This page contains a Flash digital edition of a book.
Paul Wood MBE interview Aviva’s


security man


Paul Wood MBE takes care of business protection for one of the world’s biggest insurance groups. He tells Paul Fisher that security success is about changing attitudes, embracing risk and new thinking.


Paul Wood is the Group Chief Security Officer of insurance giant Aviva, a role that takes in not just information security and risk but the physical security for the group also. It’s a big role in a big company: Aviva is the world’s sixth-largest insurance group.


Wood also finds time to “give something back” as a Metropolitan Police Special Constable. “I work in Hackney, which is difficult and challenging but interesting. I find that really rewarding and I enjoy it.”


The view of the iconic Gherkin building from his 21st floor office where he leads a team of 20 is not something he enjoys so much these days. “Blocks my view” he says with a wry smile.


Wood seems at ease in this role and it’s easy to see him calmly dealing with whatever the mean streets of Hackney throws at him. There however he has a uniform, which tells people that he is there to stop the law being broken. End of story.


It's quite, quite different in his day job. At the recent HP Information Security Leaders events Wood told his audience that the idea of information security professionals acting as security enforcers simply doesn’t wash anymore. But sadly this attitude still pervades in most organisations.


“When I talk to contemporaries in other organisations they feel that they’re still not taken completely seriously, and when you talk to senior management, they don’t really understand technology because it’s not something that they’ve


had to understand. They perhaps understand how it might enable their business but they don’t necessarily understand the intricacies of it. And, again, when you talk to people about security, they think of the guy on the door, they don’t think of the sorts of things that we get involved in on a day to day basis.” he says.


And Wood gets involved in a lot things besides information security. “I have business continuity and disaster recovery planning, health and safety at work, which is new, and data protection, which is also new” he says.


He says that he has been trying to align his group so that they weren’t seen as the internal policemen and move the terminology to be much more meaningful thing to the business.


Inform – Issue 5 | 2011 13


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28