Skip to main content
Search
MENU
What are you looking for?
Close

Cal Brown - Lead Security Story Owner for BT

Photo of Cal Brown

Tell us about your journey into the industry

I have a Masters Degree in telecommunications, and a PhD in Nonlinear Optical Physics.

I’ve been in BT for 25 years, and had many roles in that time, in all parts of technology. I tend to move from one role to another based on where the biggest challenges are, and security has never been more important, more difficult to get right or more significant to the country. I don’t have a rolemodel, my mind doesn’t really work like that. The closest I have is Marcus Aurelius, the last good Roman Emperor, and a great philosopher.

Tell us about your current role

BT provides most of the communications for the UK, either directly or via partners and customers. If you’re on the internet right now, chances are you’re using our kit at some point on that connection. My job is to help keep all of that safe by transforming our technologies and processes. I need to make it easy for my colleagues to do the safe thing without it also being the slow and difficult thing. I work with people all across our business, from techies in India to our instore agents in the EE shops. Ballpark salary for my role is £80k, it’s unlikely you’d start in a transformation role, so I don’t know what entry level might be.

What does a typical day look like?

I spend a lot of time on video calls, sorting out problems, removing blockers and putting people in touch with each other. I can turn my hand to most things to get things moving again, and will dive into problem areas on a short term basis until they can be handed off. I’m never entirely sure what I’ll be doing – I have a lot of autonomy and a remit of ‘find problems and chase them til they’re fixed’.

What are your career goals/plans for the future? 

I’ve never had one in formal terms. I’m very ambitious, but it’s to always have a job I get satisfaction from, rather than to be a CTO or a CSO or anything. I want to be interested, to be influential, to be able to make meaningful change that’s good for the company and the country.

What is the best thing about working in the cyber security industry? 

How friendly people are. And, actually, how diverse it is compared to networks or software development. I’ve spent years being the only not-male in the room, now I can be pretty sure I won’t be some entirely weird fish in a strange pond.

What advice would you give to others thinking about pursuing a career in cyber security? 

Think properly about why you want to do it, and what else would give you those benefits. Cyber security is a huge space, if you like the thrill of red-teaming you’d be miserable in compliance monitoring, and if you need work-life balance you’d hate it on the incident team.

What would you say are the 3 most important skills you use in your role, and why? 

  1. Persuasive communicating. Everything I do is about ensuring BT has a good story on my current specialism, and that means creating a compelling narrative that draws people in to play lead roles. I have a lot of heroes
  2. Networking. I don’t have any hierarchical power, but I know an awful lot of useful people, and I nurture and make use of those connections to ensure we’re making the right decisions and taking the right steps.
  3. Persistence. Or possibly pig-headedness. Seeing problems and facing into them, treating obstacles as the way forwards, and driving hard for the right outcomes, even if it means we’re all having to go outside our comfort zones. (But doing it supportively, because I cherish my heroes!)

What do you like to do in your spare time? 

Lots of crafting – I like to keep my hands busy. I’m a life-long table-top and live roleplayer. I read, I write, I paint, I play music. (I flit from hobby to hobby like a happy butterfly, to be honest!)

Anything else interesting you would like to add?

Most of cyber-security is about that rare animal, common sense. What-ever you do, concentrate on making it easy for people to do the right thing, and really hard to do the wrong thing. Nobody* ever gets up and thinks ‘today I’m going to cause a massive security breach’, so make it simple, signpost good and bad behaviour clearly, and give them a way to raise concerns if something is bothering them.

* for the odd few who do, this is why we also make it really hard to do the wrong thing.