Gareth Hawkins Director Risk Advisory at Dotcom Security Solutions (Pty) Ltd, is passionate about cyber security, particularly the pace at which it evolves, and even more passionate about providing relevant, business aligned cyber security solutions that go beyond technology and encompass the people and processes that form an integral part of the collective cyber defence strategy.
Dotcom Security’s mission is to guide customers down a path where cyber security control objectives take precedence and service objectives, which encompasses the infamous people, process, and technology trilogy, are mapped together with measurable ‘metrics that matter’ in the form of technical and non-technical controls.
Below are the highlights of the interview conducted between the World’s Leaders and Gareth Hawkins:
How does your background and experience align with the role at Dotcom Security?
In terms of my background and what shaped my view of the world, the best place to start would probably be my childhood. I grew up in a household in which the law, and particularly fraud, was a general topic of conversation. My earliest memory of my father’s occupation is walking into a police station at the age of about six years old where he was the commanding officer. The images that will forever be forged into memory were images on a photo board showing various ‘necklacing’ cases that were being investigated. ‘Necklacing’ was a practise where, through mob justice, a car tyre is placed around the victim’s neck and then set alight with a fire accelerant. Apartheid crimes on either side of the divide were unfathomable to me as a child, and I just knew it was something that had to be eradicated, period!. This is where my rebellious behaviour against the so called ‘authorities’ and ‘societal norms’ was born! This is also when I decided that the police force will never see me and decided cyber security is the way.
How would you describe your management style and philosophy?
My management style is simple, I don’t manage. I encourage you! Life is full of opportunities which are shared amongst those who are willing to participate in the achievement of a common purpose. My purpose is to help others achieve their goals by any lawful and ethical means at my disposal and within my realm of control. Through this very simple philosophy, a compounded effort behind achieving an objective dramatically improves the probability of overall success.
What are Dotcom Security’s cyber security solutions for hardware and software? How efficient is your organisation from an operational standpoint?
With any cyber security program, there are fundamental stages to go through, from planning through to maturity, which encompasses governance, risk, compliance, implementation, as well as the management of technical security controls. This includes the management and automation of standard operating procedures where feasible.
One of the recognisable nuances in our engagement model is that we allocate Risk Managers, certified in control audits, and Enterprise Success Managers to the customer’s engagement team to ensure all services are delivered in accordance with the customer’s control objectives as well as the relevant privacy and data protection requirements. The ISO27701 Privacy Information Management System is the base of reference for all services we deliver.
In a nutshell, we are proficient in the development and management of cyber security programmes which starts with identifying the relevant control objectives. This is followed by establishing a catalogue of services encompassing the appropriate technologies, security engineers and risk managers to implement and manage all technical and non-technical controls effectively in a single program. This is offered to our customers as a Virtual Cyber Security Office which augments their capabilities to manage the programme at a fixed subscription fee for the duration of the program, which is generally a three year program.
According to you, what is the most significant barrier for business leaders in the tech sector?
Too often we find organisations going down the tech industry’s path as it promises to deliver wealth and riches, which ultimately becomes the all-consuming purpose with the best-intentioned strategies left in the wake of shareholder expectations. Business leaders need to define their purpose, drive that purpose, always remain true to your purpose, and never buckle to the demands of revenue generation through ‘business as usual’ models. There is nothing usual about business today! Not only have we been limited in physical movement through an unprecedented global pandemic, but we are further limited in what data we capture, store and process as we continue to see the aggressive global progression of individuals and business’ privacy rights and the enforcement thereof.
The business should be able to bottle their purpose and value to be sold as a package, preferably as an on-going subscription demonstrating an on-going relationship of mutual value.
What’s the greatest risk you’ve taken as a professional?
Although I always knew we had the right strategy and strong vision in terms of how a true cyber security partner should operate and execute services, the greatest risk was the decision to turn to the industry and boldly say, “We are getting it wrong!” The problem with that statement is there are thousands of shareholders that will disagree, as their balance sheets reflect positive numbers albeit at the cost of their customers’ material risk reduction.
Does your organization’s corporate responsibility strategy match the availability of your current resources?
Due to the skill sets within Dotcom, there are numerous areas we can contribute to, with key
focus areas being cyber bullying, cyber extortion, sextortion, and any other cyber related offence that the general community has little to no education or awareness of. We are in early stages of planning our first programme focused on youth esports teams which is accompanied by security awareness for pupils so they can be more aware of the likelihood of them being a victim of cyber bullying or possibly identify the propensity for a pupil to be a cyber-bully.
Where do you see your company in the next five years?
As part of our borderless ambitions for the next calendar year, we will be providing a platform for suitably qualified independent information security and risk consultants across the world to offer world class cyber security services to their customers. This will allow them to both manage their customers’ cyber security maturity and efficacy as well as have visibility of their wallet share based on the overall revenue generated from the service objectives. Dotcom will have fully operational points of presence that “follow the sun’ by 2025 as we occupy conversations in most analysts’ boardrooms as the new kids on the block, even though we collectively have almost 200 years of experience within the team. Through sheer persistence, the intention is to elevate the conversation to where it should be.
