David Lacey, director of security at Royal Mail and founder of the Jericho Forum user group, has resigned after nearly six years in one of the UK's most high-profile IT security roles.
His departure comes at a turbulent time for Royal Mail. The organisation is engaged in a prolonged restructuring, faces the loss of its postal monopoly in the new year, and has a £4bn hole in its pension scheme.
Lacey, who is credited with transforming the Royal Mail's IT security team from a fragmented, inexperienced group of managers into a highly effective unit, told Computer Weekly it was time for a new challenge.
One of Lacey's options is to set up a company to develop security software that would fill gaps in system security identified through his work with the Jericho Forum, whose members comprise leading IT security users.
During his time at Royal Mail, Lacey has put the organisation through BS7799 security accreditation. The programme covered 8,000 users in 5,000 buildings and Royal Mail's three outsourcing partners: CSC, BT and Xansa.
It was a significant challenge, said Lacey. "We had no central controls. We had an enormous number of buildings, applications and people. There were no consistent standards documented," he said.
Lacey also started a training programme for Royal Mail's security team and developed the idea of deperimeterisation - securing computer systems in a way that allows businesses partners and customers access to corporate systems. The idea has become a buzzword in corporate security.