In our Armed Forces Day special industry insights interview we catch up with former Intelligence Corps Colonel, Brigadier Mark Proctor OBE. In this question and answer interview with TechVets, Mark shares his career tips, cyber security insights and the lessons learnt during his time in the Intelligence Corps.
1. How did you find yourself in the Intelligence Corps?
It was a mixture of luck and opportunity. The Intelligence Corps was one of my three cap-badge options at Sandhurst although I didn’t expect to be selected given my poor educational record – when I was offered a place I was genuinely surprised and elated at the same time. I chose it because I knew very little about the Corps but knew from speaking with others that it was exciting and very different to many of the other Corps or Regiments in the British Army. Luck played its part for sure!
2. What role does the Intelligence Corps play in UK cyber security?
The Intelligence Corps provides Understanding through intelligence collection and analysis regardless of specialisation – we are employed in many organisations and areas of specialisation, cyber security being just one.
3. You previously took command of the army’s cyber and electromagnetic activities. What does that mean in civvie speak and what did it entail?
Command is about responsibility of people and function of your organisation. So first and foremost, I was there to provide that oversight for our people (from all three Services and civilians) which included leadership, day to day tasking, communicating and interpreting higher commander’s intent, HR oversight especially annual reports and that there was inclusion and diversity in how we did our business. From a functional perspective, JCG was responsible for the provision of critical strategic, operational and tactical intelligence into Defence Intelligence (DI) and so I ensured we did this in an efficient and timely manner so that key decision could be made by Government and Senior Military Officers, with all the necessary information to hand.
4. Where will you be in 5 years?
A good question. Where is anyone going to be in 5 years, right? I know I will not be in the Army as I leave this year. Whatever I am doing I hope it entails working with people, hopefully in a coaching and mentoring capacity. If I could tie that in with something to do with road cycling I will be in a very happy place indeed.
5. What projects/areas of tech/cyber will the army focus on in the next 5 years?
I honestly don’t know. I have not been working in the Army for a few years now (in JCG it was a Joint organisation and as a Fellow at RUSI, an independent Think Tank, I am not at the heart of Army Planning) but I am sure it will be around something to do with data, how we get the most from it, how we disseminate it and how we use it to gain some sort of advantage over our adversary as well as do our own business. Defensive Cyber will certainly be key not only in protecting our own capabilities but also to ensure we can manoeuvre in the digital environment.
6. Why should people consider the army instead of the commercial sector if they want to pursue tech or cyber careers?
I think the Army is more than just a career. It is not only about tech or cyber – you can soldier (special duties) or be posted to a job that carries out planning or training. You can play sport or go adventure training. There are more environments to work in and you can deploy on operations – providing flexibility and a thrill that I don’t think can be matched in the commercial sector.
7. What has been the highlight of your career to date?
The opportunity to lead. Bringing people together, making them feel valued and empowering them to achieve things they didn’t think they were capable of. I have always considered this a privilege.
1. Throughout your life who would you say have been your main role models and why?
I always looked up to great sports personalities – Danie Gerber the Springbok centre, Naas Botha Springbok fly-half and Joost van der Westhuizen the brilliant Springbok scrum-half. However, I was brought up in the South African apartheid era which of course had an effect on South African international sport through bans. It was here that I can say I identified my real role model and that was Nelson Mandela. A true hero and a guiding figure for me, especially when it comes to leadership and his faith.
2. Do you or have you ever had a mentor? What did you learn from them?
I never had a mentor actually. I identified the strengths of a mentor far too late. There are many an occasion where having had a mentor may have helped; discussing difficult situations, your actions and ideas as well as an active listener.
3. You’ve recently completed formal qualifications in mentoring. Why is mentoring important?
It provides a neutral space in which to identify your strengths and weaknesses and make mistakes without being judged. Learning from people who have done things you aspire to do and understand where they made mistakes and how you can navigate some of life’s trickier areas. It’s certainly not a weakness to seek this help. Smart organisations know the strength that lies in getting a mentor to bring their people on. The Army initiative to support the NHS during COVID, through mentoring, was using our strengths from lessons we had learnt on operations and, the benefits have been amazing as well as satisfying. To help and then watch people grow as they deal with adversity is one of the most satisfying things I have ever done.
4. What mistakes have you made in your career? How have they shaped you for the better?
Where to start!
Work/Life balance – too much on the work front and not enough on the family/social side. It’s not hard or clever to keep going for hours on end. It has an adverse effect on you physically and mentally – a lose/lose situation. The Army loses because you are tired and your thinking is hampered making mistakes more likely and your family lose because you are away, not contributing to family life and being grumpy.
Taken on too much responsibility and not delegating appropriately. We have amazing people who we can and should trust to take on responsibility. To be a great leader you don’t need to do everything yourself. Nelson Mandel led from the back and I learnt that lesson but quite late.
Worried too much about promotion (not often but once or twice) and lost focus on what I was meant to be doing. I am sure many of us can relate to this one. My most content times in the Army came from enjoying what I did and not worrying about how I was competing with my peers. It is a difficult one because the system is designed in that way but we can achieve a reasonable balance quite easily if we want to (a great area for mentor support!).
Not doing a course while I was still young enough to do it (para and commando courses). Take opportunities as they come. Don’t put things off and say I will do it tomorrow or next time. Time runs away quickly and before you know it’s gone.
Not speaking up when I should have – being quiet because I didn’t want to upset my boss. This has driven me to be more inclusive with everyone that I work with. Encouraging people to speak out – that it’s okay to do so and having a different view or opinion is a strength not a weakness. Some of the environments I have worked in have not been conducive to different thinking and so I was too afraid to say something.
5. When the hours are long and morale is low, what gets you out of bed in the morning and what has kept you in the army?
The team – simply put, it is the people. The courage, strength and belief they show when things get a bit tricky. We know each other and what makes us tick so we are there to support each other through those tough times.
6. What book are you reading at the moment and how did it come to you?
Humankind by Rutger Bregman. A friend recommended it to help with my understanding of human beings that may support my coaching and mentoring journey. It’s a fascinating insight that looks to dispel a few myths about why we do bad things.
Your thoughts on tech industry issues:
Diversity & Inclusion
1. What actions does the army need to take to improve diversity and inclusion in the defence tech/cyber roles?
I am not fully read into what the Army is doing right now but I know diversity and inclusion are high priorities. I have certainly placed it very high in my priorities. I am not sure I would just single out tech and cyber roles – the balance must be struck across all disciplines. I think we all need to have it as a consideration as we go about our planning and day to day duties.
We know the strength of having different thinkers, ensuring not everyone is thinking the same means new ideas, views or opinions. I know from recent experience, we look at the make-up of committees, boards and teams ensuring we are as diverse and inclusive as we can be. It is then about creating the right atmosphere so that people aren’t afraid of being different and they will be accepted as they are.
2. How can this be translated from existing as great theory to practice?
Creating the right atmosphere – must start from the top. I see it in practice more often now. More to do but I am encouraged by what I have seen.
Cyber security & army personnel
For many people, physical security is of the utmost importance and it’s reflected in visible and physical entities such as the police force. But 5.25 billion people across the world carry mobile phones with a microphone, camera and GPS device that can be turned on without the user’s knowledge.
1. Why do you think the ‘general public’ are so flippant about their data security?
When things affect us, as individuals, we see things through a different prism and take it more seriously. In other words, unless a situation affects us, we do nothing. In the case of our mobile phones and the protection of our data therefore, we ignore the threats unless we become a victim of it. We are attached to our phones 24hrs a day, it’s a crutch we can’t do without – restrict use at your peril. We therefore turn a blind eye.
This is exactly the same journey we have been on with physical security measures in the past. We all want to protect people or assets but putting fences up or access control systems in, conduct vetting and issuing passes are all a nuisance and cost money. So, we end up putting the minimum measures in place and we only wake up to the real threats when an incident takes place, ending up trying to shut the door once the horse has bolted. It is difficult to compare the physical security challenge to that of the data security challenge – the scale is very different but a frustration nevertheless.
2. How can we encourage military personnel and their families to take better care of their cyber security?
Continue to identify the threats to them and offer the tools to do something about it. Once again, a unit, formation or organisation’s attitude to certain things is set by its commander/hierarchy – get them to prioritise it, and live it, and that will be a good start.
3. What training do service personnel receive in regard to cyber security?
Awareness notes and orders are frequently posted on MODnet and on Defence Connect. There are also local Unit initiatives. I think it might be included in Phase 1 and 2 officer and soldier training.
Offensive cyber & cross domain cyber
In an interview with Sky News earlier this year, General Sanders, head of the Army’s Strategic Command and (in an interview alongside Jeremy Fleming, Head of GCHQ) said;
“What you’re seeing are our adversaries, our rivals, exploiting the tools that are meant to make for a more Utopian society – so things like social media – against us, fuelling conspiracy theories and really sowing division and tearing the fabric of society apart . . . almost fuelling a civil war inside some of these societies.”
1. How can the British Army work more effectively with the commercial tech and cyber sector to protect democratic process and counter the threats posed by hacking?
I think D Info, General Cole, in Army headquarters would say we are on the right path to addressing this. Personally, I think we need to set our Cyber Governance (from the top) in the military in a different way to create a more coordinated approach. I am not convinced we have the right top to bottom alignment just yet. The Integrated Review and Command Plan should address this.
2. In your role as an army visiting fellow to RUSI, what research themes such as cyber governance and integration are drawing your focus?
Without giving too much away (my paper will be published in the Summer), it is around processes, cyber as a domain, cyber language and understanding and people. I am wary that we will be drawn into thinking offensive and defensive cyber is the answer to all threats posed by our adversaries thus lessoning the attention on other military capabilities. Cyber is just one area we should be focusing on, not the only area.
3. What initiatives and changes do you hope to see in the launch of a new national cyber strategy later this year?
Given the responses I have provided above, I would hope to see clearer governance and how other governmental departments and agencies are ensuring we are operating in the spirit of Fusion Doctrine – a whole of UK response to threats.
4. What other internationally recognised academic institutions have or are you working with, and what has impressed you most about their approach to cyber security strategy?
My research has included interviews with Allies, agencies and military personnel from all three Services. The commitment shown by all of them, possibly driven by the constant and immediate threat posed by our adversaries in cyberspace, has been impressive. We are all chasing for the right approach but more importantly, we should be providing constructive criticism to the way we are dealing with this challenge. Keeping ourselves honest and on our toes will mean we can stay one step ahead – when you think about it, we are all in a race for the same thing – winning to protect ourselves and being prepared to counter our adversaries if it comes to that.
5. The British Army talks about empowering its people at the lowest level, what does this mean and what does it look like?
It means regardless of rank, you can bring a good idea to the table and then to be trusted to deliver an outcome. Not everything should be decided by the highest-ranking member. When I was commander JCG, I delegated responsibility to two or three ranks below me so they could decide on what action to take in particular circumstances. I gave my intent and the staff acted upon it. They were more than capable and had my trust. It is important to create the right atmosphere for this to work properly. Mistakes should be allowed and lessons should be learned.
6. What does the Intelligence Corps of 2021 look for in its recruitment of soldiers and officers? What sets them apart?
I’m not in this space now but we are always looking for self-motivated women and men who can keep calm under pressure and deliver analysis coherently and confidently to very senior people. Few soldiers and officers from other cap-badges will get this responsibility and trust, to become semi-expert so quickly, right from the beginning of their career – this is what sets them apart.
7. The Integrated Review sets an objective to ‘build seamless systems to detect and act with industry on cyber threat information at scale and pace’. What do you think this will look like in any forthcoming strategy.
I am not sure on the corporate strategy take but I think it will mean we have to work more closely with industry and in a way we haven’t to date. Our teams are likely to be integrated and we will have to share more sensitive information – we have some fantastic organisations out there and I can only see this being to our national, collective, advantage.