Ciaran’s Cybery Substack: initial guide
Welcome to the Substack page of Ciaran Martin.
Thank you for being here of your own free will
First of all, thank you for visiting this page I’ve just launched. This is just a quick overview of what this page is, and what it might (or might not) become. This is a new departure for me so do bear with me if interested.
This Substack is primarily about cyber security. It will also occasionally be about constitutional politics, and, very occasionally, crispy snacks.
Trying to make cyberspace safer has been my life for the last decade or so. Critical to making it safer is a better understanding of the problem. The online world isn’t magic and people who want to harm us in cyberspace don’t have magical powers or buttons they can press. It’s about managing risk and responding appropriately. It’s about people who aren’t cyber security obsessives working out how they can manage their own risks and get on with their lives. If this page can help in a small way with that, then it’s job done.
Who am I?
I am Ciaran Martin. This is me…
I teach at the Blavatnik School of Government at the University of Oxford. I am what they call a Professor of Practice (ie, I am not a career academic but they ask me to teach and research based on practical experience). That experience comes from 23 years in the UK civil service. It’s mostly cyber security experience, and outside of the University I am proud to work with a small number of really brilliant cyber security companies. I also have a bit of experience, and an enduring interest, in UK constitutional affairs.
The last seven years or so of my civil service career (late 2013 to mid 2020) involved setting up and then running the UK’s National Cyber Security Centre. It’s a public facing part of the intelligence agency GCHQ, on whose board I sat for the duration of this period. Prior to this I had no background in cyber security but teamed up with an amazing group of technical and operational experts on the journey of a lifetime. We did some good there and I’m really proud of it, and always will be.
I learned a huge amount about how Governments deal with (and don’t deal with) the security challenges accompanying the communications revolution. It’s mostly about ignoring hype and doing sensible things, but it’s hard. I retain a passionate interest in all this and that’s what the majority of this Substack will be about.
My previous roles from 1997-2013 were in the centre of Government in the traditional core areas of finance, the constitution, and security. I worked at the National Audit Office and HM Treasury for a combined total of nine years. I was Director of Security and Intelligence at the Cabinet Office, dealing with really grim, difficult stuff like how to handle the legal claims from former detainees at Guantánamo Bay when so much of the evidence relating to their cases was classified. I also ran the Cabinet Secretary’s office (that’s the head of the UK civil service, or Sir Humphrey Appleby for Yes Prime Minister fans), as well as serving as Constitution Director in the UK Government for three years. Those three years included helping the Cameron-led Coalition negotiate what became the 2014 Scottish independence referendum. Those experiences, combined with my youth spent in 1980s troubled Northern Ireland, gives rise to a lasting interest in UK constitutional politics, which will be the secondary theme of this page.
Finally, I occasionally witter on Twitter about crisps, and might occasionally do that here. 1980s Northern Ireland was not awash with healthy eating options. It was awash with Tayto and other delicacies. In some areas of my life I have very much moved on from my beginnings. But not in the case of potato or maize based fast-food snacks.
Why this page?
It was when I posted a 26-tweet thread about cyber scenarios ahead of the murderous Russian invasion of Ukraine that I realised I needed somewhere for longer form pieces. Being simultaneously busy and lazy, I didn’t do anything for a while. Then in the autumn, the Twitter near-meltdown happened, so I registered the page on here and put a pinned tweet up.
Then I had an idea for an article I really wanted to write on the recent spate of data breaches in Australia (that will be the first post, on Tuesday 6 December). And then, at the invitation of the First Minister of Wales, I gave a lecture at Cardiff University on the UK territorial constitution. I realised I had nowhere to post either of them. I could have got someone to put them somewhere, but I thought it was now time to bite the bullet and go ahead on Substack.
What will be on here and will there be paid-only stuff?
At some point there will be paid-only content, but I honestly don’t know how I am going to use this page yet. I intend to explore the potential of Substack as fully as I can, and get into things like audio and video features as well as long-form writing. I might actually do a newsletter, as a number of brilliant cyber security writers do on here.
But for the short-term, to get started, everything will be:
(hopefully) weekly, on a Tuesday; and
free to read, initially.
So on Tuesdays there should be an ad, algorithm and Twitter-storm free article or newsletter for you to enjoy, hopefully (ie hopefully it appears on a Tuesday, and hopefully you enjoy it).
Please do leave feedback and suggestions. I’d love to hear from you.