Today we have the pleasure of chatting with Richard Yorke, Managing Director and one of the Founding Directors of CyNam, who shares how Cyber Cheltenham (CyNam for short) goes about powering local cyber technology innovation. He also shares his own path that brought him through cyber security to his current role.
TechBritannia Co-conspirator Rose Ross discovers that the recent creation of UKC3 (UK Cyber Security Collaboration) has ensured that funding will mean full-time attention can be paid to CyNam and help the UK fuel national co-operation between clusters more than ever before, including aiming to help academia and business to cross pollinate more.
Richard also hints at what could be expected at CyNam 21.3 which will be held, hopefully in-person, during October. Watch the full podcast here:
Also available on:
Rose Ross: Welcome everyone, thank you for joining us. I’m Rose Ross, I’m one of the co-conspirators at TechBritannia, I’m one of the founders and I am delighted to be interviewing Rich Yorke who is the Managing Director and one of the founding directors of CyNam for the #WeareTechBritannia podcast and video-cast. Welcome Rich, thank you for joining us from Cheltenham.
Rich Yorke: Hi Rose, pleasure to be here. Hi everybody.
Rose Ross: Fantastic. So, you had a very busy week last week, you had one of your spearhead events and probably your annual spearhead event, which is CyNam 21.2, could you tell me a little bit about it and also I’m very intrigued, why is it 21.2? It sounds like a code, “I’m just issuing 21.2”.
Rich Yorke: Yes, so we have three headline events across the year in March, June, and October, so the code is very simply 2021 and this is our second headline event, so 21.1 was in March and we’re looking ahead now to 21.3 in October. The one we deliver in June, we deliver together with the Cheltenham Science Festival. Pre-COVID that was actually within one of the marquees on the Cheltenham Science Festival site, but obviously this time it was a virtual event for obvious reasons. We decided to base the theme around smart cities and securing smart cities and explored some of the challenges around that, and how together as an industry we can help make sure smart cities are a successful part of the UK going forward.
Rose Ross: Fantastic. So, it would be good to understand a little bit about CyNam, because it is a cluster focused on cybersecurity and being based in Cheltenham, the home of the National Cyber Security Centre, which is part of GCHQ, obviously that is very fortuitous, and if we look at the focus for securing national infrastructure, obviously smart cities and the whole IoT security debate is a big part of that. So, what takeaways were there from that perspective about securing the UK’s national infrastructure, would you say?
Rich Yorke: I’d say one of the key takeaways was actually less around the technology piece, and more about making sure that if you’re developing smart city technology or services that are going to be built on that technology, that there’s an engagement with the citizens and businesses that will be using that technology. I guess that’s a key design principal of any new system, but that was an important takeaway.
From a security perspective, the NCSC actually did a piece on their own guidelines around securing the IT technology that underpins smart cities, and it’s certainly worth checking that out on our YouTube channel for some really specific pointers that should be noted when developing that.
Also, we had some academia there from the University of Bristol, University of Oxford, and Royal Holloway University as well, focused again on building trust because ultimately security is around trust, and if you have the right trust frameworks in place then you can achieve the right things, and do so in a secure and reliable manner.
Rose Ross: I know that Stephen Covey’s son – Stephen M Covey I believe, he has ‘speed of trust’ about how much can be done if there’s actually trust in a relationship, both obviously from a business perspective, I won’t look at personal relationships – a whole different rule game! So, you talked about academia, obviously you’re talking about Government with what the NCSC is doing, tell us a little bit about the types of organisations; who are part of the cluster at CyNam, who are CyNam?
Rich Yorke: CyNam or Cyber Cheltenham is our full name, is made up of a community of organisations. We’ve got about 175 active organisations engaging with us regularly, about 3,000 people/individuals involved as well, and they’re made up from the full spectrum of cyber tech and cyber security companies, from your big prime – so think IBM, BAE, Rayfin, Northrop Grumman, your mid-tier suppliers Roke and various others, through to a number of exciting small startups that are starting to go places. We’ve got Ripjar, who you’ll have heard of, who secured double-figure millions of funding last year to grow their technology. The guys from Immersive Labs, so James, is part of our community and has contributed to CyNam events in the past and is really going places.
Then we’ve got startups such as Aquilai who were recently acquired and who have been through the NCSC accelerator programme, and a number of new businesses who are perhaps only 18 months old but are really gaining traction as a result of the growth in the cyber sector, often spinning out from that organisation that you’ve already mentioned.
Rose Ross: Yes, I’ve named-dropped them a number of times, not doing that again! And obviously you’ve talked about academia and that takes us onto the new initiative that was launched on 4th June, the UKC3, which stands for UK Cyber Security Collaboration. Is that correct?
Rich Yorke: Yes, the UK Cyber Cluster Collaboration. Essentially, this is an organisation that we’ve setup with cluster leaders from across the various cyber security clusters across the UK, including the devolved areas of Scotland, Wales, and Northern Ireland. We’ve setup as a national body to represent the cluster community and to support and help fund the work of clusters. The vast majority of clusters and until probably two years ago CyNam was like this, very much run on a voluntary basis with people organising events in their own time, and what we’re realising is the impact that clusters can have and already having could be really bootstrapped, accelerated, and grown upon, with funding so that they can bring on actual resource that work for clusters full-time. So, that’s what the UKC3 is there to do, is to actively support those clusters across the UK, to drive that economic growth within their regions from the cyber sector. There’s three areas that the UKC3 are focusing on, which maps quite nicely to what clusters have been focusing on anyway.
The first is around ecosystem developments – really growing that community of organisations that are within the sector, looking to engage with new sectors that are perhaps the organisations that rely on strong cyber security services and products.
The second is around innovation – so we’ve got an innovative economy within the cyber security sector but there’s a lot more that we can do, particularly if you want to start to compete on a national scale and bridge the gap with perhaps the US and Israel who are ahead of us in investment. So, looking at activities to really bring together academia and industry, and drive that innovation.
Then the third stream is skills. It’s well documented that we’ve got an issue with the cyber skills gap in the sector, and so we look at ways in how can we inspire the next generation to take roles in the sector, but also look at people perhaps retraining from other industries and how we can develop those skills further.
Rose Ross: Fantastic. Well, obviously the NCSC works very closely with the UK Cyber Security Council as well, which was launched earlier in the year, and that’s very much focused on skills. So, I’m sure that you will all be collaborating very closely.
One of the things that’s kind of interesting that you’ve talked about is you mentioned Israel, and obviously we talked very briefly… you’ve stolen my thunder, how can I do segues Richard!
Rich Yorke: Oh, I’m sorry!
Rose Ross: You keep pinching all my ideas! Gosh, watch out for this one, he’s sneaky! I’ll have to go and get one of mine in now! So, I think we’re looking at the UK getting about 250-million last year in funding, with Israel just topping over at 1-billion, and obviously the US have got a scale that we will have to work very hard to beat, they’re at around 5-billion. So, to nibble at the Israeli heels, so to speak, how do you feel that the clusters can make a difference to that sort of startup in innovation world? Where you’re based, Israel benefits obviously from almost the osmosis of people who do cyber security from a defence-military perspective, so they’re a very-very military-grade approach to things, very rigorous and academia there is very focused on cyber too.
What do you think you guys can do with that opportunity that this collaboration affords to you, and therefore benefits the UK?
Rich Yorke: Yeah, I think there’s a number of things we can do, and clusters play a really important role in driving innovation. One aspect of that is working with academia within the region to pull through some of the research that’s been developed, making that research more accessible to the innovators within their regional ecosystem. Just to be clear to any researchers who are out there, that’s not in any way to dumb down the work that’s being done, but to make it accessible such that innovators can look to develop that into capability, and really put on events and join the dots between organisations, so that that collaboration can happen, and research work can be turned into stuff that can really make an impact from a security perspective.
I think the other thing as well, talking about our region in Cheltenham specifically, is we’re looking at NCSC now, very public-facing part of GCHQ which is a big culture shift from where they were 10 years ago say, and I think a lot more of that is going to help. There’s IP interest there that can be brought out into the commercial sector, and capabilities developed off of the back of that. We’ve mentioned companies like Ripjar, Immersive, and others where some of their founding members have had experience working in government in that area, and I think bringing some of that knowledge and expertise out into the private sector will help bridge that gap.
Rose Ross: Definitely. You talked about Immersive and the collaboration there, and certainly from our perspective – from TechBritannia one of the motivators really is, I know that my co-founder Eric Doyle was really very passionate about trying to find a way to glue, or get that benefit of creating some really powerful links between what is happening with academia, and what is happening in the commercial world, and even what’s happening in different pockets of academia, where someone is working on an IoT project, somebody’s working on a cyber security project, and they fit together. So, the two parts, only 100-million each investment, but put the two together we might just give Israel a run for its money with that type of collaboration if you take those potential spinouts.
Obviously, the US has been really-really-really good at that knowledge transfer as well, between academia and the links between that and the commercial world, commercialising those ideas. So, I think anything we can do in the UK from a tech perspective, and obviously cyber security which is one of our really strong offerings from a tech perspective, has to be a really good thing.
So, what kind of stuff are we going to see in a practical sense from UKC3?
Rich Yorke: From UKC3, one of the first things we’re going to see is actual practical funding coming from UKC3 into the clusters, which enable clusters to bring people onboard to run activities on a full-time basis. Those types of activities will be events such as we’ve been running in Cheltenham, where we bring together the startup community with perhaps some of the academic organisations that work in a particular area of research. There’s one for example, where we’re looking to bring in Lizzie Coles-Kemp from Royal Holloway who’s looking at smart cities and trust, and actually what security products, services, and innovation do we need around that. So, we’d facilitate a roundtable discussion that would then explore those ideas, the ideas then form parts of collaboration between those organisations, which can go on to be true capability in the real world.
The other thing we’re doing within Cheltenham is working with our local enterprise partnerships like GFirst LEP, to enhance the services they offer through their growth hubs, to make them really tailored and specific to the cyber industry. So, a lot of the cyber spinouts, if you think they’re technologists at heart, less good… and I apologise if I’m offending any of them here, but less good at the business growth piece, financing, and those kinds of things. So, it’s bringing that knowledge and mentoring into those organisations so that they structure their businesses in the right way, structure them for growth, to know where to go to and what times in their growth cycle to go for funding, for example.
Rose Ross: Well, there certainly are some great technologists who are very good at commercial, but it’s like anything really, you can’t be expected to be a Jack of all trades and master of none, that’s not going to get you ground-breaking cyber security code coming out of that kind of person. You need people who understand the challenges, the problems, are future-looking and then obviously people in a team who have the ability to code, develop products, and suchlike. When you’re a relatively small team I don’t expect a commercial whizz as well to be in one of those brains, it’s a lot to ask of people. So, yeah that’s all really-really important.
We’ve talked about Immersive Labs, and they’ve just picked up $75-million from the likes of Menlo VC, so that’s a really great success story, hopefully we will get somebody from Immersive on to talk about their journey. But you’ve had a journey where you’ve just taken up a fulltime role now with CyNam, and obviously there are lots of initiatives that I’m sure you’re getting very involved with, including the collaborative stuff that you just talked about. So, perhaps you could talk a little bit about Rich’s journey to CyNam.
Rich Yorke: Of course, yeah very happy to talk about myself! My journey, I know we don’t have all day so I won’t go right back to the beginning of my career.
Rose Ross: We can always edit it all out Rich at the end.
Rich Yorke: I suppose my journey in the cyber security and national security industry started back in 2002-03 time when I joined the Cabinet Office. At the time, there was the e-delivery team, which was delivering central services for government, so things like the Government Gateway which is still used today for things like self-assessments, authentication, and transaction routing within citizen to government business, to government. So, that was my first foray into cyber security and national security, and worked there for a number of years before joining Atos where I was a programme and project delivery manager, working again in the national security sector. I did that for about four or five years, and then in the backend of 2014 with my co-founders we formed the company which went on to be called Deep3 Software. We grew that from a nucleus of four of us, founders, and over the course of five years grew that to about 70 or so people, turnover in excess of £6 million. Then yes, sold that business to CACI in November 2019, so that we could continue our growth with the backing of a corporate.
That’s been a really exciting journey for me, it’s been fantastic to grow the business, the ups and downs of doing that, learnt a lot along the way, had a fantastic ride – really enjoyed it. We did some great things in terms of the capabilities we developed in partnership with other industry partners and other suppliers in the cyber sector, and also government as well. It felt like it really made a difference, but it was time for me to move into focusing on CyNam in a dedicated way from April this year, because we could see the growth opportunity within Cheltenham and the region. I really wanted to put my weight behind that and help the other businesses in the region who were going on hopefully a similar journey to me, a successful journey, and see what I could do to help support them and share that growth.
Rose Ross: Fantastic. Well, it’s great to have someone who’s actually done it. It’s a bit like climb that mountain, well I know roughly what to do… right! But I’ve never actually climbed a mountain, so I’m going to tell you how to do it because I’ve watched lots of YouTube videos, I went to the shop and I got all the right equipment. It’s great that we’ve got a real pioneer there coming to support what’s going on at CyNam.
So, we talked about a couple of other things, and Lindy Cameron heads-up NCSC, got Claudia Natanson who heads up the UK Cyber Security Council, and Poppy Gustafsson is the CEO of Darktrace, which is another great success story for the UK cyberworld. So, we are starting to see powerful, influential women, and there are lots of others, that’s just three examples, and obviously you mentioned Lizzie Coles-Kemp as being an academic who is really shining with that IoT and trust.
So diversity, and we’ve talked about skills gaps and all of these things but obviously also people to do the various roles, and there are a whole spectrum of roles within cyber security, as in most tech sectors. What can clusters do to nurture that, bringing more people on and therefore encouraging as many people who have something to bring to cyber security to consider that as a role, whether that be somebody who’s maybe leaving the military, returning to work after starting a family, or doing a different type of role, what can we do as an industry to support those types of people, to encourage them?
Rich Yorke: Exactly. I think one of the key things that can be done I guess first of all, is raising the awareness and visibility of the various roles within the sector, exactly as you said, they’re not just hardcore technical roles, obviously there are a lot of those in cyber security, but there’s lots of others too. So, I think that’s one thing, is making the industry and changing the perception of it, so it is more accessible to people coming potentially from other industries.
I think as well also, showcasing particularly areas where women are doing a great job, making sure that it’s really visible. So, you’ve mentioned those leaders, absolutely those are role models for people to aspire to and learn from. But, then there’s also those women already in the sector doing fantastic work at the working level, and highlighting those roles as well, so that people can see, ‘Actually that is a role that I can do.’ That’s something, through the work of my colleague Madelaine at CyNam, we’ve been doing at the last CyNam event before this one, so the 21.1 event it was around International Women’s Day and we had a video, it must have been about 40 or so women who were working in the sector within the region, just saying what their name was, what their job was, and it’s such a diverse range of backgrounds and a diverse range of roles.
We’ve had lots of engagement with that, this is helping to inspire not just the next generation who are coming through the education system, but as I say women from other industries to say, ‘Actually, this is a sector that I’d like to get involved in.’
Rose Ross: Definitely, and obviously gender is just one area where we can look at diversity and neuro-diversity, or being neuro-divergent is important as well. We need people who look at the world in lots of different ways to look at cyber security, because we don’t know who the actors are, we don’t know where the threats lie. Whether it’s from an ethnicity perspective and other aspects, we all have our own personal view of the world and we can’t have people defending and putting solutions or products in place, or processes for that matter, looking at it purely from one angle and one view. That strengthens us as well doesn’t it?
Rich Yorke: Diversity of thoughts, yeah, the most diverse way to gather thinking and diverse thinking is to engage and bring in a diverse range of people from all the backgrounds. Cyber security touches every aspect of society of course, so we need to absolutely address that diversity challenge. A lot of the work being done through the cyber skills workstream with CyberFirst, NCSC, and DCMS initiatives as well in that area, is focused on inspiring that next generation from all backgrounds. We absolutely want to engage with the disadvantaged communities, and as I say make it aware that this is a sector that they can play a key role on, and it’s a sector that impacts them as well.
Rose Ross: Fantastic. So, obviously you’ve now got an opportunity in our closing moments, to maybe shine a little light on some of the people we should be… this is a difficult one like who’s your favourite child, because of course there are no favourites, but let’s say, which ones might come to mind… let’s make this a bit fairer, maybe some that are very involved in either 21.2 or 21.3 – oh actually, 21.3, let’s make do a quick shoutout, what’s the plans there because that’s September, not long to go. I’m sure you’ve got lots of ideas floating about, are there any you can tell us about and perhaps highlight some of the startups that may be getting involved with that?
Rich Yorke: Well, yes and no. So, we are developing a theme for 21.3, it’s going to be in October…
Rose Ross: Oh, October. I apologise.
Rich Yorke: No date has been confirmed. I think if I spoke to Clare and Eleanor here who are the driving force on events, saying we’re bringing it forward to September, they’d literally…
Rose Ross: That was my fault ladies, I said that – it wasn’t Rich, he’s put me straight immediately, so no harm no foul there.
Rich Yorke: Yes, so our October event. We haven’t decided the theme yet, in fact, just before this call, I was in a workshop with colleagues looking at the various options that we have around themes, so I think in the next two weeks we’ll have something for you then, and we’ll be sure to share that.
Again, what we’ll be looking at here is looking at either technology themes, so potentially quantum is something we’re considering, AI obviously being a key subject that impacts cyber security as it does with other tech industries. And then looking at what sectors does that impact so that we can weave that together, but it will be very much a similar vein to 21.2 in that we’ll look to bring technology businesses, academia, governments, and the startup community and bring them all together, so that we really have that interesting debate and make those connections.
The other exciting things about October, and I don’t want to jinx this by saying it out loud, is it should also be a physical event, and we’ll be looking to get a venue of maybe three, four, or five hundred people if we can get enough interest to people who can and are happy to travel. Since we’ve gone virtual it’s been great, we’ve engaged with a wider audience and we’ve been able to get speakers from a more diverse background, which is what it’s all about. However, we’ve missed that real vital element of a thriving ecosystem which is collaboration and networking, so we’re very much looking forward to that.
Now, you did ask me to namedrop didn’t you?
Rose Ross: I was going to push you on that again, so I’m afraid that question has not gone away!
Rich Yorke: Yes, I know and I’m not avoiding it, I promise you! So, in terms of the businesses I mentioned, there’s 175, I think, within the ecosystem that engage to a greater or lesser extent, but one of the things we do in CyNam is engage with all shapes and sizes of businesses, because an ecosystem is made up of the big ones as well as the small ones. We’ve had lots of support from some of those big players, we have CGI which I must mention because they’re our annual sponsors, so full declaration – they do sponsor the work that we do, enable us to put on the events, so CGI have been very active this year. Capita as well have been. We’re working with Plexal and Deloitte, two organisations that we work closely with, particular around the NCSC’s innovation partnership.
Rose Ross: Plexal are part of this NCSC startup initiative aren’t they, that was announced at the event last week.
Rich Yorke: That’s exactly right, yes. Plexal are leading that and then we’re part of that team, so we at CyNam are going to be putting on a number of events, particularly around that ecosystem development piece and bringing together those different organisations and academia into the discussion, to help shape future challenges that go through that innovation partnership.
But I must mention some of the small businesses, so Wembley Partners is a locally–based cybersecurity firm that have been working with us as well, they’ve done our cyber essential certification for us and helped us with our own cybersecurity, because obviously we’re a public-facing body, we’re a community interest company and they’ve done that for us. They’ve done a fantastic job, not just at the point in time of getting us secure and accredited, but actually the ongoing monitoring that’s around that.
I could list off a lot of companies but I’d be here all day. We’re fortunate to have such a big ecosystem here, but those are just some.
Rose Ross: You mentioned quantum and AI, are there any players in that space that are worth a little shout-out to?
Rich Yorke: Some of the quantum space, it’s a big household name but IBM, obviously, invested heavily in quantum research and it would be great if we can get them to invest in quantum research within the UK, that’s something that we’re discussing with them and encouraging that, so that’s one area. The other is a company I must mention, Rebellion Defense, a US firm growing very fast and doing some really interesting work in terms of AI, based here in Cheltenham and are going to be working with us closely over the next 12 months.
Rose Ross: Well I’m sure lots of names to watch, although some of them are very familiar.
Rich Yorke: Some are very familiar, yes, but there’s some to watch out. I don’t know if I’ve mentioned Aquilai, again a business that have been acquired recently by another UK-based firm, so they’ve been through the previous version of the NCSC accelerator programme, it’s great to see a British company there, grow and exit, but then also work for another British company to accelerate and further grow their offering, all contributing back to the UK economy. So, that’s as I say, really great to see those journey happen.
Rose Ross: Fantastic. Well it certainly sounds like you’ve got a busy schedule for yourself there, Rich, with the initiative that you’re involved with, and I’m sure you’re getting involved in a lot of the stuff that’s happening in Cheltenham from NCSC, the Plexal stuff etc. etc.
I’m going to let you sign off now so you can get on with the rest of your to-do list for today, but thank you so much for joining us, it’s been an absolute pleasure.
That is Rich Yorke who is the Managing Director and one of the founding partners of CyNam who are the cyber cluster in Cheltenham. Thank you very much Rich.
I am Rose Ross, I’m co-conspirator and co-founder of TechBritannia, and I’m also delighted to be presenter and interviewer for the #WeareTechBritannia podcasts. You can find out more about TechBritannia at techbritannia.co.uk or follow us @techbritannia on Twitter, and you can also find us on LinkedIn.
Thank you very much everyone.