at Northwave Business Security. We understand what organizations need and don’t need when it comes to information security.”
What is the most exciting part of your job?
“The moment it clicks. And by that I mean the very second I realize I truly, deeply understand what the client needs. That is the moment I know I can accomplish meaningful improvement.”
What does a daily working day look like?
“It’s hard to state some kind of average day. But I would have to say I start the day with usually one or two meetings. Sometimes that’s like a stand-up, sometimes it’s more like a steering committee meeting. In it, we decide what we will be doing this day/week/month. We decide on a planning and discuss the challenges we are facing.
Then, it comes down to meeting the right people at the right time. Often times I’m speaking to different departments, in order to find a feasible solution to a problem. That means doing the homework and coming up with a plan.
It can be a challenge balancing multiple projects and staffing assignments, but that is also where the beauty of the job really lies. We meet a lot of new people in our work, and it is definitely one of the enriching parts of being a business security consultant.”
Can you tell us something about a recent project you worked on?
“Sometimes, you get to a client and it is basically all in order. However, there are some steps to be taken before the client can be ensured of continuous improvement.
But sometimes, you arrive at the client and they show you the grounds. Only to see there is nothing on the grounds. I have recently completed a project where basically an entire department needed to be built, in order for security to even begin to function properly. Because when you fulfill a security role in an organization, you will often be the first person to notice missing maturity in some areas.
For example, as the security department, we would need to assign owners to security measures. This could be anyone in the organization, as long as they are able to implement and manage the specific measure or project. However, in our search we find assets that are not really owned by anyone. This ends up opening this whole new discussion about who should be doing what in the organization. Which are fundamentally valuable discussions. And I noticed that when my time at this client was up, I had created a blueprint on how to facilitate information security in major processes.”
What is the Business Security Team like?
“Currently, the team is a little north of 20 people and growing. It is a lot of fun being able to toggle between various projects with different colleagues, sometimes in duos. We are trusted with a lot of freedom in our activities and how we manage our time. Some of us focus on security management (with ISO27001 in mind, mostly), some focus on privacy, some have a technical background but felt a calling to our department.
We like to do stuff together, although corona has left us unable to fulfill my lifelong dream of going bowling with the team for the second time. I’ll think about that next time we’re dancing on the SS Rotterdam after a great day of tours, scavenger hunting in tuktuks and eating delicious food”
Would you recommend others to work at Northwave, and why?
“Hell yeah! At Northwave, we care about the people around us. We care about doing the work properly and going the extra mile. We care about information security and we deeply care about the company.
Northwave believed in me when they didn’t have to. It is possible that I didn’t even believe in me back then. It is a beautiful company that can both be a strategic partner to big corporate organizations as well as a ragtag band of friends making the best of a really good idea.”