Coming up with ideas for a framework ESORMA was the farthest thing form my mind just a few years ago. My journey to becoming a co-founder of ESORMA starts like it would for anyone interested in technology but it took some interesting turns.
Having had a keen interest in electronics and computers from a very early age. I was fascinated by the Sinclair Spectrum one of my primary school classmates was allowed to bring in and allow us to play around with. I was hooked.
This interest led to me formally studying computing in college and gaining vocational qualifications and some industry certifications in IT from COMPTIA and Microsoft (A+, Network + and Microsoft Certified Professional (MCP). This eventually led to me going to university and finally graduating with a degree in Business Computing with IT.
Initially I found work as a repair and support technician for a local computer shop all the while studying part time to learn about networking and studying at a Cisco networking academy. This helped me to become a network administrator gaining experience in a few medium to large companies.
The technical experience coupled with certifications I was gaining every few years gave me the confidence to start my own computer repair business: Deltrus Ltd in 2006. The repair side of the business was named 'IT Call' and provided an onsite call out service for computer repairs. The business began repairing laptops which were quickly replacing desktop computers and I took care of all the business from the technical aspects to administration, online marketing and website design and promotion. Along the way, I learned a bit about SEO (ESORMA's co-founder David White's area of expertise knowledge) and managed to get IT Call to the top of Google's organic results for the term Laptop Repairs Manchester (my home city where I have lived all my life).
That was an interesting learning curve and my first of many forays into the business world and entrepreneurship. When competition from larger players started squeezing margins as well as the 2008 recession hitting the industry hard I decided to shut the business down and go back into the industry. This time I wanted to specialise in information security so started by taking a week long intensive training course on ISO27001 and was tasked with implementing this into an organisation.
Once I was bitten by the Infosec bug I knew it was what I wanted to pursue. I next gained another COMPTIA certification, namely Security+ and was busy in self-study preparing for the CISSP exam that I really wanted to pass.
With this new knowledge I gained experience in information security management roles as well as various technical roles over the next few years. Receiving a phone call from a major training organisation that had found me on LinkedIn and being headhunted for an information security training role was a welcome disturbance out of the blue. (I very nearly didn’t answer my phone that day, so things could have been quite different). I snapped up the offer and quit my technical role at a major Apple authorised repair centre at the time to pursue employment in the Information Security industry. I have never looked back.
Teaching others about what was now my passion and helping course delegates get through very difficult exams was and is a very fulfilling role. A bonus gained by working for a training organisation was I was able to do many more certifications before I was let loose teaching them. I quickly passed my CISSP, CISM, PRINCE2 Foundation, CCSP, CISMP, Data Privacy and TOGAF® certifications amongst others. This opened my eyes to frameworks currently being used in the business world and helped me understand the whole process of change management and digital transformation, from governance then project planning to implementation and operations, in much more depth.
Teaching delegates over the years who were from enterprises such as HP, Vodafone, CO-OP, Bentley, the NHS, Deloitte, Symantec, PWC and many others gave me even more insight into the pain points and challenges large and small organisations face when it comes to securing data. Speaking to CISO’s, Information Security managers, consultants and incident management and operations teams as well as those involved in enterprise architecture started a period of reflection on the inadequacies of the status quo. This started a thought process dedicated to overcoming this hurdle.
One of the most common barriers people faced when implement frameworks such as ISO 27001, PRINCE2 and the TOGAF® standard was the complexity and unnecessary (in my opinion) language used in these frameworks. Most of the concepts taught seem like common sense once you are exposed to them. I am a strong proponent of clarity in communication and have been positively influenced by the Plain English Campaign since the 1990s. Often I would find that teaching about many of the existing frameworks ended up turning me into a translator. I was translating between gobbledegook and plain English and the more I thought about this the more dissatisfied I became with them. I knew it could be done better and in a more practical way.
So the chance encounter with a fellow trainer and now ESORMA’s co-founder David White at a cloud security training event being run for PWC led to us both discussing the issues people have with existing management frameworks and the way they were being moulded for implementing Information security even though some of them were really not suited to the task.
This is what led to the formation of ESORMA as a simple and straightforward, guided framework without the unnecessary baggage of traditional methods and frameworks. I guess the proof is in the pudding. I would urge you to join the ESORMA community and find out for yourself what all the fuss is about and why feedback on this has been fantastic. You have nothing to lose and many things (including many useful freebies and advice) to gain. We hope to see you in the members section of our forum soon.
Click here to read about the ESORMA membership community.