Meet Grant Paling, Product Manager at Orange Cyberdefense
Part of Grant’s job is to develop new managed security services.
What was your field of study at Loughborough University?
I studied drama. I did acting, script-writing, set design, lighting, studied plays…a bit of everything. When it came to leaving university and trying to find work, it felt like I was a “jack of all trades” and as such, I ended up in cybersecurity instead!
You started your career as an account manager at Assurix. What was it like?
I started cold calling when I was 23. At times, it was quite difficult but for the most part, I enjoyed it and people were generally receptive and polite. Whenever I felt like I was not enjoying it, I just told myself that this was going to be the hardest job I would ever do and it would only be better from here. I still stand by that!
Then, you joined Nebulas Solutions Group for seven years and worked in four different positions. Can you tell us more about these experiences?
Nebulas Solutions Group joined forces with SecureLink in 2016. In 2019, SecureLink was acquired by Orange Cyberdefense.
I had two choices when leaving Assurix: work for a larger vendor or join Nebulas, a competitor and company I did not really know a lot about. When I came in for the interview, the company won me over and I have been there ever since, for more than ten years. I have kept evolving my role alongside the evolution of the company, from Nebulas, a local independent UK company, to SecureLink an international cybersecurity leader backed by private equity, and now very happily part of the Orange Cyberdefense family. I started in sales but I was always interested in the more technical aspects of the job and slowly transitioned into working in a more overarching role to run Managed Services in the UK. From there, I started to specialize in Managed Detection and Response and helped set up the CSIRT* team and incident response function at SecureLink across Europe, as well as the Targeted Threat Intelligence service. Now, I feel like all of that has lead to this point where I am working in the Global Service Lines team, in Product Management, helping drive our Managed Detection and Response strategy. Whilst the role today is vastly different from where I started, I would say the thing that has not changed is people – I love working with people, collaborating, speaking with customers and interacting with colleagues from across Europe on a daily basis. It’s fun!
When you became a Head of Managed Services at SecureLink UK, what were your missions?
Basically, my task was to set up Managed Services in the UK from scratch. Managed Services did not really exist at Nebulas, so it was a huge task but we did great and grew it into millions of pounds of service contracts very quickly. Having access to all of the services SecureLink had been maturing for years really helped. Also, we supplemented that with the Incident Response service and I’m very proud of how that Service Line has grown.
Now, you are a Product Manager for Global Service Lines. What are Global Service Lines?
Global Service Lines really focuses on leveraging the Global Operational teams we have, including our 16 SOCs**, 10 CyberSOCs and 4 CERT*** hubs within Orange Cyberdefense. Bringing together all of that knowledge and packaging it for the different markets we work in is a big part of what Global Service Lines do. Very closely linked with overall Global Portfolio Management under Chris Miles.
What is your mission?
My mission is to define our global services for Managed Security Services, Managed Detection and Response and Managed Vulnerability Services. And then, delivering the strategy and supporting information to take those services to the market.
What is the level of awareness of UK companies regarding cybersecurity?
It is quite good. Is it anywhere near enough? No. And it probably never will be. But when I think back to when I started in cybersecurity, it really wasn’t a big thing at all. People had firewalls, email security and web security and that was about it. We have come a long way and I would say the level of awareness is on a different level to back then, but I still do not think it is consistently where it should be. Customers vary widely in their maturity.
What type of companies are our main clients in the UK?
We work with all types of companies from large multinationals to small investment banks. Finance is a particularly strong sector in the UK but that is also why it is often targeted. We also work closely with service providers, utilities, retailers and manufacturers in the UK (as well as a number of fin-tech startups).
What are the goals concerning managed services in the UK for the coming years?
There is huge focus on Managed Detection and Response and our CyberSOC / CERT services. The UK is a huge growth market for these services, customers really need them. So many of them just have no visibility, let alone the resources to respond to identified threats and as such. It’s nice to be working in an area that is so relevant and generally very well received by customers.
*Computer Security Incident Response Team
** Security Operation Center
***Computer Emergency Response Team