Guy Morrell: 2021, My First Year as a CISO
In this episode of the Business of InfoSec Podcast The Francis Crick Institute CISO Guy Morrell shares the successes, challenges, and surprises that he experienced during his first year as a CISO
2021 has been a tumultuous year for many. For Guy Morrell, it is the year he became a CISO.
In this week’s episode of the Business of InfoSec Podcast, Guy Morrell shares his successes, his challenges, and what’s surprised him during his first twelve months as CISO at the Francis Crick Institute.
As well as being his profession, working at The Francis Crick Institute is part passion project and part public service for Morrell. But becoming a CISO challenged him to think about how his role at the institute had changed.
“I often say that becoming a manager was a career change, not a promotion,” Morrell says. “The more you get into management the more you'll be dealing with people, and those interpersonal skills really come into play.”
Research at The Francis Crick Institute
The Francis Crick Institute is a non-profit, biomedical research facility in London, UK. Its principal area of research is the underlying causes of human disease, including cancer, HIV, and influenza.
It was formed in 2015 by three world-class English universities, Imperial College London, University College London, and King’s College London.
The institute is also at the cutting edge of research into the SARS-CoV-2 virus. When the pandemic began, the institute rapidly transformed many of its laboratories into testing facilities, going so far as to set up a public vaccination center in the building.
“We had this great collection of young people living and working in London in lockdown who wanted to make a difference in the pandemic,” Morrell says.
Facing a ‘Security Paradox’
Openness is one of the founding principles of The Francis Crick Insititute. However, the nature of its research means that security measures must be taken very seriously.
For example, their state-of-the-art building in central London houses both a high containment facility for viruses and a biological research facility.
“That combination of dangerous pathogens in a high containment area and animals in the building for biomedical research purposes leads to a tension between wanting to keep the building really locked down and secure with [maintaining] the openness of the building to the general public,” explains Morrell.
For Morrell, one of the biggest questions is how to enable the important scientific work being conducted at The Francis Crick Insititute, whilst maintaining the necessary level of security.
“My challenge was how do I not get in the way of science, but at the same time remove this risk,” Morrell says. “Being able to prioritize and then have a clear process that everyone's aware of has enabled us to continue operationally whilst tightening security.”
Looking ahead to 2022, Morrell hopes to drive strategic thinking around cybersecurity and partner with scientists to enable more cutting-edge science at the institute.
“I'd like to do more contributing to what's happening at the Crick and influencing people early on,” Morrell says. “It’s all about shifting the balance a little bit to half operations and half strategic thinking, and partnering with scientists to get things done.”
You can hear more of our Business of InfoSec podcasts featuring leading information security specialists here