Named a 2017 Cybersecurity Professional of the Year, Grant Lecky discusses his past and present initiatives with Marietta Armanyous. With vast experience in cybersecurity and risk management, Mr. Lecky established the Security Partners’ Forum (SPF) to bring security groups together so they may share their knowledge and expertise. Made up of both domestic and international organizations, the SPF connects security and resilience educators so that they may learn from one another and strengthen the industry’s capabilities as a whole. Mr. Lecky speaks about these advances, as well as the challenges facing cybersecurity below.
Could you begin by talking a bit about your educational background and professional experience?
My educational background includes a Master of Science (M.Sc.) in Security & Risk Management at the University of Leicester; a Bachelor of Arts degree in Criminology and Criminal Justice at Carleton University; and a Diploma in Security Management from Algonquin College, Ottawa. I also earned a Graduate Certificate in Corporate Security Executive leadership through the Burrill Green Corporate Security Business School and will be attending the 2017/2018 ISMA Leadership Program, presented by International Security Management Association and Georgetown University.
In terms of my professional background, I have worked in the security and resilience professions for over 16 years. I am currently a security and resilience specialist within the Government of Canada. Outside of government, I oversee the Security Partners’ Forum, one of the largest and most influential agile security non-profit networks in the world, covering the private, public and not-for-profit sectors related to security and resilience. I have also been fortunate enough to develop and lead initiatives that have both highlighted and elevated the role of women within the security and resilience domains.
You have extensive experience in security, risk, and crisis management. What drew you to this field? How did you get started in it?
In terms of security in general, it started with the need for a job to ‘help pay the bills’ but I discovered that I greatly enjoyed the work, though not the pay. I realized that if I were to continue on in the field, I would have to take a more strategic and purposefully engaged approach. A colleague recommended that I consider the Security Management program at Algonquin College. The foundation that I gained from the program allowed me to gain employment with the Government of Canada as a result. In the government environment I was able to further hone my skills in corporate security and related fields.
After a few years of working in government security, I decided to take my education to the next level and undertook graduate studies at the University of Leicester. During my graduate studies, I realized the need for greater collaboration within the Canadian and international security industries. My research into the professionalization of the security industry revealed that the industry was siloed. Having identified what I interpreted to be a critical need, I set myself upon the task of developing a construct that could serve to break the silos. The end result was the creation of the Security Partners’ Forum (SPF).
What was the biggest challenge you faced during your career? How were you able to overcome it?
I would probably say that my greatest challenge in my career took place in 2013 when we were scaling the Security Partners’ Forum from a domestic network to a global network. Doing so required considerable time, energy and resources – ensuring that we have developed a sufficient level of knowledge and the infrastructure to effectively operate on the global stage. The scalability of the model not only passed with flying colours, it amplified the existing efforts and power of the network.
You have been presented with the 2017 Cybersecurity Excellence Award for, among other accomplishments, founding the Canadian Cybersecurity Alliance (CCA). For those who are not familiar with the CCA, could you briefly describe the alliance’s objectives?
In 2013, we invited dozens of security and resilience associations across Canada to come together to launch the Inter-Association Working Group on Cyber Security (IAWGCS) in order to develop much-needed executive training for CISOs and other cyber security-related professionals. In 2014, the goal was achieved and, within the context of increasing cyber threats and the pervasive use of technology in nearly all aspects of our lives, we saw the need to broaden the IAWGCS mandate. The CCA emerged in 2016, with the primary objective of further enhancing the professionalization of the Canadian cyber domain through effective inter-association engagement and knowledge-sharing. A National Advisory Council was put together to help maintain the CCA structure, and help facilitate inter-association dialogue & relations.
Over 100 groups have elected to participate in the CCA so far. What does an organization gain though participation in the CCA?
The CCA represents an unprecedented opportunity to understand the cyber landscape in a way that has not been possible by any one organization in isolation. All of these professional associations view cybersecurity through their own unique perspective. The CCA combines those distinct understandings of cybersecurity to produce unprecedented, and deeply contextualized clarity within the cyber landscape. This powerful, aggregated insight and clarity is, to my knowledge, not matched anywhere else in the world at this time.
The CCA provides the participating associations with opportunities to share more information with their respective membership on the cyber environment and further enhance their existing body of knowledge as a result of the increased interactions with other participating associations. Additionally, associations are able to promote their own work to a broader audience, attract new members, collaborate with new partners for mutual benefit, and enhance the profession through collaborative, highly cost-effective means.
Cybersecurity is a ‘hot topic’ in the news these days. Can you talk about whether there is currently a legitimate threat to cybersecurity? If so, what is it?
As the world becomes increasingly automated and globalized, and as we as individuals rely increasingly on technology and connectivity, we are greatly empowered but also more vulnerable. Security was not always the first consideration in developing these technologies, and even today innovation is driving advances in many ways faster than security considerations can keep pace.
The many challenges include, but certainly are not limited to, balancing openness with privacy and rights considerations; managing the human element including sustaining employment levels within increasingly automated sectors; a shift toward state-level threats away from individuals in isolation as threats; and how to attract talent and better engage the public and build public capacity in cybersecurity.
The Women in Security & Resilience Alliance (WISECRA) is another Security Partners’ Forum (SPF) initiative that you are involved in, could you expand a bit on what WISECRA does and why you feel such a group focussing on women involved in security is particularly important / necessary?
It is important to note from the outset that it was my colleague Bonnie Butlin who developed the WISECRA network. I assisted her in the initial development and identifying the various women in security and resilience groups across the globe. The identification of the women’s initiatives globally is both important and inspirational. The speed and success with which this initiative has progressed is truly remarkable.
There was a growing global need to better explore the evolving international role of women in the security and related fields. The silos within which women in security organizations were operating were preventing the sharing of information on the latest dialogue, research, and initiatives related to women in the security and resilience-related domains (such as law enforcement, fire and emergency responders, defence, etc.). WISECRA provides augmented understanding and lines of communications that did not previously exist. WISECRA enables a new non-hierarchical network that can better facilitate global dialogue on Women in Security, resilience and other related disciplines.
In addition to understanding these valuable women in security perspectives and insights, the WISECRA network of women in security groups also provides a unique window into what is happening within specific geographic regions within security. This extra layer of contextualization within the security space benefits not only the women in security groups, but also enriches the security community as a whole.
I understand you are also working on a relatively new initiative within the Security Partners’ Forum – the International Council of Security & Resilience Educators (ICSRE), connecting educators with one another to relay their research and best practices regarding security and resilience. Could you expand a bit on what the ICSRE does and aims to achieve?
Throughout my career I have observed that there is increasing demand for a comprehensive and easily accessible global body of knowledge in security and resilience. Traditional methods of dissemination of research, such as academic peer reviewed publications and conference presentations, and newer means of online publications do not appear to always be up to the task of keeping up with current trends and issues in the security and resilience domains.
Through various consultations with professionals and educators across the globe, it was argued that a complementary and stream-lined structure within which to house and manage such a comprehensive body of knowledge is now required.
In 2016, the ICSRE was developed and later launched in January 2017. ICSRE seeks to define and enhance a global body of knowledge through the creation of a sharing platform guided by an international advisory council of security and resilience educators. ICSRE will enable educators to communicate with each other in real time and share best practices, identify current gaps that should be researched, and share, or make known more widely, research that they have conducted or that is being undertaken with the global community in as close to real-time as possible. The security community, in the face of a proliferation of risks and threats, would benefit immensely from the more rapid and broader sharing of this research-related information.
Do you have any final remarks you’d like to share with our readers?
I think most would agree that we are living in an increasingly complex world, which brings much opportunity, but also unforeseen challenges. It is imperative that the security community maximizes the potential of partnerships and of collaborative insight to keep up with and perhaps even get ahead of the complex threats and challenges that we face, and draw upon our successes as a community of security professionals for the benefit of all. There is a great need for leadership in order for our society to navigate effectively among all of these pieces and quickly changing context. I believe that much of this leadership will come from the security community, which, by the very nature of its work, is inherently motivated to understand, gain insight, protect, and lead within our society. This leadership is very much needed today, and I am pleased to be a part of that leadership, along with the numerous professionals participating in the SPF and supporting networks (e.g., WISECRA, CCA, ICSRE). I am pleased that our initiatives continue to meaningfully enable and support the security community in that leadership role.
Cover Photo: Grant Lecky, obtained and used with permission.
In-text Image: Security Partners’ Forum Structure, obtained and used with permission from Grant Lecky.
Disclaimer: Any views or opinions expressed in articles are solely those of the authors and do not necessarily represent the views of the NATO Association of Canada.