Principal Research Analyst
Paul Holland is a Principal Research Analyst at the ISF. Since joining he has had the pleasure of researching and providing insights into how to securely use Open Source Software, Agile development, Containerisation, Cloud and Industrial Control Systems.
Paul has worked in Information Security and IT for over 25 years, across financial, consultancy and managed services, retail, education, manufacturing and logistics plus more, before joining the ISF in March 2019. He was previously responsible for technical security, including architecture and penetration testing, and awareness programs as well as managing senior stakeholders and incident response. At the ISF he is the People Lead for the Research team.
Paul is passionate about helping people and organisations by providing support and education on all aspects of information and cyber security. He enjoys working in the industry as it is a continual learning journey. Paul has mentored others and been a mentee himself. He is a guest lecturer and supports students with their dissertations at Warwick University and regularly presents at external events. Outside of work Paul regularly plays squash and hockey where he has also been team captain.
One of the most important conversations that Paul encounters relates to risk acceptance: all organisations must accept some level of risk to operate, and information security is no different to any other area. Before a stakeholder can decide on whether to mitigate the risk or accept it, it is vital that the risk is fully understood. Helping and supporting these stakeholders is therefore a core focus of Paul’s research: it is an area that information security professionals need to focus on to successfully protect the organisation
Recent insight from this expert
Securing Containers: Keeping pace with change
Organisational use of Containers has been increasing rapidly, rising from 23% to 92% in a 4-year period.
Collaborating to Shift Away from Shadow OT
Paul Holland offers author's insight into the ISF research on ICS, and how you can understand and protect these often-critical environments.