Each month, we celebrate the real heroes – leaders who wage their silent battles in the digital realm. Protecting our data, our privacy, and ultimately, our way of life. Join us as we delve into the world of a chosen MVP, generally filled with sleepless nights, strategic coffee breaks, and unwavering dedication.
We’ll peel back the layers and discover what makes this cyber leader tick. Prepare to be inspired, challenged, and maybe even a little in awe of the quiet heroes who keep our digital world working and safe.
—
I’m Jon Mallett. I’m currently head of IT at Castel Underwriting Agencies Limited where I’ve been for two years and a week. I’ve been in IT for forty years now, which is a bit scary. My interest was driven by my father who was an engineer at ITN, he bought home a BBC model A in 1980 something – I tinkered with that and that kind of started that interest.
I went to college, and I found that after learning about computing at the time, I was more interested in that and was lucky enough to get a placement at the local company in their IT department for a while. I was just seventeen, and it kind of went from there! I think what drives me is resolving problems for people, to make their lives better and easier, and that’s been in me since the very beginning. As technology’s evolved everything else has evolved as well around the world.
I’ve been in this game for 40 years, I spent most of it in insurance in various guises. From loss adjusting to white label products and broking right the way through. When it came to cyber security, everything really started to happen in the late 90’s when we began implementing things like firewalls and trying to protect our assets. It was about actually understanding that we were threatened all the time and how much that had grown over the years.
The wider world really doesn’t appreciate how much is actually involved and how much threat is out there – how hard we work to protect them! The simple cases of “oh sorry, I’ve just clicked on it, I didn’t think it’d be a problem” lead to you spending a whole day unwinding a problem can be frustrating. However, I like to think about what I can do to stop that circumstance happening, and if it does happen, then what alerts and what processes can be in place to be able to resolve it quickly.
And that’s kind of really my journey, I’ve been in IT management for 27 years now. I have held the position of IT director, and I’ve been head of IT. I’ve worked pretty much all over the world, particularly around Europe, the Nordics, Australia for a bit. I’m back in the UK and I love what I do, it gets me out of bed every day!
What were some of the early challenges or obstacles you faced in your career?
It varies, for my first job in the 80’s there were two of us in the IT department and then I went and worked for CNA where there were a lot of people in IT. I then went to CMGL, there were four of us to start off with and I grew the team to 35 – that was made up of support development, and then I drove global presence as well. So, where I find myself today, I’m part of a two-man team in IT and we’ve got Babble supporting us all the way. They’ve really come on the journey with us since first signing up in 2015/16 as TechQuarters. Castel have been on a big journey this year with migrating all of their networks to Babble, moving all the security to Babble too, and it’s been a real success. I can sit here quite comfortably knowing that what we’ve implemented is way better than anything that’s ever been in place before. If anything, it’s probably leading our market space because it is so good! Having the resources to back me up and add that technical edge and thinking is just so vital to moving IT forward.
Can you walk us through a typical day in your role as a cyber security leader?
I don’t think there is a normal day! I normally start my day by checking that everything is working. All the monitoring is up and making sure that there’s been movement and progress made with some tickets, then I can move into some project work.
I ensure that the right parts are getting pushed along and then spend some time looking at the security, what can we do, what can we change. It can be anything from application progression to infrastructure progression for what we’re going to do next – why is this going wrong? what can we think about to do something different? Why is all that space on the network just suddenly disappeared because someone’s hit a button over there? It’s so varied, today I went into the office because I needed to work with the open rig engineers to put in the new circuits and then working with you guys at Babble to work out why Rotterdam was having a problem, and then an MFA problem and a password lockout problem too! So, you know, that’s kind of a really good example of what a day looks like.
What are some of the most rewarding aspects of your job?
I think it’s an opinion of what I think the challenges are – providing the best possible service so the company can be successful is my biggest challenge and getting people to understand that I’m not just doing it for my own good, I’m doing it for their good – when that happens it’s rewarding.
The things I find most rewarding are making sure that people are happy and they aren’t moaning about IT – no one ever says thank you really, but the fact that they are not moaning means that it is working well.
Getting projects over the line, the infrastructure project we’ve been doing in particular, getting those over the line is just so rewarding. And seeing what an improvement that makes to our estate, again, not entirely visible to any in the organisation unless you’re actually in the game. but again that’s what gets me up in the morning!
What is one of the most defining moments in your cyber security career?
I think the biggest switch in my career was when I was 30. I’d previously been an analyst programmer moving into management and the organisation at the time suddenly grew to be global. Managing that transition for the company, that was one of the biggest moments in my career.
I think another pivotal moment was the first time I managed to get all of the equipment out of an office and into a data centre – that first progression of proper outsourcing of infrastructure was quite significant to me. I think those were the biggest moments for me.
How would you explain your role to non tech people?
I think it’s about explaining it clearly. It’s the translation between the tech people and the business that will help you to be able to get over your message. I’m not really that technical but I can be quite social and funny at times which helps!
Presenting your opinion and explaining what the output could be, the reasons why, and just doing that clearly. We’ve gone from “I need this money” to “this is the result” and they see it. It’s building that trust. You always have to build the trust when you start a new job and people always wonder “Well is he going to be up to it and does he know what he’s talking about, does he understand our business?” You know, that takes time and the only way to do that is to prove yourself by implementing things properly.
What is your take on the current state of cyber security and the evolving threat landscape? What advice would you give to aspiring cyber security professionals?
I think the current situation is actually pretty scary. AI is going to be a challenge because it’s harder to keep up with what that can do. I think back to when we were looking at bots that would trying to get into anybody’s internet facing devices, but now it’s become so much more intelligent and so much more capable to go further than that.
Keeping up with this is the scary part. But on the flip side of it, suppliers like Microsoft Defender product and things like that, are maturing really quickly with their own AI. They have their own capabilities of alerting, getting the granularity of data and understanding how to resolve it automatically is fantastic, but there is always going to be that gap.
Business leaders will say “Well how can we use AI? How can we use ChatGPT?” and “What can we change because of this technology that’s available?” Yeah, it’s really exciting that we want to push forward and get the efficiencies and all those good things, but are the foundations correct now before we push too hard forward? Yes, it’s exciting, yes it can deliver at a bottom line, yes, it’ll be great but if you left the door open over there because it’s not interesting then it’s going to fail.
How do you stay focused on delivering value when so much cyber security is about making sure things DON’T happen?
I think always be attentive and ready to react. I think a career in IT will be a fantastic move for a young person coming out university – it’s such an interesting topic and how it’s developing so quickly is exciting. It’s not one of those things that you can pick up and put down, you need to be completely in IT. You’ve got to really invest your life into security.
Being able to communicate is absolutely essential, being driven. I’m sometimes described as getting things through with a shovel rather than with a pen because it goes back to the old days!
I’m determined to make things happen which invariably works but sometimes you do get caught out. It’s about being driven and being invested in IT that will get you to where you want to be. So having an understanding of how the business works and how to communicate with the senior users and the day-to-day users is absolutely key – banter is quite important as well.
How do you balance the demands of your job with your personal life?
I think I’m quite good at it. I work from home quite a lot, so I sit down here at 7 o’clock in the morning and I may finish at 9 o’clock at night but you can have a break of an hour to cook dinner and spend time with the kids. So I don’t think I’m probably the right person to ask about the work life balance! I go on holiday and I’m on my phone every day – I’m always on because I have to be!
