Jem Henderson, April 26, 2019 5 min read
As a former industrial town, Barnsley has been making great strides in regeneration. An increasing number of programmes for tech companies are ran there, many of them powered by the Digital Media Centre (or DMC).
One of these companies is Bob’s Business, which offers cybersecurity training and best practice guidance to organisations and government departments. The company’s courses cover topics such anti-bribery, backing up data, data protection and phishing.
We sat down with founder Melanie Oldham to talk about how her company adds a more human element to cybersecurity, some of the challenges that she has overcome and her advice for other growing companies.
Melanie Oldham: Bob’s Business looks at the human side of cybersecurity. We help to change the way that people think about online security and how businesses communicate about online dangers, dealing with the emotions that come up when we talk about cybersecurity. We also work to influence and change people’s behaviour.
For example, we’ve seen businesses hoarding emails. People are creatures of habit and we have many bad habits – from people reusing passwords to using work emails for personal online accounts. This creates the perfect potential attack vector for hackers looking for a way in to a company.
It’s about dealing with the fear of the unknown. Cybersecurity sounds like a big technical beast to most people, but if you can take away that fear then you can create a culture of good secure behaviour. What we’re trying to do is create an interest in security and personal privacy that people see as standard in their digital lives.
We create content to help nudge people into what they should be doing. We use animation, stories and no jargon – as that’s what intimidates folks – and it’s much easier to learn if you’re teaching something in a way that is enjoyable. That’s the best way to get your community engaged. Criminals know that people are much more easy to exploit than tech, so informed people are better protected.
I’m actually an ex-hotel manager. That was a hard job working long hours and I was becoming tired and frustrated with the industry, so I quit out of the blue and did some temping work. I became the receptionist at the local chamber of commerce in Huddersfield. From there, I went into project management, specifically looking at how training programmes are run.
One day I was asked if I knew anything about Information Security. I didn’t, but soon found myself in a room with a bunch of techies, who were all experts in security standards I’d not come across before – like BS7799 (on best practises for Information Security management). I felt a bit like Jen from the IT Crowd.
“I have found 29 people in Barnsley to work in my cybersecurity business by thinking about things a little differently.”
Bob was part of our original series of animations that we created. He was supposed to be a relatable guy – an ‘every man’ that people could identify with. I always get asked ‘so where’s Bob?’ when I go to meetings presuming he was the founder of the business and not me!
I’m really lucky – I have the best team ever. Developed from apprentices and student placements, they understand me and the business inside out as I trained many of them as apprentices – or they came for work experience and never left. If I am honest, initially it was because I am northern at heart and quite tight!
I went to university in Leeds and my family is from Yorkshire – that quality definitely rubbed off on me. Another thing is resilience; I didn’t have the best time at school which helped to build that. The experiences that we have as we grow up, and how we face challenges and risk new opportunities make us suited to the entrepreneurial life.
I set up in Barnsley because my family were here. I took a desk in the Digital Media Centre because they had all the infrastructure I needed, as well as the support and funding required. Then I took on my first graduate in 2011 and we’ve now grown organically to 29 people.
“It’s really important to me that I’ve built a culture where it’s okay to not be okay; where if you need help, it’s easy to ask for it. This is for everyone – the boss included. Be honest with your team and let yourself be seen as human.”
Working in cybersecurity is really interesting – lots of people who work in the field are non-neurotypical. This means that when they’re on form they’re absolutely incredible but when they’re feeling stressed and under too much pressure, it can be a challenge.
It makes for an interesting time in hiring. Emotions are what makes us unique and vulnerable and I have found that a lot of techies struggle with people-centric security as people can’t be controlled and patched in the same way that technology can.
One of the things that I have done is build in healthcare for everyone from the off. Once the team reached four people, I made sure that there was mental health care available at all hours. It’s really important to me that I’ve built a culture where it’s okay to not be okay; where if you need help, it’s easy to ask for it. This is for everyone – the boss included. Be honest with your team and let yourself be seen as human.
It bleeds over into my ideas around cybersecurity. Breeches happen and people need to be able to come forward and say something has happened. Building the right culture in your business makes your business stronger.
Many of the struggles that everyone faces in the tech industry – including access to talent. However, one of the things that I have realised is that this access to talent can be a little bit self-imposed. I have found 29 people in Barnsley to work in my cybersecurity business by thinking about things a little differently. Transferable skills are just as important to tech staff as tech skills; you can train people to have the skill set you need.
We manage to keep people as well. If I hire via a recruitment company, then people leave after 12-18 months. When I recruit locally, people stay. Another thing is diversity – it can be an issue at some companies but we don’t have that here. Being a minority means that you can hire minorities more easily because you’re hiring individuals with traits that match yours.
