Scaling assurance: building the ecosystem we need
Duncan Attwell
Principal Technical Director for Assurance, National Cyber Security Centre

We’re seeing step changes in technology as both the innovation of components and the appetite for novel capability flourish. People in all sectors, from the battlefield to agriculture, from enterprise to the creative arts, are imagining and stumbling across new ways in which we can use technology to do more. Cyber security is a key enabler for this to happen in a safe way: we want the UK to be a science and technology superpower, but we also want it to be the safest place to live and work online.
However a challenge to achieving this is that we do not currently have the ecosystem to support gaining confidence in technology at scale. This talk will focus on how NCSCs new Cyber Resilience Testing service (using the Principles Based Assurance method) is aiming to achieve this.
About Duncan Attwell
With a Ph.D in statistical forecasting Duncan started out in Industry working on Business and Sales forecasting, before moving into government to work on Economic forecasting.
Since moving to GCHQ Duncan has had a range of jobs in both intelligence and cyber security, however he soon found that the statistical mindset lent itself to effective data driven, but proportionate and pragmatic, approaches to cyber risk management. After many years experience advising users on effective approaches to deploying technology in a risk managed way he decided to codify this in the form of, what is now known as, Principles Based Assurance.
Duncan is currently NCSCs Principal Technical Director for Assurance, leading on the technical definition of the new PBA based Cyber Resilience Testing. He also keeps his hand in with practical Risk management by acting as Accreditor for the UK’s pan Government Rosa network.