Welcome to our Little Black Book, an inspirational series of business stories and insights from our brilliant members.

Paul Marsh

Paul Marsh on securing information

By Paul Marsh

CEO - SecQuest

Paul morphed his enthusiasm for technology into a professional career in the 90s (the birth of alternative media) and the 00s (when the Internet grew from covering 6.7% to 25.7%), by working in computer services for the IBM brand and becoming a key member of IBM’s X-Force ethical hacking team for over a decade.
Technical security is Paul’s expertise; he established his Cyber Security Penetration Testing Service at SecQuest in 2012; SecQuest is a trusted advisor, who delivers Cyber Security Services to many household name businesses, across multiple industry sectors.

Connect on LinkedIn

What influenced you to get into the world of computing and IT?

Paul’s father was an engineer who always encouraged him to ask ‘what-if’ and ‘why’ and with Tech’ birthday presents, such as a ZX81 (in the early 80’s) – a monochrome computer with a whole 1k of memory – his father quickly schooled him in ‘Basic’ programming and the introduction to the world of computing was complete.

The film WarGames dazzled Paul; could people really hack into another computer? This took Paul’s enthusiasm for technology off the scale. Words cannot describe the heights of Paul’s passion on hearing there was a job called an “ethical hacker’ – wow “that’s perfect for me.”

Do you want more articles like this in your inbox? If so then register below...

What security services do you provide for your clients at SecQuest?

The DNA of the business is Penetration Testing (security assurance testing) – typically across business web applications, mobile phones and technology infrastructure; or, it can be people and process.

Physical penetration testing; assessing if unauthorised persons can get into a building, and take business information, via the network, desks or dustbins, such as PII (personally identifiable information) which if lost carries large financial penalties from the regulators.

Social engineering is also a risk for many businesses as hackers will attempt to scam client facing personnel to ‘con’ and gather information – assessing this user community provides assurance that the teams are protecting business and client information.

How do you ensure that you’re always one step ahead of the security threats that you are testing for?

Staying ahead of the game is a welcome challenge and paramount to helping our clients manage their risks in a timely manner. Our skilled consults consume multiple threat feeds in conjunction with multiple media sources to stay current on the latest vulnerabilities that have been discovered and identified.

The SecQuest team also has dedicated research and development time to identify and responsibly report on (zero-day) undiscovered security vulnerabilities.

"As an industry, we now expect to see an increase in exploit code, which will be used in a laser like approach across all industry sectors."

What are some of the most common security threats to companies?

People and people’s perception of policy and operating procedures are the key weaknesses that impact unauthorised access to business intel and client data, such as simple controls like setting poor passwords (1234).

From a technology perspective, default passwords, limited security patching, inconsistent software development and physical building controls are all areas for concern.

Personnel allow their emotions to circumvent process, opening the door for that guy carrying a box whilst he’s talking on the phone is letting the Joker in the Bat Cave – a simple challenge and block will keep Gotham City safer.

With machine learning and AI, we are seeing exploit code (software to break into a computer) being crafted by simple tools, such as Chat GPT. As an industry, we now expect to see an increase in exploit code, which will be used in a laser like approach across all industry sectors.

What tools and technologies do you use to help deliver security services for your clients?

Technical tooling is part of our penetration testing toolkit. The primary tool for a successful penetration test is the human brain. It’s like playing a difficult game of chess with your opponent where you have to out think what they have done to secure their environment.

When you see the security model the client has used to build an infrastructure, you have to pick at that to find configuration errors that could be exploited to give you control of the technology supporting and protecting their business and information.

What advice do you give to all your clients regarding their security?

Use complex and convoluted passwords (e.g., TtlsH!wwYa = Twinkle twinkle little star how I wonder what you are) and ensure software is kept up to date e.g., patched. If people do the simple things like this, it increases the bar to stop easy cyber-attacks being successful.

"It’s like playing a difficult game of chess with your opponent where you have to out think what they have done to secure the environment."

Paul Marsh - CEO, SecQuest

Can you tell us about your knowledge sharing as a speaker in your field?

I’ve had 20-plus years in the field and over that time, I’ve spoken at numerous conferences, but more recently I’ve become passionate about giving back to education and universities.

I visited the Parkstone Grammar School and did pitches on ethical hacking to students as part of a cyber accelerator scheme run by the National Cyber Security Centre, to showcase the types of jobs that are available in the cyber industry; every one of the students now wants to be an ethical hacker!

I have also recently been to Bournemouth University to speak to students looking for industrial placements next year. We’ve got a placement student with us at the moment, and it’s all part of our ‘give-back’ to the industry.

What hobbies do you enjoy in your downtime?

I’m a member of Poole Runners – I enjoy running 5K park runs to ½ Marathons regularly to counteract being sat in front of a computer.

I collect old computers from the 70s and 80s and use them to educate some of the youngsters at work on the early days of computing and what we had to put up with back in the day. I also like my ham radio stuff and anything to do with microwave communications or satellites.

Paul Marsh leaning against wall