David Lacey, director of security at Royal Mail and
founder of the Jericho Forum user group, has resigned after nearly
six years in one of the UK's most high-profile IT security
roles.
His departure comes at a turbulent time for Royal Mail. The
organisation is engaged in a prolonged restructuring, faces the
loss of its postal monopoly in the new year, and has a £4bn hole in
its pension scheme.
Lacey, who is credited with transforming the Royal Mail's IT
security team from a fragmented, inexperienced group of managers
into a highly effective unit, told Computer Weekly it was time for
a new challenge.
One of Lacey's options is to set up a company to develop
security software that would fill gaps in system security
identified through his work with the Jericho Forum, whose members
comprise leading IT security users.
During his time at Royal Mail, Lacey has put the organisation
through BS7799 security accreditation. The programme covered 8,000
users in 5,000 buildings and Royal Mail's three outsourcing
partners: CSC, BT and Xansa.
It was a significant challenge, said Lacey. "We had no central
controls. We had an enormous number of buildings, applications and
people. There were no consistent standards documented," he
said.
Lacey also started a training programme for Royal Mail's
security team and developed the idea of deperimeterisation -
securing computer systems in a way that allows businesses partners
and customers access to corporate systems. The idea has become a
buzzword in corporate security.