Darren Jones of KPMG shares the company’s pragmatic approach to Cybersecurity
"One is always dealing with several clients at any time, assisting them with the different challenges or opportunities that they may be dealing with," says Darren Jones, in leading Cyber Strategy and Transformation programs for KPMG's clients. One of the key factors that make Darren Jones such a successful consultant for KPMG's clients is his desire to empower those around him, combined with an empathetic understanding of a client's experience. Before taking on the role of Director in the Cybersecurity consulting practice at KPMG, Jones had been a client of the firm. He was pleased with the professionalism and level of service provided by the firm, and now that he is with KPMG he shares that this background can be a surprise to those he works with: "I've been the person who's either been working together with consultants at implementing a solution, and occasionally the one accountable for the budget that the different consulting teams are working within." He continues: "Having been 'on the other side' as a client of consulting services, I am wary of recommending or implementing solutions that don't have a pragmatic, lasting value for the client." This experience helps enable Jones and KPMG to deliver a focused and cost effective solution for all organizations, but especially SMEs.
Jones's 20-plus years of work within consultancy allows him to draw upon previous experiences to create new cybersecurity solutions for his clients, as well as using his broad existing network to widen KPMG's clientele. For Jones, much of his personal sense of achievement has derived from supporting his clients in their technological journeys. He references working relationships that span decades with some of the most innovative creators and thought leaders in cybersecurity the world over. "That degree of intellectual engagement has always been an exciting aspect of working in this field," he remarks.
Becoming cyber aware
When it comes to cyber awareness, unfortunately some of Jones’s clients have come to him only after they have encountered a threat. "One particularly worrying detail in the uptick in instances of ransomware in recent months," says Jones, "is the focus toward mid-sized and small municipalities, mid-sized and even small hospitals, and some not-for-profit organizations such as charities. When ransomware targets a larger scale organization like a bank or a government department that's had access to millions of dollars to build their cybersecurity, there are instant response protocols typically in place. For SMEs and NPOs, however, security management can be either minimal or non-existent in some cases." These themes around cybersecurity readiness were also borne out in KPMG’s recently published CEO Outlook Survey. To help encourage preventative measures in place of reactive ones, Jones shares that KPMG consultants offer a 15-point tip and question sheet to SME clients to help to get them started on the journey.
With the rise of attention that cybersecurity receives, the demands on Jones’s team have only grown. Yet he notes that there has also been a growing feeling of "cyber fatigue" from the constant fear mongering from companies and media over the last decade. For this reason, Jones says, KPMG has focused on promoting pragmatism in cybersecurity and cost effective, sustainable solutions. To ensure that a solution is sustainable, the cyber strategy needs to be communicated across all levels of a company. As an example, Jones recently delivered an awareness talk entitled 'Cybersecurity: How You Can Help' which was presented to staff at one of KPMG’s long term municipality clients.
Discussing his experience working with clients on change management, which is vital in introducing any new strategy, Jones comments: “It’s important to build structures and measures to ensure the implementation will proceed with proper acknowledgement of governance; to ensure the ongoing vitality of measuring success; and to have a whole strategy wrapped around that implementation.” He notes that putting these elements in place is key to helping to ensure dialogue with clients moves beyond empathy into the practical implementation of solutions. Jones emphasizes the importance of not only creating solutions that are cost effective, but also ensuring a client feels positive about the future resulting from the solution: "It's using that frame as a way of helping the client to not only see a positive future, but visualize what's positive about the future for them." This is particularly important, he says, as KPMG does not operate solutions for its clients, so it is imperative that they are pleased with and are ready to take ownership of the result.
Educating on cybersecurity
To encourage this approach to cybersecurity in consultants and to sustain knowledge development in the industry, Darren has been working with York University to provide mentorship to students and graduates. Jones started working as a curriculum advisor to York University at the beginning of his tenure with KPMG. “This certificate program is offered to undergraduate students who wish to augment their existing studies by pursuing the specific certificates being offered, and it was also being introduced as something for postgraduate or working professionals to participate in. We have divided our curriculum into two segments: one focused on cybersecurity fundamentals, and the other on offering an advanced certificate in cybersecurity." Four years on from the program’s conceptualization, Jones shares that KPMG has hired one graduate who has come through the program, Frances MacTaggart, who affirms the benefits of the course: “I couldn't more strongly recommend the combination of certificates (Fundamentals and Advanced) to those who are new to the field, wishing to make a career change or those who are wanting to further prepare for the CISSP designation. York University's Cybersecurity Certificates are an outstanding way to increase your knowledge and depth of understanding.”
A well implemented cybersecurity solution ensures that a company can look forward with confidence at opportunities to innovate, instead of focusing on previous errors. As KPMG looks ahead to the future, Jones shares that the firm will assist in the creation of the security foundations of smart cities. "KPMG as a firm certainly recognizes that it will have substantial needs for technology and AI-driven solutions to support the local community and build smart cities." Jones urges that, as larger cities enlist private and public sector partnerships to build and operate smart city solutions, they be cognizant of the risks. While they will have their own specific concerns regarding cybersecurity as individual organizations, they need to be aligned by a single, overall strategy that can manage the public's expectations and ensure citizen engagement and trust. "Here within KPMG in Canada, we are developing a centre of excellence for cybersecurity in municipalities," says Jones, and with KPMG’s impressive collection of awards and its pragmatic focus, the firm is set to cement itself as a cornerstone in implementing these cybersecurity strategies.