INFORMING THE FORCES COMMUNITY

EDITION 15 DECEMBER 2017

Since 1993 the primary networking forum for the Forces Community that takes place on the First Thursday of every month.

Welcome to Net News...For this Edition, specific thanks are offered. First, a big thank you to Chris Treadwell for his motivational input to Page 3 which should instil confidence in all Ex Servicemen and women about their civilian career potential. Second, the following comment from Ashleigh Brown, MBIFM, AIRP Consultant to the FM Sector & BIFM Non-Exec Board Deputy Chairman is much appreciated: “For all my contacts in the Forces looking for their next move, this newsletter represents a strong network of organisations willing to help and employ Ex-Forces”. Please lastly note the PA input has been updated and that Satswana Ltd are offering multiple training and employment opportunities. Happy Christmas to all.https://forcesbusinessnet.com/ @forcesbiznet @iquidlist.com

Liquid List (London) https://forcesbusinessnet.com/

CYBER SECURITY 10 MINUTE PRIMER - A HACKER’S PERSPECTIVE

(Notes from an inspirational talk by Vince McCaughey, Late RN at the November Liquid List)

My Biography: • Left the Royal Navy in August 2017 after 22+ years as an Information Systems expert • Last job as Requirements and Acceptance Manager for Above Secret Systems • MSc (Distinction) in Information Security from Royal Holloway, UCL focus on Cyber Attribution • Captained RN Team in first Inter Services Cyber Challenge • Circumvented security (hacked) first VAX/VMS Mini Computer in 1986 • Reverse engineered Software protection mechanisms in 1998 • Subverting Wireless networks by 2004 • Self-taught • I don’t break laws

Current focus is on protecting organisations using past knowledge of hacking tactics, techniques and procedures. The term Cyber Security is often used as a catch all for information security; whereas in reality the two are subtly different. Cyber Security is a subset of Information Security and deals with information when stored in any digital format; information security pertains to information in any format from paper hard copy to electronic documents.

Protecting information, irrespective of its format, is actually fairly simple; just don’t switch on the desktop/laptop/tablet or smart phone (actually this is still not 100% safe). The challenge is that this is at odds with any organisation’s raison d’être. Information, its collection cycle, dissemination, processing, aggregation and analysis ultimately needs to be used to influence a decision making point; irrespective of commercial company, charity, central or local government department. Otherwise what is the point of the information? (Apart from legal/safety purposes!)

Cyber security is primarily concerned with what you are allowed to do with that information to reach the decision point and is a risk management trade-off between:

• Usability. What you want to do with the information

• Functionality. How you are allowed to process the information

• Security. What you are not allowed to do with the information. Putting layers of protection in place, such as firewalls, passwords, two-factor authentication, are some of the means by which the information security specialist mitigates the risks to the information and (attempts!) to secure it against compromise. These Safeguards mitigate the risks and where risks cannot be totally treated or transferred allow vulnerabilities in security to be known and tolerated.

For most the golden triangle for protecting information is based on • Confidentiality. Ensuring the information is

only available to those you choose to view it• Integrity. Making certain the information

you wrote is the same as the information the decision maker reads

• Availability. The information is accessible where and when the decision maker wants

However this doesn’t take into account the threats posed to the information from threats actors such as hackers who are generally focused on one of more of the following actions:

• Reconnaissance. Stealing information for hacktivism, criminality, journalism or good old fashioned espionage.

• Subversion. Gaining access to information and then ensuring long term access to compromise new information.

• Sabotage. Physical prevention of accessing information or destruction/corruption of information. Normally the only obvious sign that an organisation has been ‘hacked’.

These three focus areas are more detailed by Prof Thomas Rid, Kings College London, in his book Cyber War will not take place; which gives a good perspective on cyber security from the attacker’s motivation and TTPs perspective.

Reconnaissance motivations are varied; whether to steal intellectual property, gain a commercial bidding advantage, win a Pulitzer for a journalistic scoop or reveal wide-spread tax avoidance for social hacktivism purposes. Subversion is really a long-term view with the aim of continued access to information being the goal. Sabotage is the most wide ranging covering Denial-of-Service attacks preventing information

use to physical destruction of enrichment centrifuges to prevent nuclear programmes.

With limited resources to defend against an increasing number of cyber threats, identifying the most likely attack footprint allows the most efficient and effective safeguards to be put in place.

So where are you likely to encounter hackers? I personally love coffee shop/free Wi-Fi. People are so dependent on the internet that when they are unable to be grid linked online users’ are so desperate that they will happily ignore security concerns and connect through any free Wi-Fi point; even when it’s actually my laptop which is in turn connected to the free Wi-Fi point.

Wi-Fi adapters will automatically look for the strongest Wi-Fi signal. The signal strength is limited in most countries but by pretending to be in Columbia I can drown out any other signals.

Normally this wouldn’t be a problem as most communications across the internet are secured and encrypted using a technology called Secure Socket Layers/Transport Layer Security; this gives the padlock sign familiar to those shopping online. However I can use a variety of tools (SSLstrip) to remove encryption and the user normally doesn’t realise their network traffic, including potentially commercially sensitive messages, can be read in plain text.

How can this be avoided? Treating all networks as potentially hostile; even when inside ‘trusted’ sites such as Crown Estate. Ensure your organisation uses a Virtual Private Network (VPN) to tunnel or encrypt traffic or buy your own. I buy a yearly VPN (£60pa) which I use away from my home network; I am (justifiably) paranoid.

Morgan Stanley is an equal opportunity employer committed to diversifying its workforce. © 2017 Morgan Stanley

Date 25 June – 31 August 2018Location LondonApplication DeadlineSunday 10 December 2017To apply:

Sales & Trading Ex-Military Recruitment

Morgan Stanley believes capital has the power to create posi�vechange in the world. The biggest and most impac�ul changescome from people like you. If you want to hear how you can putyour talent and ambi�on to work and be part of a team thatcreates posi�ve change, join us.

Morgan Stanley recognizes the experience and dedica�on ofmilitary veterans, reservists and ac�ve servicemen and women.We are offering you the opportunity to join our 10-weekSummer Analyst Program in the Sales & Trading division, whereyou will rotate across Ins�tu�onal Equi�es, Fixed Income andFixed Income Research and experience a range of roles in that�me, such as Sales, Trading, Structuring and Research. You willalso gain exposure to our Bank Resource Management divisionand through classroom training, senior management speakerseries and networking events gain a thorough insight into thefirm, our unique culture and best in class people.

If you come to Morgan Stanley, what will you create?

https://morganstanley.tal.net/vx/lang-en-GB/candidate/postings/3419

Liquid List (London) https://forcesbusinessnet.com/

SECTORS OF INTEREST & CONTACTS

The information on these pages is intended solely for the use of the individual(s) or organisation to whom it is addressed. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you should not use, copy, alter, or disclose the information contained therein.

At Carillion, we create and manage critical infrastructure and services, in all sorts of markets and locations employing over 50,000 people worldwide.

But it’s the impact of what we do that matters most to us: together, we’re making tomorrow a better place. With every project we work on, we’re touching thousands of lives, in ways that you might never have expected. Whether you want to inspire imaginations or transform a community, here, you can. As a Government Armed Forces Corporate Covenant signatory we recognise the value of Service leavers and Reservists, particularly supporting and proactively rewarding those who are Reservists – we directly employ over 500 Veterans and a more than 320 Reservists either directly or in our supply chain. With us you could play an operational role, delivering information and keeping the business moving. Or you might find yourself out in the field, securing us new business and engaging with our customers. What’s not in doubt is that you’ll be using your specialist expertise to help us achieve our wider objectives. Phil Crick and Kevin Miller are the Forces Champions in our UK Construction and Services businesses respectively, but for applying for roles, email careers@carillionplc.com highlighting you are a Service leaver and your CV will receive our attention.

Regardless of which sector of the security industry Service leavers are looking to join it is strongly recommended that individuals have a confirmed position before they arrive in the Middle East (ME) given employment visa requirements.

It is challenging looking for a job without being able to hire a car, open a bank account, rent accommodation etc until their employment visa has been processed. Do expect to have criminal background checks undertaken as part of the recruitment process. Close Protection Officers (CPOs) & High Threat Environments. The majority of organisations that provide CPOs or operate in high threat environments have offices in the UK and undertake the recruitment process from the UK rather than their offices in ME hubs such as Dubai or Bahrain. Most require that candidates have recent experience in Iraq or Afghanistan and have a professional CPO qualification. Ronin South Africa provides such courses and has favourable rates for UK Service leavers. Corporate Security Advisers/Crisis & Risk Managers. Credible international organisations (Apple, DHL, Mars) have security or risk specialists normally based in one of the regional hubs but with a regional remit. Such individuals normally have several years’ security and crisis management experience and internationally recognised qualifications such as ISO 22301. CV, networking and interview advice on http://www.thesecurityadvisor.co.uk is just as pertinent in the ME as it is in the UK (POC: Tom Richmond). There are several groups on LinkedIn that post vacancies for Corporate Security Advisers/Crisis and Risk Managers.

BT is one of the UK’s leading corporate supporters of the

armed forces community; we employ more veterans and reservists than any other UK company, and I believe we are unparalleled in the breadth and depth of our programme.

I would say that though, as I lead that programme as BT’s Head of Military Engagement. In a nutshell, I ensure that our Armed Forces Covenant pledges are delivered; whether that’s recruiting armed forces veterans, supporting reservists, military charities, chairing BT’s Armed Forces Network or running our Transition Force programme, it certainly keeps me on my toes. BT is a great company to work for and there’s a fantastic working environment. Talent is recognised and invested in, and there are loads of opportunities, not just in the UK, but across the globe. I’ve met and worked with some really outstanding people, and our senior leaders are inspiring. If you want to get in touch with BT people looking to help armed forces people find work, then register for our Transition Force programme at www.projectfortis.co.uk - you’ll be “matched” with a mentor who can help. Alternatively, contact me at mark.arscott@bt.com

Management Consultant (Problem Solver)Simply put, a management consultant is a problem solver. Consultancies agree to work alongside businesses to help them drive towards solutions in a wide variety of sectors from Financial Services to Government and Utilities.

Capgemini Consulting is truly innovative, digital and global in the work that it does. It operates at the forefront of technology in every sector, it prides itself on offering digital solutions to everyday problems and it has over 180,000 employees across 40 countries. Capgemini Consulting are going through a phase they are calling ‘hyper growth’, particularly in the financial sector, with their UK arm expanding from 350 – 500 employees in 2015. Capgemini Consulting is looking for individuals that can use their initiative, are able to communicate confidently at all levels and are able to solve problems. Individuals across the military environment should possess these skills in abundance and would do well to consider a career with Capgemini Consulting. If you would like to find out more or submit an application, please visit www.uk.capgemini-consulting.com or get in touch with the author using this email address: murraybryant@outlook.com

Project Management – The Good PMThroughout your military career you’ve managed projects; you just didn’t necessarily call them that.

Project Management is the skillset at the very heart of every major change, construction, event, business transformation, infrastructure roll-out, and so on. Anyone can call themselves a project manager, but to be really good at it takes a vast number of the skills you take for granted in the military, like communication, decision making, organisation, planning, command, coordination, punctuality, the list goes on. So many industries are crying out for PMs with those skills, who can be trusted to get the job done, and do it well. There are a number of qualifications you can gain in order to add gravitas to your CV. None of them will really help you be a good project manager, as much of that is very personality driven, but they will teach you some of the principles, and notably they’ll give you the job-seeking edge over those who don’t have them. Start with PRINCE 2 or APMP, and then get MSP and Agile later. Contact: Mark Coldham MarkColdham@ElysiumSolutions.net

https://www.adp.co.uk/

My ADP journey has been insightful, challenging and rewarding. Every day is different in terms of working with clients and associates to achieve our goals. I believe my military background has enhanced what I bring to ADP in terms of commitment, communication skills, ability to work under pressure, loyalty, discipline, attention to detail, teamwork and leadership skills. Sally Hillyer Ex Forces (Senior Project Manager – ADP UK Implementation)

AECOM is built to deliver a better world. We design, build, finance and operate infrastructure assets for governments, businesses and organisations in more than 150 countries.

With a growing team of over 7500 UK employees, AECOM sees itself as a long term partner of the UK Government, and we are keen to continue to invest to further our common aims. Offering an additional 15 days leave each year for serving employees, AECOM has strong links with the Reserve community. Our partnership with 170 Infrastructure Group Royal Engineers has led to 70 of our graduates attending leadership/stretch events at both Sandhurst and Chetwynd Barracks. As a keen employer of Veterans we currently have ex Forces personnel in the following roles; Project Manager, Chief Project Director, Head of Media Relations, Director - International Development, Operations Manager and many more. At AECOM we are passionate about making the world a better place, if you’d like to find out more please go to http://www.aecom.com/careers [This serial has been kindly provided by James Banks Late Royal Artillery]

Liquid List (London) https://forcesbusinessnet.com/Liquid List (London) https://forcesbusinessnet.com/

Business ContinuityEvery Service leaver has transferable skills for mission command.

The combat estimate, intelligence preparation of the battlefield, decision making, contingency planning, maintaining a reserve, designates and deputies, reinforcements and replacements. These are very welcome in the private and public sector for business continuity, crisis management, disaster recovery, emergency planning, risk and resilience. All you have to do is make the connection. This is the one second career that respects your previous service and cannot really say, ‘You don’t have commercial experience’. Oh, and by the way read JSP503. Andy Tomkinson MBCI www.adtapt.com www.battlebox.biz 01253 788181 andy@adtapt.com

My view of sales was slightly tarnished after this brief experience. I also worked for a community interest company working with young people in a military style environment. In August 2015 I discovered a mortgage brokerage on LinkedIn, who were looking for trainee advisors. In all honesty I was quite impressed with the Mayfair brand, swanky hotels and the MD’s gold Rolex. Within 12 months I was asked to head up a new commercial & development finance team in the newly established West Hampstead office (NB. I didn’t have experience with this type of specialised finance but I love a challenge!). Just recently I decided to look at self-employment, I’m now building my own client base at LDNfinance, I needed the potential for higher earnings and flexibility as I’m looking at my own development projects. LDNfinance focuses on: Commercial finance (investment, trading businesses, portfolio finance); development finance (senior debt, stretched senior, mezzanine and depending on the deal, the equity); and Bridging finance (regulated & unregulated). LDNfinance also has very experienced brokers that specialise in residential and buy to let finance. Chris Treadwell chris.treadwell@ldnfinance.co.uk

PA is a consulting, technology and innovation firm. We define success as achieving exceptional results that have a lasting impact on businesses, communities and individuals worldwide.

We are the catalyst for change in the defence and security community, helping our clients to transform performance and to achieve a safer world. This principle has remained the cornerstone of our ethos since 1943 – and it continues to underpin everything we do. Our clients choose us because we challenge convention to find new and imaginative answers to their questions. We turn those into the solutions that really work – in practice, not just on paper. Then we roll up our sleeves and get the job done. Our defence and security sector is home to a large community of ex-military. Our team offers the opportunity and support network to use your existing skills and develop new ones. For more information on consulting, technology and innovation opportunities please contact: andrew.stevenson@paconsulting.com

Operational performance consultancy operates across the spectrum of pure management consultancy and the more technical specialist consultancies. Most of the big names now have operational practice but Newton Europe has set itself apart by implementing step changes in performance and generating measurable bottom line

improvements that are guaranteed against our fees. Since launching in 2001 Newton has grown 25% every year and is now approaching 250 employees in the UK. Newton works across a variety of organisations in the public and private sectors. We work side-by-side with clients at all levels of the organisation. We don’t write reports in a back office – we deliver results on the “shop floor” by finding the biggest problems, solving them then working in a joint team to implement a solution - be it a shop floor, a production hall, local government office or operating theatre. The work is incredibly rewarding, from saving hospitals millions of pounds while transforming patient care, to boosting manufacturing production. Our strength and success comes from bringing together inspired people, who are highly intelligent, can quickly take responsibility, have the entrepreneurial skills, drive and personality to evolve with us. With market leading development and career progression, along with amazing social events, the company ethos is to build a winning team rather than leveraging success off individuals. We are continuously looking for talent and the ex-military are a welcome addition. We bring the same insight, intelligence and drive with top class leadership qualities and communication skills with a healthy perspective to ensure our teams deliver consistently. Point of Contact: john.strijdom@newtoneurope.com www.newtoneurope.com/careers

Considering the Defence Sector?

Polaris Consulting Limited (Polaris) provides specialist services to the UK MOD and Defence industry. The Company delivers consultancy in Operational Analysis (OA), Cost analysis, MOD Approvals and Project Man-agement. Polaris has been growing rapidly since 2010 and has a strong reputation for delivering high quality consultancy to Dstl, DE&S, Centre for Defence Enterprise (CDE) and major Defence Primes.www.polarisconsulting.co.uk

Working in the United States after leaving the Services is a popular aspiration, despite the politics. To work in the US, one needs an appropriate visa. There are numerous companies offering services to obtain your visa for you. However, in general, the application process is relatively simple and I recommend using the official website https://travel.state.gov/content/visas/en/visit.html rather than paying a dubi-ous representative. If your particular circumstances don’t fit into one the categories listed at the website, engage a reputable immigration lawyer rather than one of the many unofficial agencies. The most common and sought-after visa is referred to as a Green Card – which is an open-ended authorization to live and work here (see Page 4 for full details). Paul Raby, Ex RLC. paul.raby4@gmail.com

The Barclays Armed Forces Transition, Employment and Resettlement (AFTER) programme, supports thousands of Service personnel with their transition into civilian employment, regardless of rank, service or

circumstance, by providing work placements, direct employment opportunities, CV and interview support, as well as millions in funding for education and vocational courses for Service Leavers through Service charity partnerships. The Programme is designed to help you to assess your options and translate your skills in order to land the right job more information can be found at www.home.barclays/AFTER Barclays is a founding partner of the VETS (Veterans’ Employment Transition Support) programme, designed to connect veterans with experienced mentors from across a variety of business sectors, attend ready to work initiatives and apply for veteran targeted jobs. Go to www.veteranemployment.co.uk to start your journey. VETS aims to help veterans land the right job.

A family-run business since 1968, Chapman Ventilation is one of the leading heating, ventilation and air conditioning contractors specifically for the UK restaurant industry.

Based in Welwyn Garden City, but with a nationwide reach, we pride ourselves on providing the most sustainable products on the market today and are the only approved HVAC supplier on the Sustainable Restaurant Association (SRA) Suppliers Directory. We hand over in excess of 160 restaurant projects every year for clients such as Five Guys, Bill’s and Nando’s. Once a month here at Chapman Ventilation we hold an ‘Insight Day’; part of our pledged commitment as Corporate Covenant signatory. The Insight Day is aimed at Service Leavers looking at a second career in the construction industry. To become a Project Manager at Chapman Ventilation, you have to have experience in Mechanical or Civil Engineering (degree or HND qual-ified). Delegates would need to supply their own Steel Toe Capped Boots, all other PPE required would be supplied. If you’re interested please call: Iain Finch on 01707 372 858 or send an email to iain@chapman-ventilation.co.uk

www.ldnfinance.co.uk

I left the Army in July 2014 as a Private infantry soldier. My first job was stationery sales (via Forces Business Net), this was my first insight into the world of door-to-door sales; it was real frontline sales and it never really excited me.

www.battlefieldstrust.com

Designed and produced by: www.cleverwoof.com

WORKING IN THE US CONTINUED

There are numerous steps to the process see: https://travel.state.gov/content/visas/en/immigrate/immigrant-process/petition.html and you can apply direct to the Department of Homeland Security or via your local U.S. Embassy. An application for a Green Card requires a sponsor who can be a close family member (either a US Citizen or permanent resident) or an employer. In either situation the process starts with a petition to the US Department of Homeland Security Citizenship and Immigration Service. This process can take up to ten years depending on your family connection. In my case, it took two years to get a Green Card for my children below the age of 21, but if I sponsored my sister, it could be 10 years. Sponsorship by an employer is much quicker and there appears to be now formal waiting period at this time. The snag here is the employer must prove they could not find an American to do the job, so the more specialized your position, the better. Once your petition is approved, the application goes to the National Visa Center. The Department of State publishes a monthly Visa Bulletin listing dates when applications to are permitted from family-sponsored and employment-based applicants - and they also write to you as well. It is a tedious bureaucratic process but it can be done! I have seen quite a few success stories in my time. Chicken and the Egg problem - If you aspire to working as a U.S. Department of Defense contractor, you will almost always require a security clearance for which you have to be a U.S. citizen. To qualify for the job in the first place, you need a clearance but you cannot apply for a Green Card unless you have a job lined up. Some companies can find work that doesn’t require a clearance if they really want you which is the path most of us who made the transition probably took. paul.raby4@gmail.com

TRAINING & EMPLOYMENT OPPORTUNITIES FOR DATA PROTECTION OFFICERS (DPOs)

For those of you who in the past became tired of being told that you could not have information for reasons of Data Protection, your hearts may sink if I tell you that the Data Protection Act is going to be replaced by the Data Protection Bill next May, reflecting the European Union General Data Protection Regulation. However I want to assure you that it is really not like that and I

will seek to explain why it is good law that we should all welcome, despite it being generated by Europe! This really is something good that has come out of Brussels.

What GDPR does is to update the DPA to reflect the change in society, where data has become ubiquitous within social media and organisations use your information to generate revenue through advertising content. It is an unfortunate reality that not only has some of that use become bordering on the abusive, it has also allowed criminals to intercept or hack your particulars and use it to fake, defraud and otherwise steal from you. Thus something had to be done.

The critical change in emphasis is that the law now states that the INDIVIDUAL owns the data, not the organisation. Thus, with the exception of statutory requirements such as your tax return, if anybody wants to use your data then they have to seek your consent, tell you exactly what they need it for, and agree to delete it if you tell them to. They also have an absolute obligation to keep it safe whilst it is in their possession, and if they do not they can be fined and you can sue them for compensation.

I think you will agree that changes everything and it is a thoroughly welcome return of your rights as an individual which re-balances the relationship between your privacy and macro entities such as Google. But of course it also means that every business, NGO, Council, School or whatever now has to come into line with this changed emphasis. They have probably been doing nothing wrong under the Data Protection Act rules, when they were in control, but now that the individual is in control they must change their procedures.

It is the purpose and role of Satswana Ltd (a specialist Cyber Security Company) to assist data holders to become compliant with GDPR, and subsequently represent the interests of what the Regulation calls “natural persons” in a compliance role. We have found this to be generally welcomed by the people we have worked for so far, and indeed we were very pleased that one database manager declared “this is excellent work, and worth doing regardless of GDPR”.

To execute our mission we do need to staff what is essentially a brand new job function and thus are seeking suitable candidates. We do look for computing competence, but equally important are leadership, tact, attention to detail and a respect for law. As such this is an excellent role for ex-service personnel who can currently get

in on the ground floor with the sort of fulfilling purpose that they might be seeking.

We will be organising training courses in the New Year, which will be free to attend, but we will ask you to pay your own expenses. It is said that the UK will require 68,000 DPO’s, which may be an exaggeration, but certainly there will be many job opportunities. We would expect to place those qualified on our courses in suitable positions, be that contract, temporary, fractional or permanent. Applications to be forwarded through The Forces Business Net please at: thenet@forcesbusinessnet.com Article based on the November Liquid List Talk by Colin Howard, Late Infantry

www.exforcesenergy.co.uk

www.rnli.org

www.haighousing.org.uk

www.purplewarriors.org

Twitter @VeteransBritainwww.veteransforbritain.uk www.giveustime.co.uk

www.soldierscharity.org

www.veteransbreakfastclubs.co.uk

www.talking2minds.co.uk

www.europeanop.com

www.highground-uk.org www.whiteensign.co.uk

www.nfassociation.org

https://blesma.org/

www.j1consulting.co.uk

Vacancies:

• London £50K Senior Business Developer• London £55K Security / Intelligence Expert

LEAVERS LINK MEETINGS – EAST ANGLIA

For dates & locations contact

john.vickers@leaverslink.co.uk

www.ptsdresolution.org

In support of ABF Alan Mulkern is rowing across

the Atlantic www.row-west.co.uk

Latest Newsletter http://row-west.co.uk/

media/