Bring strategy back into your security posture by turning to chess
Guest blog: Ramsés Gallego, International Chief Technology Officer, CyberRes, Micro Focus as part of our #Cyber2021 week.
In chess, players must think both tactically and strategically. They must respond to the immediate situation by countering threats, while also understanding how their moves might create vulnerabilities that their opponent can exploit. The same is true for securing your business.
During 2020, organizations went through a wave of rapid digital transformation which, understandably, was more tactical than strategic. The need for flexible remote working led to a massive rollout of new devices and permissions to access data. New applications were deployed to ensure continuity of business processes and services. More tools and cloud capacity were added to the IT infrastructure to keep up with demand.
Now that the world is reopening, organisations need to take a strategic look at their technology and solidify the benefits of this digitalization. This means mitigating the risks of a bigger attack surface that was created by the additional devices, applications, users, and data.
Make your best moves with a helping hand
The strategic approach to digital transformation is to run and transform simultaneously, bridging existing and emerging technologies while mitigating risks. Remote working, for example, isn’t just about handing out devices. It’s about providing secure access to the systems individuals need and taking into account what could happen after access is granted. Once data can be accessed from anywhere, a single breach could compromise large swathes of valuable data.
Rather than building walls that silo information and lock down identity privileges, the strategic move might be to implement a User and Entity Behaviour Analytics (UEBA) tool. These AI tools monitor all system activity in real time, identifying anomalies and responding to risk. This is context-aware computing: security that works with how employees work, rather than creating barriers to productivity.
We can also build DevSecOps processes that centre on security and introduce tools such as Runtime Application Self-Protection (RASP) that automate the detection and prevention of threats at the application layer. The strategic move, however, might be to also include HR in the response process and call on business leaders to promote teamwork.
This form of risk is heightened by the realities of remote working. Staff need to share data, but if the officially-sanctioned tool presents a problem, they might turn to alternative solutions, removing that data from security oversight in the process. Likewise, if they need to access data frequently, they might save copies in multiple places to avoid repeated security checks.
All of this creates a growing mass of shadow data. While continued digital transformation might reduce non-sanctioned practices, the strategic move might be to put data discovery tools in place and in return bring shadow data back under the influence of your security strategy.
Checkmate in three
Your business is the king you must protect. In chess, finding your king in check means making a move that eliminates the danger. Similarly, any threat to your business continuity needs to be answered immediately. The best strategy is to avoid check by making cybersecurity the queen that keeps your business safe.
At CyberRes, we understand the right strategies to protect what’s most valuable. We read the board for threats that are specific to an organisation and supply solutions that put risk in checkmate. We keep businesses cyber resilient with three key moves: Manage Identities, Secure Applications, and Protect Data.
To learn more about how we make businesses resilient through transformation, please contact Ramsés Gallego or visit Cyberres.com
Jill Broom
Head of Cyber Resilience, techUK
Jill Broom
Head of Cyber Resilience, techUK
Jill leads the techUK Cyber Resilience programme, having originally joined techUK in October 2020 as a Programme Manager for the Cyber and Central Government programmes. She is responsible for managing techUK's work across the cyber security ecosystem, bringing industry together with key stakeholders across the public and private sectors. Jill also provides the industry secretariat for the Cyber Growth Partnership, the industry and government conduit for supporting the growth of the sector. A key focus of her work is to strengthen the public–private partnership across cyber to support further development of UK cyber security and resilience policy.
Before joining techUK, Jill worked as a Senior Caseworker for an MP, advocating for local communities, businesses and individuals, so she is particularly committed to techUK’s vision of harnessing the power of technology to improve people’s lives. Jill is also an experienced editorial professional and has delivered copyediting and writing services for public-body and SME clients as well as publishers.
Olivia Staples joined techUK in May 2025 as a Junior Programme Manager in the Cyber Resilience team.
She supports the programs mission to promote cyber resilience by engaging key commercial and government stakeholders to shape the cyber resilience policy towards increased security and industry growth. Olivia assists in member engagement, event facilitation and communications support.
Before joining techUK, Olivia gained experience in research, advocacy, and strategic communications across several international organisations. At the Munich Security Conference, she supported stakeholder engagement and contributed to strategic communications. She also worked closely with local and national government stakeholders in Spain and Italy, where she was involved in policy monitoring and advocacy for both public and private sector clients.
Olivia holds an MSc in Political Science (Comparative Politics and Conflict Studies) from the London School of Economics (LSE) and a BA in Spanish and Latin American Studies from University College London (UCL).
Outside of tech, Olivia enjoys volunteering with local charities and learning Norwegian.
Annie is the Programme Manager for Cyber Resilience at techUK. She first joined as the Programme Manager for Cyber Security and Central Government in September 2023.
In her role, Annie supports the Cyber Security SME Forum, engaging regularly with key government and industry stakeholders to advance the growth and development of SMEs in the cyber sector. Annie also coordinates events, engages with policy makers and represents techUK at a number of cyber security events.
Before joining techUK, Annie was an Account Manager at a specialist healthcare agency, where she provided public affairs support to a wide range of medical technology clients. She also gained experience as an intern in both an MP’s constituency office and with the Association of Independent Professionals and the Self-Employed. Annie holds a degree in International Relations from Nottingham Trent University.
Programme Marketing Assistant for Public Sector Markets, techUK
Tracy Modha
Programme Marketing Assistant for Public Sector Markets, techUK
Tracy supports the marketing of several areas at techUK, including Cyber Exchange, Central Government, Cyber Resilience, Defence, Education, Health and Social Care, Justice and Emergency Services, Local Public Services, Nations and Regions and National Security.
Tracy joined techUK in March 2022, having worked in the education sector for 19 years, covering administration, research project support, IT support and event/training support. My most outstanding achievement has been running three very successful international conferences and over 300 training courses booked all over the globe!
Tracy has a great interest in tech. Gaming and computing have been a big part of her life, and now electric cars are an exciting look at the future. She has warmed to Alexa, even though it can sometimes be sassy!
Programme Team Assistant for Public Sector Markets, techUK
Francesca Richiusa
Programme Team Assistant for Public Sector Markets, techUK
Fran serves as the Programme Team Assistant within techUK’s Public Sector Market Programmes, where she is responsible for delivering comprehensive team support, managing administrative functions, and fostering strong relationships with members.
Prior to joining techUK in May 2025, Fran built a meaningful career in the charitable and local government sectors. She worked extensively with both victims and perpetrators of crime, and notably led the coordination of Domestic Homicide Reviews across Surrey—an initiative aimed at identifying lessons and preventing future incidents of domestic abuse.
Outside of work, Fran is an avid traveller and a proud cat mum who enjoys unwinding with her feline companions.