Inside the Mind of Cybersecurity's Game-Changer From his early days in the military to becoming a key player in the cybersecurity world, Spencer Summons reveals how the landscape has evolved, the challenges facing businesses today, and the strategies that can protect against the most sophisticated cyber threats.

You're reading Entrepreneur United Kingdom, an international franchise of Entrepreneur Media.

Opliciti
Spencer Summons founder of Opliciti

Spencer Summons is a multi award-winning cyber strategy leader and mentor with over 30 years' experience in high-risk security and cyber. He is the founder of Opliciti, a cyber security organisation supporting organisations and high net worth individuals to protect their assets, data and intellectual property from cyber-crime.

What first drew you to cybersecurity? Was there a specific event or realisation that led you into this field?
My interest in cyber security stemmed from three main factors. Firstly, I sought a career change that would allow me to utilise the skills I had developed over nine years as an army officer. Secondly, I wanted a field that was dynamic and would continually engage my interest. Lastly, I desired a profession that was essential to business operations. Given my expertise in physical and personal security, cyber security appeared to be a logical next step, although I initially underestimated the effort required to transition into this field.

What was your professional background before moving into cybersecurity? How did that experience shape your approach?
I was fortunate that my transition into cyber security was gradual. After leaving the army, I became a government protective security adviser for critical national infrastructure. Although my work primarily focused on physical security, I frequently collaborated with my counterparts in information security. This helped me understand what and where I should focus my cyber study. When I left government, I joined the IT security and resilience team at Deloitte. It was a challenging experience as I was immediately thrown into the deep end - sink or swim time. My real opportunity came in late 2011 when I took on my first head of information security role for a FTSE 50 company; ten years later I found myself as CIO leading IT and cyber transformation.

However, my time as an army bomb disposal officer has shaped my approach to IT and cyber the most. You might think this has little relevance to cyber security, but the relevant lessons I learned were highly transferable and remain fundamental building blocks. These lessons were leadership, empowerment, situational awareness, informed decision-making, adaptable planning, and timely execution. They remain central to my work in end-user organisations, as a consultant, and as a thought leader.

When you first started in cybersecurity, what did the landscape look like compared to today?
Fundamentally, nothing has really changed. At the core, threat actors attempt to gain access to companies and defenders try to stop them. Cybersecurity was often an afterthought for many businesses when I started. Media reporting now suggests cybersecurity is a top priority for organisations worldwide. However, in my experience consulting across many sectors, particularly those with operational technology and SMEs, cyber security does indeed feature in their board meetings, yet established effective cyber capability is still some way off. This results from a myriad of issues, from lack of investment, difficulty in implementing security within operational technology and skills shortage, amongst others.

Modern threats are more sophisticated. Nation-state actors and organised cybercriminals use advanced tactics like AI-powered social engineering. In response, defenders use advanced solutions like AI-driven threat detection, zero-trust architectures, and continuous monitoring. However, while our focus seems to be driven by new AI tools, ultimately we still fail to ensure the fundamental building blocks are in place, such as end to end asset management and information management. Cyber resilience and proactive threat hunting are critical.

What have been the biggest changes in cybersecurity since you began your career?
Cybersecurity has evolved dramatically over the past two decades. State-sponsored attacks linked to global tensions and regional conflicts have increased, as has the sophistication and prevalence of ransomware. However, the most significant changes impacting our business are automation and AI. The introduction of automation and artificial intelligence (AI) has revolutionised the way we conduct threat detection and response.

Additionally, our clients are now more likely to store data in the cloud, necessitating new approaches to cloud security. The proliferation of IoT devices and the increasing focus on operational technology (OT) has also highlighted the vulnerabilities and challenges in securing these devices and their networks.

What are the most pressing cybersecurity challenges that businesses and individuals face today?
There are several pressing cybersecurity challenges, including the continued prevalence of phishing, ransomware, and advanced persistent threats (APT). These threats are compounded by the complexities of an increasingly remote workforce and intricate supply chains. However, one of the most pressing and often underestimated challenges is finding the right security leader for your business.

The chosen security leader is responsible for determining what is appropriate and proportionate for the business and ensuring its effectiveness. Without the right type of leader, one or more of these factors may be misaligned, resulting in unhappy employees, dissatisfied customers, or a frustrated board. In the worst-case scenario, this misalignment could lead to a cyber incident or data breach.

Can you tell us more about Opliciti? What sets your company apart, and what key services do you offer?
Opliciti is expertly positioned to help organisations improve their cyber security posture. We deliver cyber advisory, assurance and managed security services using advanced tools and techniques to remove the boundaries between digital business, cyber security and data protection. Opliciti was launched to help organisations become more adaptive in response to ever-changing security risks relating to the digital environment and the growing work-from-home movement. Our goal is to create value while simultaneously protecting that value from cyber-crime.

When working with clients, what happens if their security is breached despite your measures? What legal or ethical responsibilities do you take on?
Like any other contracted managed service, we can be found in breach of contract if we fail to meet our service level agreements or can be found negligent for not following industry best practices. To mitigate these risks, we take a proactive approach to managing both the service and our client relationships. Our transition to a managed service process provides clear accountability and responsibility for each managed service process. This is overseen by multiple layers of representative governance to ensure the service operates as designed and enables continuous improvement.

In the event of an incident, it is crucial to investigate and understand the root cause, with each party being transparent about their role in the breach. We strive to achieve the highest standards for our internal processes, such as ISO 27001:2022, and to demonstrate that we meet customer and regulatory requirements while continuously improving our processes, which we do in accordance with ISO 9001 standards.

What is the most common cybersecurity mistake companies make, and how do you and Opliciti help them correct it?
Common cyber security mistakes include poor cyber security situation awareness and incident management. However, the most overriding factor remains neglecting to implement comprehensive security awareness training for employees. Human error is a significant factor in many cyber incidents, with phishing attacks and social engineering tactics frequently exploiting staff who are untrained or unaware. There are a multitude of approaches to employee engagement.

At Opliciti, we have collaborated with anthropologists and educators to develop effective solutions for employee engagement and change management. Our latest approach seeks to exploit an employee's emotional connection with their own personal cyber security as a way to also improve their corporate Cyber security responsibilities.

Most Popular

See all
Business News

These 5 States Have the Most Affordable Housing, According to a New Report

U.S. News & World Report's latest rankings found the top five states with the most housing affordability.

By Erin Davis
Business News

'They're the Backbone:' Walgreens Says Using Robots to Fill Prescriptions Helped It Save $500 Million. Here's How.

Walgreens says its robot-assisted centers fill 16 million prescriptions a month.

By Sherin Shibu
Marketing

Why AI Makes Your Brand Voice More Valuable Than Ever

In a world where content is easier to create than ever, the brands that win will be those with something real to say.

By Elle Morgan
Business Ideas

70 Small Business Ideas to Start in 2025

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2025.

By Eve Gumpel
Personal Finance

Get a Lifetime of AI-Powered Stock Picks and Personalized Guidance for $68.99

Personal recommendations, risk analysis, and easy portfolio tools.

By Entrepreneur Store
Business Solutions

Save $90 on the Microsoft Office Apps Your Business Needs

From emails to spreadsheets, this version has what every leader needs.

By Entrepreneur Store