in online threats and advanced attacks”, he adds.
Second on the list is consumer information protection. “Consumers are very sensitive to their own personal information leaking now, so you’ve got to treat it the same way you do payment card information”. Third, he lists the protection of intellectual property. “It’s no secret that we’re seeing a lot of attacks on our intellectual property from China”, he says. Mott can’t resist listing one more threat, which in the long-term may just prove to be the most damaging of all. “Talent within the security industry is becoming increasingly diffi cult to fi nd, particularly deep technical talent. As an industry, we need to fi nd ways of attracting more people into the business. So many thousands of young people are taking certifi ed ethical hacker courses, but we don’t generate any interest in doing courses teaching students how to protect your system. So we’ve got hundreds of thousands of people who know how to hack, and only a handful of people who know how to protect.” This is a very real and startling threat to the industry.
Man on the Move
When Mott and I meet, he has been living back in the UK for just over a month. He’s British, but has spent time living and working in California and Zurich, Switzerland, during his tenure at EA. “It’s very important to get international experience and spend time at HQ. To be able to wander over to your C-level offi cer’s desk and have a casual discussion about something, or get their buy- in, is very benefi cial. “You also get to see how the business runs
in different cultures and different regulatory environments, which is very important for the CISO role”, he explains. “On a personal basis, I fi nd it very
fulfi lling”, he says of his experience living in different countries. “My travel schedule is pretty hectic – I spend 60% of my time travelling. You need a very good support network at home to be successful”, he says with a smile.
16
A lot of his travel takes him to Bucharest, Romania, where 60% of his information security team reside. In 2009, Mott set up a security operations team to deliver all of the traditional central security services. The decision to set this up in Romania, he says, was an easy one. “It’s cost-effective, but from a talent perspective, we can hire some very, very good security talent in Romania”. This team is responsible for all level-one response and everyday repeatable tasks, freeing up Mott’s subject matter experts to concentrate on the specialist tasks. “It was an opportunity to get very dedicated staff – people that really value their job. Of course, Romania is cheaper than hiring in the UK, but that wasn’t the major thing. The major thing was the talent.”
his biggest achievement at EA. “That was a game-changer for us”, he says. “It allowed all my specialists to focus on their specialization, and the talent development is really satisfying.”
We need to find ways of attracting more people into the business….we’ve got hundreds of thousands of people who know how to hack, and only a handful of people who know how to protect
Mott reports into the CFO, and has four directors report into him. The four directors head up the four security pillars in the business: intellectual property protection; governance risk and compliance; corporate security; and program ‘Aphelion’ – a code name for EA’s response to cyber threats. The Romanian security operations team then sits as a horizontal beneath those vertical pillars.
Game Changer In fact, it’s the launch of the Romanian security operations team that Mott considers
Coming a close second in his achievement hierarchy is the program EA runs in North America called ‘year up’. The program gives disadvantaged young people work experience for three to six months. “Being involved in that program is probably the best thing we ever did for society. I think any CISO should have a bigger goal around what they do. It might be at a community level, it might be at an industry level – it might be even as high as a society level.” With such admirable achievements under his belt, I ask Mott whether it’s time to move on to a new role with new challenges. “The minute I think my work is done here and the succession plan is in place, it will be time to hand over the reins”, he reveals. “Maybe one day I’ll wake up and just feel a little bit de- motivated. That’s when it will be time to go.” Mott assures me that he doesn’t feel like leaving at the moment, “but, you never know, tomorrow might be that day”, he answers honestly. “There’s still a great deal to do in a very dynamic threat environment. We haven’t fi nished our work by any means, not that we ever will fi nish it”, he considers. When the day does come to check out of EA, Mott predicts it will be a start-up that will lure him. His entrepreneurial ambition would remain in the realm of the information security industry he tells me, insisting, “I’m not going to make fairy cakes or anything.”
He also allows his ambitions of teaching or writing to be spoken aloud. “I don’t know how I’m going to get the time, but that would be something I’d like to end up doing.” I have no doubt that with his experience, intelligence, and easy-going and kind nature, Mott would make a wonderful teacher. In the ninety minutes I spent with him, I sure learned quite a bit. Until then, EA can consider its Jedi’s and battlefi eld heroes safe in the hands of a dedicated and experienced CISO.
January/February 2012
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60