Blog · 05 Apr 2018

Security insider: The last line of defence

Meet the person in charge of the team that’s the last line of defence when it comes to BT’s cyber security.

profile-picture
CERT team lead

Securing the security business

In the last instalment in our series on life in cybersecurity, we took a look at Konstantinos Karagiannis and his role as an ethical hacker — testing the systems of our customers by trying his best to break into them. This time, we’re taking another angle and exploring what it takes to secure our own networks.

Specifically, we’re looking at the work done by the lead of our Third-Line Security Operations Team, Amy Lemberger.

The last line of defence

It should come as no surprise that a company as large as our own, that’s responsible for the personal data of millions of customers, is a target for cyber criminals. So we take every step possible to keep our networks secure. And one of the people responsible for that is Amy.

It’s not a responsibility we’d put on just anyone. But with four years’ experience as a Forensic Computer Investigator for Greater Manchester Police, and five years working in our Computer Emergency Response Team (CERT), we know she’s more than qualified for the job.

Amy now leads our Third-Line Security Operations Team. It’s essentially our last line of defence against cyber attack. If a threat manages to get past lines One and Two, Amy’s team are the final hope for stopping an attack in its tracks.

Attacks on the rise

The challenges faced by Amy and her team are vast. Cyber crime is becoming better equipped, better funded and easier to do by the day. In fact, an attack that would’ve taken a serious amount of skill to pull off just a few years ago can now be undertaken by just about anyone with access to a PC. And all of this means Amy’s job gets harder on a daily basis.

Of course, she’s not alone. Research and intelligence from our Security Operations Centres (SOCs) help to define what threats to look out for. And her team is made up of security experts who are dedicated to ensuring our strong security posture. What’s more, the team also includes recent graduates, as Amy understands the need to train and create the next generation of security professionals.

How it helps our customers

Amy and her team go above and beyond just securing our systems. When the WannaCry ransomware attack hit in 2017 we avoided it thanks to a stringent patch-management process. Many NHS trusts were not so lucky. But as Amy’s CERT has links to CERTs run by the NHS, she was able to lend a hand to the health service in overcoming the disruption.

Amy’s job is a tough one and requires a huge amount of skill, expertise, experience and hard work. But, according to Amy, it’s worthwhile. The resolution of a problem brings equal measures of pride and relief. And although no two days are the same, Amy thrives on the lack of routine.

Find out more

Compare what we found out about Konstantinos and his role as an ethical hacker with the job done by Amy and her team and you start to get an idea of the variety of responsibilities you find in cyber security. Each element is as important as the next — and they all need to work together to create better security as a whole.

Keep an eye out for the next instalment in the series, where we’ll explore huge responsibilities inherent in leading BT’s threat intelligence.

And to find out more about Amy and her role in our cyber security, make sure to watch this video interview with her today.

Related content

Blog
Security insider: Curiosity killed the cyber attack Find out what it really means to be a Chief Security Officer here at BT — in our ‘Security insider’ series.
Blog
Security insider: What it’s like to rob a bank Working as an ethical hacker, Konstantinos Karagiannis gets to take the role of the ‘bad guy’ — breaking into banks. We explore exactly what Konstantinos does.
Blog
Security insider: Taking the lead in threat intelligence Find out what it means to be a Head of Threat Intelligence and how our own, Melanie Johnstone, helps to protect us from cyber criminals.