3018: Tesco and the Future of Retail Security

[00:00:03] [SPEAKER_00]: How do you secure the digital backbone of one of the world's largest retailers, all

[00:00:10] [SPEAKER_00]: while fostering innovation and staying ahead of emerging threats?

[00:00:15] [SPEAKER_00]: Well, my guest today is the Director of Security Engineering and Operations at Tesco.

[00:00:23] [SPEAKER_00]: And she has carved out an impressive career in the world of security engineering, information

[00:00:28] [SPEAKER_00]: governance and data privacy.

[00:00:31] [SPEAKER_00]: And with an interesting background that spans leadership roles at global companies from

[00:00:35] [SPEAKER_00]: Flutter International to Skyscanner, my guest today brings a wealth of experience in protecting

[00:00:42] [SPEAKER_00]: vast amounts of customer data and navigating the complex intersection of technology, security

[00:00:49] [SPEAKER_00]: and privacy.

[00:00:50] [SPEAKER_00]: So in this episode today, we're going to learn more about my guest's journey from safeguarding

[00:00:55] [SPEAKER_00]: online platforms and leading security tribes to her current mission at Tesco.

[00:01:01] [SPEAKER_00]: And we'll also explore how her team is tackling the unique challenges of retail security,

[00:01:07] [SPEAKER_00]: which is of particular importance in this era of rapid technological change.

[00:01:12] [SPEAKER_00]: And we'll also explore what it's like to drive innovation while ensuring the security

[00:01:17] [SPEAKER_00]: of millions of customers.

[00:01:19] [SPEAKER_00]: And we'll also touch on the importance of diversity in tech and how initiatives at Tesco

[00:01:25] [SPEAKER_00]: and beyond are paving the way for more inclusive teams in the security sector.

[00:01:31] [SPEAKER_00]: Delivering daily content to 140,000 of you wonderful monthly listeners across the globe

[00:01:36] [SPEAKER_00]: is no small feat.

[00:01:38] [SPEAKER_00]: I don't want to take all the credit here because it wouldn't be possible without the backing

[00:01:41] [SPEAKER_00]: of our dedicated sponsors and partners.

[00:01:44] [SPEAKER_00]: And I also want to shine a light on the fact that legacy managed file transfer tools are

[00:01:48] [SPEAKER_00]: looking dated.

[00:01:49] [SPEAKER_00]: They often lack the security that today's remote workforce demands.

[00:01:52] [SPEAKER_00]: And companies that continue relying on that outdated tech, they're in danger of putting

[00:01:56] [SPEAKER_00]: their sensitive data at risk.

[00:01:58] [SPEAKER_00]: Attention IT professionals, are you tired of juggling these multiple servers for secure

[00:02:03] [SPEAKER_00]: file sharing, integrated shared folders and email plus a comprehensive REST API?

[00:02:09] [SPEAKER_00]: Kiteworks simplifies your workflow.

[00:02:11] [SPEAKER_00]: For administrators, you can experience unmatched functionality and integration that traditional

[00:02:16] [SPEAKER_00]: MFT servers just can't touch.

[00:02:18] [SPEAKER_00]: Step into the future of secure managed file transfer with Kiteworks by going to kiteworks.com

[00:02:24] [SPEAKER_00]: to get started.

[00:02:25] [SPEAKER_00]: That's kiteworks.com and remember, Kiteworks is also FedRAMP moderate authorized.

[00:02:30] [SPEAKER_00]: Thank you for your patience today.

[00:02:32] [SPEAKER_00]: This is the moment you've been waiting for.

[00:02:34] [SPEAKER_00]: It's time to welcome my guest onto the show.

[00:02:36] [SPEAKER_00]: So buckle up and hold on tight as I beam your ears all the way to London here in the UK

[00:02:42] [SPEAKER_00]: where my guest today is going to talk about applying her knowledge to protect one of the

[00:02:46] [SPEAKER_00]: most recognizable brands in retail.

[00:02:50] [SPEAKER_00]: But enough from me, let's get my guest on now.

[00:02:54] [SPEAKER_00]: So a massive warm welcome to the show.

[00:02:57] [SPEAKER_00]: Can you tell everyone listening a little about who you are and what you do?

[00:03:01] [SPEAKER_02]: Thank you for having me.

[00:03:03] [SPEAKER_02]: It's a pleasure being here with you today.

[00:03:05] [SPEAKER_02]: So my name is Veroniki Stamatik.

[00:03:07] [SPEAKER_02]: I am the director of security engineering and operations at Tesco.

[00:03:11] [SPEAKER_02]: But what I really do is I orchestrate a number of things and colleagues to make sure that

[00:03:17] [SPEAKER_02]: we keep Tesco secure.

[00:03:18] [SPEAKER_02]: We do this by uncovering opportunities, bringing new ideas to solve security problems that

[00:03:25] [SPEAKER_02]: we all face in the industry every day.

[00:03:28] [SPEAKER_02]: And me and my team simply, we aspire to make security everybody's job.

[00:03:32] [SPEAKER_00]: It's a huge responsibility there.

[00:03:35] [SPEAKER_00]: And one of the things that I always try and do with my guests is maybe get them to look

[00:03:39] [SPEAKER_00]: back at their career and look at how your experiences might have shaped what you're

[00:03:44] [SPEAKER_00]: doing right now.

[00:03:45] [SPEAKER_00]: So I've got to ask, I mean, looking at your extensive background in security for online

[00:03:50] [SPEAKER_00]: platforms and travel and so many other different variations there, I'm curious, how has that

[00:03:56] [SPEAKER_00]: background and your experience influenced your approach to leading the security engineering

[00:04:01] [SPEAKER_00]: organization at Tesco?

[00:04:03] [SPEAKER_02]: It's a great question.

[00:04:04] [SPEAKER_02]: And often I look back at my journey.

[00:04:08] [SPEAKER_02]: I started from consultancy and when I started in tech, I fell in love with tech and I'm

[00:04:14] [SPEAKER_02]: not going back.

[00:04:16] [SPEAKER_02]: And I'm sure a lot of people would say that too.

[00:04:19] [SPEAKER_02]: This really changed completely my whole mindset because as you mentioned, like dealing with

[00:04:24] [SPEAKER_02]: online platforms and Skyscanner, we were offering choices of travel to hundreds of millions

[00:04:30] [SPEAKER_02]: of people across the world in Flutter International with things like PokerStars, platforms.

[00:04:37] [SPEAKER_02]: It's one of the biggest poker brands and online gaming brands in the world.

[00:04:43] [SPEAKER_02]: The way our customers think, the way that they interact with the online world and the

[00:04:50] [SPEAKER_02]: technology that is used to offer these products really changed my mindset as to how we need

[00:04:55] [SPEAKER_02]: to be doing security as well, which is why I brought into Tesco and they've already had

[00:05:02] [SPEAKER_02]: that in place as well.

[00:05:03] [SPEAKER_02]: Some of the more specific examples, especially within the adopting of the engineering concepts

[00:05:10] [SPEAKER_02]: and the methodologies that people in our product and experimentation sort of environment are

[00:05:17] [SPEAKER_02]: using is what I really learned that we need to start exploring within our security domain.

[00:05:23] [SPEAKER_02]: So experimentation was a big one for me.

[00:05:25] [SPEAKER_02]: You talk to online people and they talk about canary deployments and A-B testing of features

[00:05:32] [SPEAKER_02]: and how something would be done with our customers and what they would like, how they would interact

[00:05:37] [SPEAKER_02]: with it.

[00:05:38] [SPEAKER_02]: We didn't really do much of that in security in the past.

[00:05:41] [SPEAKER_02]: And when I go exposed to the technology world and all of these mindsets, it was really interesting

[00:05:47] [SPEAKER_02]: for me to how do we bring this into security?

[00:05:51] [SPEAKER_02]: If you look at how we interact with our internal colleagues here in Tesco and how I was interacting

[00:05:57] [SPEAKER_02]: with our internal employees in all of my other companies, we actually have a product,

[00:06:02] [SPEAKER_02]: a security product that we offer to them.

[00:06:05] [SPEAKER_02]: We need to experiment and make sure that what features and controls and policies and security

[00:06:11] [SPEAKER_02]: guardrains and controls we put in place resonate with them.

[00:06:15] [SPEAKER_02]: They can use them.

[00:06:17] [SPEAKER_02]: They are most friendly, but also they protect our environment in Tesco in this particular

[00:06:22] [SPEAKER_02]: situation.

[00:06:23] [SPEAKER_02]: So that was one big learning and something that saved my mindset and my thinking in security

[00:06:31] [SPEAKER_02]: engineering.

[00:06:31] [SPEAKER_02]: The second one was about delivering platforms as a service.

[00:06:37] [SPEAKER_02]: A lot of our job in security is being always to tell people you can't do this, you need

[00:06:43] [SPEAKER_02]: to follow these processes, you need to be really rigid.

[00:06:48] [SPEAKER_02]: We've got an environment to protect.

[00:06:50] [SPEAKER_02]: The attacks, the threats are real.

[00:06:51] [SPEAKER_02]: We're not saying it just for selling it.

[00:06:54] [SPEAKER_02]: It is true.

[00:06:55] [SPEAKER_02]: But how do we make it more of a service?

[00:06:58] [SPEAKER_02]: Is that learnings that I got from me working in online platforms all of these years.

[00:07:05] [SPEAKER_02]: It's things like how can we be doing those concepts and those security controls and guardrains

[00:07:12] [SPEAKER_02]: within the platforms that our developers use to create the product or our commercial teams

[00:07:18] [SPEAKER_02]: are using to find out what real life products resonate with our people in the stores.

[00:07:25] [SPEAKER_02]: And if we can do that and we can know that the underlying platform is secure, then it

[00:07:30] [SPEAKER_02]: is a lot easier to partner with them and kind of figure out the more nuanced things that

[00:07:35] [SPEAKER_02]: we're going to have to do.

[00:07:36] [SPEAKER_02]: So that was a second one.

[00:07:38] [SPEAKER_02]: And then everything, there's a little bit of a buzzword here, but like everything is

[00:07:44] [SPEAKER_02]: a code.

[00:07:45] [SPEAKER_02]: We started off from compliance as code, especially within the worlds of governance, risk and

[00:07:52] [SPEAKER_02]: compliance, which was quite a different take on what security engineering is because security

[00:07:59] [SPEAKER_02]: engineering for a lot of people, if you go on and write some rules, you create some detections

[00:08:04] [SPEAKER_02]: to identify threats and so on and so forth.

[00:08:06] [SPEAKER_02]: You can do it all.

[00:08:08] [SPEAKER_02]: If you apply that principle, you can really kind of like make a developer's life a lot

[00:08:14] [SPEAKER_02]: easier if you build everything as a code.

[00:08:16] [SPEAKER_02]: So these three main areas really, really influenced my approach to security engineering, which

[00:08:24] [SPEAKER_02]: we're really pursuing here as well in Tesco and I've done in my previous careers and

[00:08:29] [SPEAKER_02]: positions too.

[00:08:30] [SPEAKER_00]: And as you said there, you know, you've enjoyed such a fantastic career where you've transitioned

[00:08:35] [SPEAKER_00]: from companies like Flutter International to Skyscanner to a retail giant like Tesco

[00:08:41] [SPEAKER_00]: and there's so many big tech trends, security trends.

[00:08:44] [SPEAKER_00]: I'm curious how everything you've seen, how has the shift impacted your maybe strategic

[00:08:49] [SPEAKER_00]: approach to technology and security, especially now where everybody's talking and getting

[00:08:53] [SPEAKER_00]: excited about AI and going all in on AI and then equally anyone with a security mindset

[00:08:59] [SPEAKER_00]: or an IT mindset is like, well, let's just slow down a bit here.

[00:09:02] [SPEAKER_00]: How are we protecting this data, etc.?

[00:09:04] [SPEAKER_00]: I'm curious how everything you've seen, how that shift has impacted your strategic approach.

[00:09:08] [SPEAKER_02]: I was waiting for when the AI word would come in.

[00:09:12] [SPEAKER_02]: Absolutely, yes.

[00:09:14] [SPEAKER_02]: So it's been really interesting and I have been immensely lucky to experience that journey.

[00:09:22] [SPEAKER_02]: I'm very honored for every single organization that I've been in.

[00:09:25] [SPEAKER_02]: It taught me a lot.

[00:09:27] [SPEAKER_02]: One thing that is very interesting is like security problems for every organization are

[00:09:34] [SPEAKER_02]: pretty much the same.

[00:09:35] [SPEAKER_02]: We don't necessarily find different aspects and different problems that we have not faced

[00:09:41] [SPEAKER_02]: ever before within the security domain.

[00:09:44] [SPEAKER_02]: We all talk about people have to fix their vulnerabilities.

[00:09:47] [SPEAKER_02]: We all talk about protecting our data, as you absolutely mentioned.

[00:09:51] [SPEAKER_02]: We all talk about how do we adopt new technology in a more secure way, but how we enable our

[00:09:58] [SPEAKER_02]: product people and our developers to do better.

[00:10:00] [SPEAKER_02]: But really what the big difference is and what I've learned from that is that from a

[00:10:07] [SPEAKER_02]: strategic point of view, which is kind of like what you're asking through this question

[00:10:11] [SPEAKER_02]: is predominantly the size of the organization matters.

[00:10:15] [SPEAKER_02]: The complexity and the structure of the programs really shift and change depending on how the

[00:10:23] [SPEAKER_02]: risk profile of each organization is and having the ability to have seen places which, you

[00:10:29] [SPEAKER_02]: know, are flat international and were heavily regulated, obviously as you would expect,

[00:10:35] [SPEAKER_02]: doing everything by the measure of the regulator and all of that stuff.

[00:10:40] [SPEAKER_02]: Not that in other organizations we don't do it, but there are different levels of scrutiny

[00:10:45] [SPEAKER_02]: depending on your environment that you have to go through.

[00:10:48] [SPEAKER_02]: And clearly, having been in a place where you can shift your strategy and how you create

[00:10:54] [SPEAKER_02]: your framework, a security framework to support the business strategy in Tesco, our goal is

[00:11:01] [SPEAKER_02]: to feed the nation.

[00:11:02] [SPEAKER_02]: We need to do that in a way that we enable the business and we protect the business from

[00:11:07] [SPEAKER_02]: a security threat because actually what you get from us is essential food.

[00:11:13] [SPEAKER_02]: It's so important, so paramount, whereas you can argue like, okay, travel and gaming is

[00:11:18] [SPEAKER_02]: a bit more, you know, entertaining activities and pleasure.

[00:11:23] [SPEAKER_02]: And it's very different from a perspective of how you shape your strategy and where the

[00:11:29] [SPEAKER_02]: security fits in that.

[00:11:31] [SPEAKER_02]: So it's been really interesting for me to kind of look at how can we create roadmaps?

[00:11:37] [SPEAKER_02]: How can we create strategies through different sort of risk based profiles?

[00:11:41] [SPEAKER_02]: And how does that change our operational priorities, essentially, and how we shape the

[00:11:47] [SPEAKER_02]: teams? How do we partner with the business?

[00:11:50] [SPEAKER_02]: And this is kind of like the biggest shift in my strategic thinking.

[00:11:55] [SPEAKER_02]: It's more about what does the business want to achieve first, not what security problems

[00:11:59] [SPEAKER_02]: we have to solve.

[00:12:00] [SPEAKER_02]: And then how do we support the business to do that with very massive between all of these

[00:12:06] [SPEAKER_02]: places?

[00:12:07] [SPEAKER_00]: Yeah, I think you hit the nail on the head there, especially around what does the business

[00:12:10] [SPEAKER_00]: need to do first?

[00:12:12] [SPEAKER_00]: And very often we look at the technology first, which is the worst thing that you can do.

[00:12:15] [SPEAKER_00]: It's all about the business problem first and all the excitement of AI that we're hearing

[00:12:20] [SPEAKER_00]: in the moment.

[00:12:20] [SPEAKER_00]: So I think it's also important to remember, we've been here many times before from the

[00:12:24] [SPEAKER_00]: arrival of the Internet to the arrival of the iPhone and mobile first strategies and

[00:12:28] [SPEAKER_00]: everyone wanting a mobile app for everything.

[00:12:31] [SPEAKER_00]: And when it comes to things like digital disruption and high pace of technological change,

[00:12:36] [SPEAKER_00]: there is this huge rush of wanting to make changes quickly.

[00:12:39] [SPEAKER_00]: But I'm curious in your current role at Tesco, how do you balance that drive for technological

[00:12:45] [SPEAKER_00]: innovation with the imperative to ensure robust security and data privacy and all the stuff

[00:12:51] [SPEAKER_00]: that we don't talk about enough?

[00:12:53] [SPEAKER_00]: It is quite a delicate balance.

[00:12:55] [SPEAKER_00]: How do you get that right at Tesco?

[00:12:57] [SPEAKER_02]: It is very delicate, but we have an amazing, I call them my unique and beautiful people

[00:13:04] [SPEAKER_02]: in the team. And we always make sure that we look after the basics.

[00:13:10] [SPEAKER_02]: We've got our processes right and we know things are running.

[00:13:14] [SPEAKER_02]: But then we have invested heavily in the elements of timing, things and new technologies

[00:13:21] [SPEAKER_02]: within security and not only actually within Tesco.

[00:13:24] [SPEAKER_02]: Technology is very innovative.

[00:13:27] [SPEAKER_02]: We are trying a lot of things all the time.

[00:13:29] [SPEAKER_02]: We call our tablet, Tesco's Tomorrow Made by You.

[00:13:35] [SPEAKER_02]: So we do enable all of our people across technology here in Tesco to kind of come up with

[00:13:39] [SPEAKER_02]: ideas and speak to the likes of our product people and our technology people to come up

[00:13:47] [SPEAKER_02]: with innovation, experimentation and so on and so forth.

[00:13:51] [SPEAKER_02]: Within specifically the space of security, I guess we are exploring two routes mainly of

[00:14:00] [SPEAKER_02]: where we want to experiment and where we want to innovate more.

[00:14:03] [SPEAKER_02]: And it's around how to bring in the product discipline and mindset within security that

[00:14:09] [SPEAKER_02]: will allow us to kind of look at and we constantly go and assess what have we got today?

[00:14:15] [SPEAKER_02]: Is it fit for purpose?

[00:14:17] [SPEAKER_02]: If you want to compare it to the market, the features and the technology that is available

[00:14:22] [SPEAKER_02]: out there, how are we keeping at least on par if not trying to innovate in the areas

[00:14:28] [SPEAKER_02]: that really matter for us?

[00:14:29] [SPEAKER_02]: And we take time and we've got space to think and we've got environments that allow us

[00:14:35] [SPEAKER_02]: to do that thinking in the planning whilst all of our operational core, those roles and

[00:14:42] [SPEAKER_02]: processes are running as expected, which is really nice.

[00:14:48] [SPEAKER_02]: We are hiring.

[00:14:50] [SPEAKER_02]: So if I can take that opportunity, we are looking for people to come and help us with

[00:14:56] [SPEAKER_02]: that for sure in product space, for security specifically.

[00:15:00] [SPEAKER_02]: But also the second one is we cannot hide from the fact that we're going to have to all

[00:15:07] [SPEAKER_02]: of us embed machine learning LLMs within our space.

[00:15:11] [SPEAKER_02]: I'm trying to avoid the word of AI because it's a lot more components underneath that,

[00:15:16] [SPEAKER_02]: but delivery, right?

[00:15:18] [SPEAKER_02]: So one of the big things that I'm really, really excited about us doing here and I have

[00:15:27] [SPEAKER_02]: seen a need for all of us in the industry is to kind of analyze and create models of all

[00:15:34] [SPEAKER_02]: of the vast of security data that we create.

[00:15:38] [SPEAKER_02]: I think there's a number of people in the industry that they talk about the fact that

[00:15:43] [SPEAKER_02]: we've got so many security products that we rely on in our business to protect.

[00:15:49] [SPEAKER_02]: That's good to protect all of the companies in general across the industry.

[00:15:53] [SPEAKER_02]: It generates a vast amount of data, events, compliance, data configurations, issues,

[00:16:03] [SPEAKER_02]: anything you can imagine.

[00:16:05] [SPEAKER_02]: For someone to really analyze that is really challenging and to kind of like see the

[00:16:10] [SPEAKER_02]: workflow, the trace and kind of create information out of data points.

[00:16:16] [SPEAKER_02]: So we are really want to innovate with data security platforms and data relics and

[00:16:22] [SPEAKER_02]: building our LLMs and create machine learning on top of those data points.

[00:16:27] [SPEAKER_02]: And this is another area that we are really taking in for innovation.

[00:16:34] [SPEAKER_02]: We really want to kind of push along and being an initiative on that too.

[00:16:40] [SPEAKER_02]: So these are the two areas that we really want to explore and we really want to

[00:16:46] [SPEAKER_02]: balance that sort of don't want to stay behind.

[00:16:49] [SPEAKER_02]: We want to push ahead, we want to enhance what we've got all the time.

[00:16:53] [SPEAKER_02]: We want to be better.

[00:16:54] [SPEAKER_02]: So these are the two ones.

[00:16:56] [SPEAKER_00]: And you mentioned that you are looking to hire people at the moment.

[00:16:59] [SPEAKER_00]: Is there any particular roles or skills that you're looking for at the moment?

[00:17:04] [SPEAKER_00]: Is there a shortage of certain skill sets?

[00:17:06] [SPEAKER_00]: Anything you want to shout about there if we do have the perfect candidate listening?

[00:17:11] [SPEAKER_01]: There's always a shortage in skills and good people in security.

[00:17:14] [SPEAKER_01]: We always want them so people can reach out to our talent teams any moment.

[00:17:21] [SPEAKER_02]: But in grid predominantly, we are building those capabilities of our product.

[00:17:24] [SPEAKER_02]: Security and data analytics and data security engineering.

[00:17:31] [SPEAKER_02]: Security engineering is always an area that we're looking for people as well.

[00:17:35] [SPEAKER_02]: And especially within the domain of our partnering with our business and

[00:17:40] [SPEAKER_02]: developers, so our own application security and so on and so forth.

[00:17:43] [SPEAKER_02]: So yeah, if I could touch on one single person that is listening right now and

[00:17:48] [SPEAKER_02]: they can apply, they can go on and find out our Tesco careers listings on our

[00:17:54] [SPEAKER_00]: website. Of course, right at the heart of everything.

[00:17:56] [SPEAKER_00]: This is a tech podcast, but your mission is to feed the nation there.

[00:18:00] [SPEAKER_00]: So how do you approach building secure products that need to cater for not just

[00:18:05] [SPEAKER_00]: millions of users, but millions of users with diverse needs and a diverse audience

[00:18:10] [SPEAKER_00]: from every class throughout the nation there?

[00:18:14] [SPEAKER_00]: Anything you can share around that?

[00:18:15] [SPEAKER_02]: Secure products is a big conversation.

[00:18:18] [SPEAKER_02]: It is very different, like every single product or feature we develop

[00:18:24] [SPEAKER_02]: and actually if you go into a store in Tesco, technology is present in the

[00:18:30] [SPEAKER_02]: stores. You might not really realize it a hundred percent, but martins to the

[00:18:35] [SPEAKER_02]: skins that you weigh your vegetables.

[00:18:38] [SPEAKER_02]: They've got some element of technology.

[00:18:40] [SPEAKER_02]: That fascinated me when I joined, by the way.

[00:18:43] [SPEAKER_02]: So we have an approach we call business partnering.

[00:18:48] [SPEAKER_02]: So we've got security engineers and experts that think within those

[00:18:54] [SPEAKER_02]: domains and support all of our business functions across their own journey in

[00:18:59] [SPEAKER_02]: exploring or drawing out those products, creating the offerings either in the

[00:19:04] [SPEAKER_02]: stores or e-commerce or online across all of that spectrum.

[00:19:08] [SPEAKER_02]: And essentially from being with them, sitting with them, understanding their

[00:19:14] [SPEAKER_02]: problem space, what they want to do, what they want to achieve, but then create

[00:19:18] [SPEAKER_02]: more tailored security advice, security solutions to kind of support them.

[00:19:23] [SPEAKER_02]: And that's the main way of developing those products.

[00:19:27] [SPEAKER_02]: Security, obviously we've got a number of accelerators and security capabilities

[00:19:33] [SPEAKER_02]: and tools and all of the great stuff you would expect from a technology point of

[00:19:36] [SPEAKER_02]: view and process on the background that enabled that and empower that happen on

[00:19:40] [SPEAKER_02]: our underlying platforms.

[00:19:41] [SPEAKER_02]: But truly the biggest differentiator is the people talking to people and exploring

[00:19:46] [SPEAKER_02]: what would happen if someone was to explore, to exploit that particular

[00:19:53] [SPEAKER_02]: environment or feature.

[00:19:55] [SPEAKER_02]: And that is a great differentiator.

[00:19:58] [SPEAKER_02]: People always make a difference.

[00:20:00] [SPEAKER_00]: And I'm curious if we go back a couple of years, I think on Black Friday, there's

[00:20:05] [SPEAKER_00]: coming up a huge sale day in the US and increasingly so over here in the UK.

[00:20:09] [SPEAKER_00]: There's going to be a lot of security threats that take down retailers during

[00:20:14] [SPEAKER_00]: that busiest day of the year.

[00:20:15] [SPEAKER_00]: And that's going to be top of mind for a lot of retailers listening around the

[00:20:18] [SPEAKER_00]: world. I'm curious, what are some of the significant security threats that

[00:20:22] [SPEAKER_00]: you see facing retailers today and how are you and your team at Tesco innovating

[00:20:27] [SPEAKER_00]: to try and stay ahead of these challenges as we all approach that crazy

[00:20:31] [SPEAKER_00]: season, holiday season that's coming up?

[00:20:33] [SPEAKER_02]: Oh, there is no shortage of threats.

[00:20:36] [SPEAKER_02]: Let's put it that way and start from there.

[00:20:39] [SPEAKER_02]: The reality is a lot of us have learned from over the past years as to how we need

[00:20:46] [SPEAKER_02]: to deal with intentional or unintentional denial of service attacks, which is

[00:20:51] [SPEAKER_02]: obviously kind of unexpected in big times like Black Friday events, etc.

[00:20:57] [SPEAKER_02]: I think the industry is in a good place on that.

[00:21:00] [SPEAKER_02]: Let's be honest, we've got a lot more capabilities from really experienced

[00:21:05] [SPEAKER_02]: vendors and partners today to deal with those things, especially with the shift to

[00:21:10] [SPEAKER_02]: sort of cloud technologies and engineering, creating the capacity for the demand

[00:21:17] [SPEAKER_02]: scenarios like that is now a standard.

[00:21:22] [SPEAKER_02]: Now, in terms of the threats of today, I don't actually think that they're

[00:21:27] [SPEAKER_02]: specific to retailers, if I may say that name.

[00:21:31] [SPEAKER_02]: They are something that we all face.

[00:21:34] [SPEAKER_02]: But if we were to take a bit more of a double take into our own environment, the

[00:21:38] [SPEAKER_02]: truth is that there are three aspects that for us as retailers is worth calling out.

[00:21:45] [SPEAKER_02]: First of all, our customers, and you've seen this throughout COVID period where

[00:21:51] [SPEAKER_02]: everybody embraced a lot more of the online, the e-commerce, the ordering at

[00:21:57] [SPEAKER_02]: home and kind of like the unintentional experience of a retailer.

[00:22:04] [SPEAKER_02]: Let's put it that way.

[00:22:06] [SPEAKER_02]: It has increased and it has maintained.

[00:22:09] [SPEAKER_02]: So a lot of opportunities have been created for scammers to target our own customers.

[00:22:17] [SPEAKER_02]: It's not something that directly impacts potentially our own operations as

[00:22:22] [SPEAKER_02]: retainers, but it's something that we've got a huge role to play.

[00:22:26] [SPEAKER_02]: So one of the big examples is that we're seeing multiple scamming websites and you

[00:22:33] [SPEAKER_02]: usually go to the stores and you will have coupons, you would have vouchers that

[00:22:38] [SPEAKER_02]: you use, especially to kind of like reward our customers and so on and so forth.

[00:22:43] [SPEAKER_02]: There's a lot of scams in that area.

[00:22:45] [SPEAKER_02]: And we certainly have a responsibility to try and be proactive and identify those

[00:22:50] [SPEAKER_02]: scams so we can actually protect our own customers.

[00:22:54] [SPEAKER_02]: And good examples of that is we have formal issues with the websites that

[00:23:00] [SPEAKER_02]: are trying to impersonate us.

[00:23:01] [SPEAKER_02]: And we've got processes to try and kind of use legal avenues and so on and so forth

[00:23:06] [SPEAKER_02]: to take them down and it's a constant hunt.

[00:23:09] [SPEAKER_02]: A lot of businesses are facing it, not only retainers, to be honest with you, but

[00:23:13] [SPEAKER_02]: it is quite prominent in that because people want to shop, people want to get the

[00:23:17] [SPEAKER_02]: bargain.

[00:23:18] [SPEAKER_02]: The second one, retainer organizations are really attracting attacks.

[00:23:24] [SPEAKER_02]: It is inevitable we have millions of customers that we know they're having, we

[00:23:30] [SPEAKER_02]: know who they are, we know what they need.

[00:23:32] [SPEAKER_02]: We've got a lot of information about them and people know that.

[00:23:36] [SPEAKER_02]: They shop with us, so they pay.

[00:23:39] [SPEAKER_02]: And in terms of the ability to kind of improve our distributions and our

[00:23:46] [SPEAKER_02]: offerings in the stores, as retailers we all use data.

[00:23:50] [SPEAKER_02]: I think it's inevitable we are going to rely on this data to make sure that our

[00:23:55] [SPEAKER_02]: drivers take the biggest and most effective route to get your order as soon as

[00:24:00] [SPEAKER_02]: possible.

[00:24:01] [SPEAKER_02]: Or our picking is done in very fashionable and quick order based on market

[00:24:06] [SPEAKER_02]: preferences because you go in and you say, I don't want to replace this item and I

[00:24:10] [SPEAKER_02]: want to replace that item.

[00:24:12] [SPEAKER_02]: And there is an element of kind of like you're talking through a data to us,

[00:24:17] [SPEAKER_02]: essentially.

[00:24:18] [SPEAKER_02]: We've got a lot and attacks are being targeted to us on the basis of ultimately

[00:24:25] [SPEAKER_02]: data theft, right?

[00:24:26] [SPEAKER_02]: That's a big threat that we're facing.

[00:24:29] [SPEAKER_02]: We have seen in the industry, not only in retail, there's a huge increase of data

[00:24:34] [SPEAKER_02]: thefts by info-stealers, which is a prominent threat that we're facing.

[00:24:40] [SPEAKER_02]: There was a report actually from IBM, if I'm not mistaken, and it quoted that last

[00:24:48] [SPEAKER_02]: year compared to last year, it was a 266% increase on that type of threat or attack

[00:24:54] [SPEAKER_02]: and attack vector, which is huge.

[00:24:57] [SPEAKER_02]: It's huge, right?

[00:24:58] [SPEAKER_02]: Ultimately as well, what is happening through this is a lot of credential stealing.

[00:25:07] [SPEAKER_02]: Ultimately, the sort of malicious attacks in the community has shifted to, we want to

[00:25:16] [SPEAKER_02]: try and get in and lobby before we try hacking because actually it's going to

[00:25:21] [SPEAKER_02]: expedite the time that they have to steal data for.

[00:25:25] [SPEAKER_02]: So there is a huge increase in initial access brokers within the dark web and

[00:25:32] [SPEAKER_02]: everything that provide valid credentials to hacking organizations that can come in

[00:25:38] [SPEAKER_02]: and actually utilize that.

[00:25:41] [SPEAKER_02]: And through the info-stealers, which is the other attack vector, they also can get

[00:25:45] [SPEAKER_02]: valid credentials if they were able to infiltrate and use malware and other

[00:25:50] [SPEAKER_02]: malicious software into people's software through traditional threat vectors like

[00:25:55] [SPEAKER_02]: phishing and email security has not gone away.

[00:25:58] [SPEAKER_02]: So these are some of the true threats that we face today, retailers and other

[00:26:06] [SPEAKER_02]: organizations.

[00:26:08] [SPEAKER_02]: And last but not least, there is a threat which I wouldn't necessarily call a threat,

[00:26:12] [SPEAKER_02]: but it depends as to how an organization is prepared today.

[00:26:17] [SPEAKER_02]: There is a regulation change that is happening across the, especially in the

[00:26:25] [SPEAKER_02]: European Union.

[00:26:26] [SPEAKER_02]: I appreciate we are talking to a very diverse audience, but down in the European

[00:26:31] [SPEAKER_02]: Union it is quite interesting to look at the developments around the NIST 2 directive

[00:26:36] [SPEAKER_02]: that has come out because it has expanded its scope and especially for some of the

[00:26:43] [SPEAKER_02]: retail areas who are producing food, processing or distributing food, they may

[00:26:50] [SPEAKER_02]: come into scope.

[00:26:51] [SPEAKER_02]: That talks a lot about essentially how resilient you are, if you call your

[00:26:55] [SPEAKER_02]: operations in the state that if there is disruption, you can essentially still

[00:27:02] [SPEAKER_02]: perform your function, which is pretty important as we talked about already.

[00:27:06] [SPEAKER_02]: So depending on how you're prepared as a retailer or not, if you fall in the scope

[00:27:13] [SPEAKER_02]: of that, it could be a threat or an opportunity to kind of like differentiate

[00:27:17] [SPEAKER_02]: yourself. So I guess to summarize, we have to protect our customers from the threats

[00:27:24] [SPEAKER_02]: they're facing as proactively as possible as we have.

[00:27:27] [SPEAKER_02]: We have to protect our organizations from people who are trying to get in and steal

[00:27:31] [SPEAKER_02]: our data. And we have to be prepared for how we deal with the regulations that are

[00:27:38] [SPEAKER_02]: constantly changing around our environment.

[00:27:41] [SPEAKER_00]: And I guess we should also mention the things that are outside of our control.

[00:27:47] [SPEAKER_00]: And if I look at everything from banking to retail this year, there's been a lot of

[00:27:52] [SPEAKER_00]: downtime that have been caused by changes, software updates or things like that,

[00:27:57] [SPEAKER_00]: maybe got through change management process or something and it's taken down

[00:28:02] [SPEAKER_00]: abilities to take payments or allow people to access their accounts and things.

[00:28:06] [SPEAKER_00]: That was nothing that you could have predicted really because it's the third party

[00:28:09] [SPEAKER_00]: that have made that software update.

[00:28:11] [SPEAKER_00]: And that can cause expensive downtime for any organization too, right?

[00:28:16] [SPEAKER_02]: That's an interesting time in the industry on the back of a big incident which

[00:28:22] [SPEAKER_02]: happened obviously.

[00:28:24] [SPEAKER_02]: I will leave it to you if you want to mention that the vendor, although I feel sorry for

[00:28:29] [SPEAKER_02]: them and I feel for them because actually they're doing a brilliant job, but it can

[00:28:34] [SPEAKER_02]: happen to anyone because it can happen to anyone that we make a change.

[00:28:38] [SPEAKER_02]: We didn't test it, we've done it many times, we're confident in our processes.

[00:28:43] [SPEAKER_02]: Obviously, it was a very, very baseline error, but baseline errors can happen to

[00:28:48] [SPEAKER_02]: anyone. I've been in businesses that we've done this, but obviously it's low

[00:28:54] [SPEAKER_02]: consolidated to the impact of the business and over a small period of time.

[00:28:58] [SPEAKER_02]: What is truly important is that preparedness for recovery because we cannot avoid

[00:29:07] [SPEAKER_02]: making chain mistakes.

[00:29:09] [SPEAKER_02]: We can all do that one day or the other.

[00:29:11] [SPEAKER_02]: Unfortunately, it's inevitable.

[00:29:14] [SPEAKER_02]: It is the true nature we're relying on people who are writing code, who are writing

[00:29:18] [SPEAKER_02]: configurations, who are posting templates, whatever that might be in their job and

[00:29:22] [SPEAKER_02]: then we make a mistake.

[00:29:24] [SPEAKER_02]: We all learn from mistakes.

[00:29:25] [SPEAKER_02]: That's the culture we're preaching.

[00:29:28] [SPEAKER_02]: That's the culture we're adopting in our organizations so we should embrace it.

[00:29:32] [SPEAKER_02]: What can we learn from that as an industry is about being prepared to recover very

[00:29:39] [SPEAKER_02]: quickly. I think through the experience of the past sort of months where significant

[00:29:46] [SPEAKER_02]: changes impacted eight and a half million people across the world from travel to

[00:29:51] [SPEAKER_02]: banking, as you said, and other domains, it's also an element of how well this

[00:29:58] [SPEAKER_02]: business is ready to deal with a disrupted incident in that occasion.

[00:30:05] [SPEAKER_02]: This was caused by one particular supplier, but it can happen even by an

[00:30:09] [SPEAKER_02]: organization.

[00:30:11] [SPEAKER_00]: 100% with you.

[00:30:12] [SPEAKER_00]: I was talking to another cybersecurity leader recently and they, much like you, just

[00:30:17] [SPEAKER_00]: have there spoke of the importance of preparedness and asking businesses why

[00:30:21] [SPEAKER_00]: they're not doing tabletop exercises.

[00:30:23] [SPEAKER_00]: What would happen if this incident occurred?

[00:30:27] [SPEAKER_00]: Have you got a marketing team or somebody from the communications team that knows

[00:30:31] [SPEAKER_00]: exactly how to prepare that press release and react and how you fix it?

[00:30:35] [SPEAKER_00]: It's preparedness all day long.

[00:30:37] [SPEAKER_00]: So thank you for sharing that.

[00:30:39] [SPEAKER_00]: It's so much more important than the blame game that we often see in the media.

[00:30:42] [SPEAKER_00]: And also just changing topics slightly as a leader in tech, you've been a strong

[00:30:47] [SPEAKER_00]: advocate for diversity and female representation in the industry.

[00:30:52] [SPEAKER_00]: It is such an important topic.

[00:30:53] [SPEAKER_00]: We have seen a lot of improvements over the years, still so much work that needs to

[00:30:58] [SPEAKER_00]: be done around that.

[00:30:59] [SPEAKER_00]: And I think it's so important when the world of technology and solving problems are

[00:31:03] [SPEAKER_00]: very complex and you need a diverse set of opinions and diverse way of thinking.

[00:31:09] [SPEAKER_00]: So I've got to ask what initiatives have you found most effective in promoting

[00:31:14] [SPEAKER_00]: diversity within your teams and attracting more diversity into the industry?

[00:31:18] [SPEAKER_00]: Because there's somewhat of a problem sometimes where people think, hey, I'm not

[00:31:21] [SPEAKER_00]: techie and that's not for me.

[00:31:23] [SPEAKER_00]: It's quite the opposite.

[00:31:24] [SPEAKER_00]: There's so many transferable skills, especially in corporate spaces that people

[00:31:28] [SPEAKER_00]: can bring into the world of tech.

[00:31:30] [SPEAKER_00]: But what are you noticing that's effective here?

[00:31:34] [SPEAKER_02]: It's such a huge topic about what does diversity actually mean, in my opinion,

[00:31:40] [SPEAKER_02]: because you hit the nail on the head when you mentioned diversity of thought and

[00:31:44] [SPEAKER_02]: skill sets. It's so paramount, especially if you look at the security problems we

[00:31:49] [SPEAKER_02]: have to face. You just don't have to deal with people.

[00:31:52] [SPEAKER_02]: So when you have to deal with people, people who come from a psychology

[00:31:56] [SPEAKER_02]: background, behavioral background, which is huge value to offer, for example.

[00:32:02] [SPEAKER_02]: Which is something that no one would think of like, I can apply those skills

[00:32:06] [SPEAKER_02]: to tech. We've talked about this in our industry quite a lot though, so it's

[00:32:09] [SPEAKER_02]: becoming a lot more.

[00:32:11] [SPEAKER_02]: And I have examples.

[00:32:13] [SPEAKER_02]: So we've got behavioral scientists in the team, for example, here in

[00:32:16] [SPEAKER_02]: technical security, which is fascinating.

[00:32:18] [SPEAKER_02]: Right?

[00:32:19] [SPEAKER_02]: We've got people who come from police investigative backgrounds and they had

[00:32:23] [SPEAKER_02]: never touched technology because they were on the field.

[00:32:28] [SPEAKER_02]: But actually, the skill set of how do we investigate?

[00:32:32] [SPEAKER_02]: How do we break the problem down?

[00:32:33] [SPEAKER_02]: How do we respond to an incident?

[00:32:35] [SPEAKER_02]: It's a skill that can come into our business and be extremely valuable.

[00:32:40] [SPEAKER_02]: We don't only need engineers.

[00:32:42] [SPEAKER_02]: We don't only need security analysts and people who know security.

[00:32:47] [SPEAKER_02]: We need people who come from an infrastructure background and so on and so forth.

[00:32:52] [SPEAKER_02]: I know it's technology thing, but there are so many different areas

[00:32:57] [SPEAKER_02]: that we can bring together.

[00:32:59] [SPEAKER_02]: To talk a little bit more about a topic that is quite close to me as well in

[00:33:03] [SPEAKER_02]: terms of the female representation, however, and the early careers aspects.

[00:33:08] [SPEAKER_02]: I feel that there is a lot of initiatives which work well when they work at early stages.

[00:33:14] [SPEAKER_02]: I have been very, very privileged in my early career days when I was in

[00:33:20] [SPEAKER_02]: consulting system to work with tech colleges across the UK.

[00:33:26] [SPEAKER_02]: One particular was the Tech College in Reading, for example, and they had

[00:33:29] [SPEAKER_02]: created that STEM environment for kids of 14, 16 years old, if I remember right

[00:33:37] [SPEAKER_02]: now, that they were able to go in there and explore and there were suppliers

[00:33:41] [SPEAKER_02]: and vendors and they could train them.

[00:33:44] [SPEAKER_02]: They could get involved into sort of like how a network is created and all

[00:33:50] [SPEAKER_02]: of these things that they were involved for many days.

[00:33:54] [SPEAKER_02]: In my local mall, actually, this year, there was Ninja Coders for four and

[00:34:02] [SPEAKER_02]: five and six-year-old kids that they could involve.

[00:34:05] [SPEAKER_02]: I think these are the things in the initiatives that truly matter for us to

[00:34:10] [SPEAKER_02]: make change and bring in people from diverse thoughts and experience and

[00:34:16] [SPEAKER_02]: allow people when they're exploring their career paths, when they mature a

[00:34:20] [SPEAKER_02]: little bit more to go, I can do that.

[00:34:23] [SPEAKER_02]: There are some other initiatives, however, that I think are worth going out and

[00:34:27] [SPEAKER_02]: I've been involved and I've seen the real benefits a lot.

[00:34:32] [SPEAKER_02]: These are what we call train, deploy and hire initiatives and

[00:34:36] [SPEAKER_02]: suppliers and partners that we've got.

[00:34:40] [SPEAKER_02]: There are people like Code for Girls, for example, that they can sponsor

[00:34:45] [SPEAKER_02]: bursaries as an organisation with them and they have security.

[00:34:50] [SPEAKER_02]: I know I'm calling out one, but there are many others like Grace

[00:34:53] [SPEAKER_02]: and other companies as well.

[00:34:55] [SPEAKER_02]: But they do that and they offer people from end careers the ability to kind of

[00:35:01] [SPEAKER_02]: get exposed, get trained with the promise that if they do well, they've got a job

[00:35:06] [SPEAKER_02]: as well on the back of that in someone like Tesco, someone like another company.

[00:35:12] [SPEAKER_02]: We are exploring those opportunities and I've seen them in other places

[00:35:16] [SPEAKER_02]: that they work really, really well.

[00:35:18] [SPEAKER_02]: I'm open to say that because as Sky Spinner says it as well, we had a

[00:35:23] [SPEAKER_02]: partnership with Code for Girls and it's worked significantly well.

[00:35:26] [SPEAKER_02]: Sometimes also it's about taking a step and that's kind of my personal opinion

[00:35:32] [SPEAKER_02]: and Stanson saying we're going to push for equity occasionally and we're

[00:35:37] [SPEAKER_02]: going to only sponsor a programme, for example, for girls if your goal

[00:35:40] [SPEAKER_02]: is to attract more females.

[00:35:42] [SPEAKER_02]: But also it's about how do we then promote an environment and scenarios

[00:35:47] [SPEAKER_02]: of like late career changes.

[00:35:50] [SPEAKER_02]: So we've got a significant amount of population who's got tremendous

[00:35:55] [SPEAKER_02]: experience and knowledge, but they haven't been exposed to tech.

[00:35:59] [SPEAKER_02]: We are looking to invest in programmes like this, for example, in Tesco to kind

[00:36:04] [SPEAKER_02]: of look at through this train, deploy and hire, how can we absolutely give

[00:36:11] [SPEAKER_02]: opportunities to everybody and be diverse and bring that diverse learning

[00:36:14] [SPEAKER_02]: experience because they have a lot to offer.

[00:36:18] [SPEAKER_02]: And last but not least, obviously, especially within the organisation, we've

[00:36:22] [SPEAKER_02]: got women's programs, we've got other men's programmes for everybody as well.

[00:36:26] [SPEAKER_02]: And we treat everybody super fairly and we try and make sure that everybody

[00:36:32] [SPEAKER_02]: is seen and everybody is supported.

[00:36:35] [SPEAKER_00]: Such an important point to raise today.

[00:36:38] [SPEAKER_00]: And you and your team obviously play a crucial role in protecting Tesco and its

[00:36:42] [SPEAKER_00]: brand, but we've now got one eye on 2025 already, only a few months away and

[00:36:48] [SPEAKER_00]: looking ahead, what emerging technologies or trends do you believe will

[00:36:52] [SPEAKER_00]: significantly impact the future of security in retail?

[00:36:56] [SPEAKER_00]: What excites you?

[00:36:57] [SPEAKER_00]: What keeps you up at night?

[00:36:58] [SPEAKER_00]: What are you seeing here?

[00:37:00] [SPEAKER_02]: Well, thankfully not much keeps me up at night as long as there isn't an incident

[00:37:04] [SPEAKER_02]: that is going to ring the phone.

[00:37:06] [SPEAKER_02]: But in terms of what excites me, I know we're trying to avoid that as much as

[00:37:14] [SPEAKER_02]: possible in terms of the buzzwords and stuff, but Gen AI, not AI in general, but

[00:37:18] [SPEAKER_02]: Gen AI, I think is a huge change factor and technology and trend that we're going

[00:37:26] [SPEAKER_02]: to significantly see coming in and creating change within security space.

[00:37:33] [SPEAKER_02]: We, from a perspective of both how we as security people use it to kind of like

[00:37:40] [SPEAKER_02]: optimise our own processes in terms of all, how we create solutions and products

[00:37:45] [SPEAKER_02]: that our own internal customers, as I called them out earlier, can actually

[00:37:52] [SPEAKER_02]: consume our advice and our services.

[00:37:56] [SPEAKER_02]: I was actually reading yesterday about some innovative Gen AI sort of development

[00:38:05] [SPEAKER_02]: in security and someone has already created the first SOC analyst in Gen AI.

[00:38:10] [SPEAKER_02]: So I've not tested it.

[00:38:12] [SPEAKER_02]: I don't know how it works and whether it does perform.

[00:38:15] [SPEAKER_02]: I bet it does not outperform a human, but it's already out there.

[00:38:21] [SPEAKER_02]: So we can't hide from the fact that we're going to have to look at how we embed,

[00:38:28] [SPEAKER_02]: adopt or at least if not, we do it consciously rather than not as a trend.

[00:38:35] [SPEAKER_02]: So it's huge.

[00:38:37] [SPEAKER_02]: And especially with a shift to the data platform engineering and becoming a lot

[00:38:43] [SPEAKER_02]: more data security driven, I think it's inevitable that we're going to need all

[00:38:48] [SPEAKER_02]: that to be able to get information and insights from the vast amount of

[00:38:53] [SPEAKER_02]: the security data that we have.

[00:38:55] [SPEAKER_00]: Wow.

[00:38:56] [SPEAKER_00]: That's a powerful moment to end on and almost a teaser for our next conversation,

[00:39:01] [SPEAKER_00]: maybe next year to see how that evolves.

[00:39:03] [SPEAKER_00]: But for anyone listening, just wanting to find out more information about anything

[00:39:07] [SPEAKER_00]: we talked about today, including the career stuff that you mentioned too.

[00:39:11] [SPEAKER_00]: Where's the best place for listeners to find you or your team online and just dig

[00:39:16] [SPEAKER_00]: a little bit deeper on any of the topics we explored together?

[00:39:19] [SPEAKER_02]: Yeah.

[00:39:19] [SPEAKER_02]: Unfortunately, we are quite careful what we say online and on the

[00:39:25] [SPEAKER_02]: security space, we are a little bit cautious, sometimes a bit mad, but it

[00:39:31] [SPEAKER_02]: does serve a purpose.

[00:39:32] [SPEAKER_02]: So I am on LinkedIn.

[00:39:34] [SPEAKER_02]: I don't really post too much there, but people can contact me.

[00:39:38] [SPEAKER_02]: I predominantly maintain peer relationships.

[00:39:41] [SPEAKER_02]: I am a member of the CISO alliances and people can follow some of our research

[00:39:46] [SPEAKER_02]: from that personally, in terms of Tesco, our public blogs and posts from our

[00:39:52] [SPEAKER_02]: corporate website, but people can reach out on LinkedIn.

[00:39:55] [SPEAKER_02]: Absolutely.

[00:39:56] [SPEAKER_02]: We are very open to talk to people on a more individual basis.

[00:39:59] [SPEAKER_02]: So I hope that does the trick.

[00:40:03] [SPEAKER_00]: 100%.

[00:40:04] [SPEAKER_00]: I will get links added to some of those areas so people can find you nice and

[00:40:08] [SPEAKER_00]: easily, and I think I've looked at so many different areas from the transition

[00:40:13] [SPEAKER_00]: to working in tech at a retailer and experiencing how technology is harnessed.

[00:40:18] [SPEAKER_00]: A huge retailer such as Tesco and your role and expertise and everything from

[00:40:22] [SPEAKER_00]: security, engineering and operations and how you're not only yourself, but your

[00:40:27] [SPEAKER_00]: team's work, how it endeavours to protect Tesco and its brand, but also

[00:40:31] [SPEAKER_00]: shining an important light on diversity and female representation in the tech

[00:40:35] [SPEAKER_00]: industry.

[00:40:35] [SPEAKER_00]: We covered a lot there.

[00:40:36] [SPEAKER_00]: We didn't mention too many buzzwords.

[00:40:38] [SPEAKER_00]: So thank you for sharing that with me today.

[00:40:41] [SPEAKER_02]: Thank you for having me.

[00:40:42] [SPEAKER_02]: I really enjoyed that today.

[00:40:44] [SPEAKER_00]: So what does it take to secure a giant like Tesco?

[00:40:48] [SPEAKER_00]: As we heard from my guest today, I think it's a blend of innovation, strategic

[00:40:52] [SPEAKER_00]: thinking, and a relentless focus on protecting customer data.

[00:40:57] [SPEAKER_00]: And I think her insights into the evolving landscape of retail security reveal a

[00:41:02] [SPEAKER_00]: sector that's not just about keeping threats at bay, but also about enabling

[00:41:07] [SPEAKER_00]: the business to thrive in a digital first world.

[00:41:11] [SPEAKER_00]: And we also touched on the significance of diversity in tech, especially within

[00:41:16] [SPEAKER_00]: security teams.

[00:41:17] [SPEAKER_00]: And I think their commitment to fostering a diverse and inclusive environment

[00:41:22] [SPEAKER_00]: highlights the growing recognition that different perspectives are essential to

[00:41:27] [SPEAKER_00]: tackle today's complex security challenges.

[00:41:30] [SPEAKER_00]: But as we move forward, so as we move forward, how do you see the trends we

[00:41:34] [SPEAKER_00]: discussed today from the rise of generative AI and data-driven security?

[00:41:38] [SPEAKER_00]: How do you see that shaping the future of your industry?

[00:41:42] [SPEAKER_00]: And what part of my guest's approach will you apply in your own work?

[00:41:47] [SPEAKER_00]: And how can we all collectively push the boundaries of security in a way that not

[00:41:51] [SPEAKER_00]: just protects, but empowers your organisation?

[00:41:56] [SPEAKER_00]: Please let me know.

[00:41:58] [SPEAKER_00]: Techblogwriteroutlook.com, Twitter, LinkedIn, Instagram, just at Neil C.

[00:42:01] [SPEAKER_00]: Hughes.

[00:42:02] [SPEAKER_00]: Pop me a quick message, question, request to come on the show, whatever it is.

[00:42:06] [SPEAKER_00]: Easiest guy in the world to find.

[00:42:07] [SPEAKER_00]: So please send me a message there.

[00:42:09] [SPEAKER_00]: And remember, stay tuned for more episodes where every day we continue exploring

[00:42:13] [SPEAKER_00]: the cutting edge of technology, its impact on our businesses, our life and beyond.

[00:42:20] [SPEAKER_00]: But that's it for today.

[00:42:21] [SPEAKER_00]: So thank you for listening as always.

[00:42:22] [SPEAKER_00]: And I will be back bright and early tomorrow with another guest.

[00:42:26] [SPEAKER_00]: Speak with you then.