Blog

Industrial Cybersecurity is a very new topic in the world of security. Go back 10, or even 5 years and there would be few people who would think to hack into pharmaceutical plants or drilling sites to tamper with production or hold facilities at ransom. As time goes on however, it has become apparent that many of these large “Industrial Control Systems” are insecure by design, built decades ago and with no way of knowing that a cyber-attack would one day be possible. Now, hackers have learned of these widespread vulnerabilities leading to events such as the Triton incident, a vicious attack on a chemical plant in the Middle East in 2017. As similar events have become more frequent and organisations have come to understand the danger, organisations across every sector have been working to protect their systems against such attacks. That being said, the progression from insecure to secure facilities has many obstacles hindering the path. Within an organisation’s boardroom discussions, ICS/OT can struggle to gain traction as topic for focus. This is mainly because of three things: The most senior-ranking members of an organisation are often personally disconnected from ICS/OT security (lack of true awareness). When the senior board members are introduced to the topic of ICS/OT security, they are dissuaded by the fact that investing in ICS/OT does not clearly facilitate revenue-generation. Lastly, the associated costs are high, with the need to pay for expensive consultations, lengthy implementations, and then the subsequent halts in production to execute the implementation. Gartner has recently predicted that this is soon to change, with governments drastically increasing regulation and legislation regarding ICS/OT security, coupled with The FBI, The NSA and CISA endeavouring to increase awareness within the topic, enabling CEOs to take action and disabling them from pleading ignorance. They anticipate that the majority of CEOs will be fully accountable for incidents by 2024 - A huge win for not only those dedicating their lives to the cause, but also the welfare of the millions who's lives will be protected by the actions taken as a result of this. What does this mean for hiring? The increasing importance of Industrial Cyber Security (ICS) means that candidates in this market are highly sought after. Whilst it has traditionally been difficult to find people with ICS skills, the market is maturing and there are more candidates than before who are able to perform the duties required to protect industrial sites from cyber-attack. However, with niche skillsets there is high competition for these specialised candidates, as organisations compete over the few available candidates in the market. My tip to candidates would be to continue developing your skills across as many aspects of ICS/OT as possible - familiarise yourself with a broad range of security frameworks, sectors, types of security controls as you can. The industry is lacking a wealth of people with experience, and to be one of those people makes you extremely employable. Contact Freddie directly on f.bennet@hamlynwilliams.com

Project Management is an extrememly important skill for any industry and pharma is no different. Slow-drug development timelines, quality requirements, and rigid work processes are being replaced by Agile ways of working. This style of managing teams is helping businesses speed up their processes and be more customer focused, instead of being in ridgid flow that can limit innovation. Largely for pharma businesses, being more agile has allowed for digital transformation projects to aid the process, using technology to create efficiencies. Traditionally, pharmaceutical companies have used the 'Waterfall' structure, in which activities are broken into clear, sequential phases. This is to be expected given the need for GMP (Good Manufacturing Practice), in a highly regimented environment where correct execution and delivery is absolutely critical. In the last few years however, major players in the pharmaceutical industry have been migrating to an Agile methodology, in which the traditionally structured Waterfall methodology is being replaced by a more flexible, cutting-edge way of working, incorporating creativity and collaboration across units. How it works: Agile is a cooperation lead, focused process to deliver a project in less time, lower cost without compromising on quality. Sprints This is the continuous development cycle and usually lasts 2-4weeks. Sprint goal is set, a sprint backlog of tasks to achieve this goal, and the race starts after planning sessions to organise the flow of the project. Scrum - Daily stand up meetings Meeting for 5-10minutes each morning, traditionally whilst standing so that team members can sync and troubleshoot issues to complete work on time. Questions to cover: What did I do yesterday? What am I planning to do today? Is there anything holding me back? At this time you can also go over the visual scrum board to help people work through projects and hold everyone accountable. This has a knock on effect to make people want to close down projects to avoid the same boring update each day. Cross-functional teams CEO’s, developers, tech teams, scientists, marketing, sales etc, all play a part in a project delivering successfully. Having all these people working together can lead to a variety of ideas being shared, through different knowledge backgrounds, resulting in excellent innovation. Ideation sessions with all these teams is an excellent way to innovate. The results? Increases in portfolio efficiency, RnD productivity, and customer satisfaction increases. You can tailor products to audiences wants and needs, and less time spent going off in tangents. Due to having a highly collaborative culture and speeding up the process there’s been huge knock on effects with workplace satisfaction too at some of the larger businesses adopting this strategy. What are your thoughts on the adoption of agile into pharma? Find our latest Pharma jobs on the website, visit www.hamlynwilliams.com/job-search