Paul Swarbrick

Former Global Chief Information Security Officer at The British Standards Institution (BSI)

Former Global Chief Information Security Officer, BSI
Policy Fellow Alum, Centre for Science and Policy

Paul is a seasoned, proven specialist in information security, privacy, risk and governance, with over 25 years experience of providing secure, pragmatic business solutions across many industry sectors and Government Departments. He has worked in a variety of roles from the technical assurance of the development of new IT systems to writing and implementing complete security management strategies, policies and procedures, as well as full lifecycle implementations of regulatory and legislative compliance regimes.

A Fellow of Cambridge University's Centre for Science and Policy, he has worked on some of the most critical and high profile information systems in the UK, including Head of Cyber Security for UK Airspace, and 2012 UK Border Olympic security, as well as International commercial CISO roles with responsibilities around the world.

In April 2014 he was named European Chief Security Officer of the Year at the Secure Computing Magasine Awards in London.

He is:
EC-Council certified C|CISO
A member of the British Computer Society as senior member and Chartered Systems Practitioner in Security Specialist, Project Management, Health Informatics and ELITE industry leader groups
Previously a member of two of the National Government special interest working groups (SIGs) into security practices and UK policy, namely ITSOF 7799 (BS7799/ISO27001) and facial recognition and identification systems.
Has been a member of CLAS Security Consultant Scheme, sponsored by CESG and GCHQ from 2000-2011.
ITPC certified security expert.
An associate member of the Institute of Information Security Professionals (IISP).
Listed on MOD preferred suppliers list for information security consultancy.

Specialties: Information Security, Cyber Security, Information Assurance, Privacy, GDPR, ISO27001, ISO27002, Security Policies Framework (SPF), IS1, IS2. Risk Management. Knowledge and Information Management (KIM), PCI DSS. Corporate Risk Management and Governance.

As Chief Information Security Officer and Head of Cyber Security at NATS, Britain’s national air traffic service, Paul was responsible for the information systems and networks controlling 200,000 square miles of UK and North Atlantic airspace and nearly 2.5 million flights a year. NATS also controls all aircraft ground movements at major airports in the UK, and runs a highly successful commercial arm selling its services and expertise around the world. In consultation with the Board of Directors, he was responsible for devising a security strategy to ensure NATS remains a world leader in air traffic management; and in partnership with the various business areas, for implementing a security regime to reflect the high standards of security and safety required by the aviation industry.

Before NATS, Paul’s consultancy career spanned 20 years within the information security, assurance and governance arena in Europe and across the world. He has worked across multiple industry sectors and Government Departments, advising on and implementing the best and most pragmatic approach to protecting information assets, and on the implementation of new technologies and working practices. He has worked with many organisations such as HM Revenue and Customs, UNUM Insurance, Prudential, the Home Office, Valuation Office Agency, Griffin Global, and National Criminal Intelligence Service to examine and improve their approach and adoption of information and physical security measures, and to plan objective and appropriate governance structures informing Board policy and business decisions.

Paul also served as a Non-Executive Director of Worthing and Southlands NHS Trust for several years, helping to steer the Trust back to financial stability, whilst improving patient outcome statistics and guiding the process towards Foundation Trust Status. Focussing on good governance and clear, objective management and reporting, he made a point of ensuring that the executive put patients at the centre of the organisation’s work, and that savings and changes could only be made with this firmly in mind.