60 seconds with Greg Morgan

We’re bringing stories from the people across our business to you, so you can hear first-hand what it’s like to work at Intact Insurance. In this series, we spend 60 seconds chatting with colleagues from various parts of the company about their experience in the industry, what their role entails, what they’re currently working on, and more.

In this Cybersecurity special, we chat to Greg Morgan, Security Operations Centre (SOC) Manager at Intact Insurance.

Tell us a bit about you and your career background

I joined Intact Insurance in August 2019 as the Cyber Security Incident Response Manager, basically the same job as the SOC manager but a lot longer title to type out. My previous long-term role (15 years) was in a SME environment designing and building networks hosting nationwide NHS and retail applications.

In a past life before IT, I’ve worked as a baker, shoemaker, roadie, farmer, security guard, Petro-Chemical transfer mechanic (in a gas station pumping gas) and warehouse manager.

Tell us about your team - what do the SOC team do?

SOC - Security Operations Centre, has nothing to do with actual socks (but I have been given a few pairs by suppliers). In the simplest terms, our team are looking for bad people who have, or are trying to, access our network and then respond accordingly.

Can you tell us about your role?

It’s the most exciting role in the Cyber world - but only after the event is contained, over, and you’re sitting with a cold drink. Detections of real incidents are thankfully very rare.

On a day-to-day basis our team are looking for evidence of threat actors (who we call 'the bad guys') infiltrating our network or attempting to. We’re looking for unusual patterns of behaviour, for example a person consistently working in one location and then suddenly connecting from a different part of the world. This is just one of over 380 of these patterns we are monitoring, and the number is constantly growing.

What has been your biggest recent work achievement?

Catching two targeted attacks against the company, which if undetected would have led to a full-scale incident. It was a textbook example of different teams working together to effectively contain a serious threat. All the training, practising, planning and testing came together when it mattered most. I’m very proud to be part of that wider team.

What advice would you give to people when it comes to being Cyber secure?

To quote the great Douglas Adams: “Don’t Panic”.

When a cyber-attack happens, the first reaction is often to deny or downplay it. But these incidents are increasingly common and almost everyone will face one eventually. It’s stressful, but owning the situation is the first step to resolving it. In a work environment, talk to your SOC team - their focus will be to contain the situation. The sooner they know about things, the sooner they can help.

If it happens to your home or personal environment, seek help as soon as you can and talk to your bank or application provider.  The best thing you can do to protect your digital assets is to use multifactor authentication (MFA), that is adding a code from your phone to the login process. If you have the option, use it. 

Join us next week for a second Cybersecurity special of '60 seconds with'.

Considering a career in insurance? Check out our latest vacancies and apply today.