Blog

Lee Cramp, Head of Cyber Security for the British Red Cross, is responsible for the information security of over 3500 staff and 30000 volunteers working across the globe to support humanitarian aid. 

He is passionate about ensuring Security and Data services allow the user to do what they need to do. Lee is Head of Information Security for the British Red Cross. From his first job as a paperboy, Lee has worked across multiple industries undertaking various roles before moving into the rock-and-roll world of Data and Security. With over 20 years leadership experience at Board and Operational level across a range of disciplines, Lee has led generic and specific skill teams, including Information Security, Governance, Technology, Audit and Legal enforcement delivering innovative user-centric services. His expertise includes the planning, integration, installation and maintenance of end-to-end data and security solutions in line with common frameworks such as PCI-DSS, ISO27001, GDPR, DPA 2018, NIST and CNI. In his spare time, he’s an endurance athlete! And his mantra is: You can quit, no one will care, but you will know for the rest of your life!

I left school and qualified as an Auto Electrician and over the years following, I took on a range of career opportunities. I worked in local government for 18 years where I had a number of roles from prosecution and environmental enforcement to audit and internal fraud investigations. Finally, I moved from research performance and intelligence into Information Governance and Information Security. I worked at the Fire Service and I learned a huge amount about risk and planning from how firefighters deal with, plan and prepare for the highly stressful situations they face and to my current position with the British Red Cross, where I continue to learn every day. Over the years, I’ve built up a range of skills, not least those 'soft' skills that I feel are the most important. 

I’m a firm believer that there isn’t anyone you can’t learn from if you are just willing to listen to them. 

My job is not to catch people out, it’s to help everyone ‘get’ cyber. We’re really good at dressing up what cybersecurity is, but if people don’t get it, then they won't see the value in it. This involves those soft skills. Speaking to people, understanding their fears, concerns and how and where they work and what their job really entails. 

Everything we do is for the end-user and that means making things simple for our staff and volunteers who can at times be working in challenging conditions. In my experience, the challenge is how we make security invisible to the user. They need to know about security and how it is working for them, but they shouldn’t be impeded by it. My role at the British Red Cross is to find opportunities to help people and steer them away from those unsecure workarounds. 

If I can demystify the world of cyber so people ‘get it’ and help design systems for people that stand true to my maxim of the ‘path of least resistance for the user while remaining secure’ then I believe I'll be a success, because then, the people we support are going to be safe. 

People always ask – what do you do for a living? I say my job is much like a librarian. Data is a story with soul, we are all writing the books of our lives every day, what we do, how we live and there are some parts of your biography that you allow people to see, much like the public area of the library. Then there are sections of the library where the most valuable books are kept, just like the things in our biography that we keep for those closest in our lives. So much like a librarian, I’m responsible for ensuring that I let the right people in the public library read the books we want them too, make sure they take the books they have permission to read and return it on time and most importantly, only allow the people we want to read the more sensitive books locked away in the archives.

csw