Paul Baird joined software and services company OneAdvanced at a time of transformational change. OneAdvanced provides sector-focused software portfolios  to customers operating in the most critical sectors of society – including Health & Care, Legal, Education, Government, Housing, Wholesale & Logistics and Passenger Transport. 

The company has been working aggressively to modernise systems and improve its security posture over the past 24 months. Baird, who joined OneAdvanced in 2024 after stints at JLR, Bovis Homes, and more recently Qualys, says he particularly welcomes being a part of transformation change where the customer is at the heart. 

All of the organisations he has worked for have had unique priorities, he recalls. “One was their first journey into cybersecurity. In another,” he adds, “they had stood up security but weren’t driving remediation, and the reduction of risk.”

"Are we getting the most value out of those tools?"

At OneAdvanced, the company has undertaken a change programme across the entire organisation, he says, sitting down to speak with The Stack. For Baird, that involved looking at its operational resilience and product strategy, the security tooling that is relied upon, and asking the questions -  “are we utilising the right tools, are we getting the most value out of those tools, and do we have the right partnerships with vendors and suppliers?” he says.

One challenge in cybersecurity is making sure that security toolings don’t end up as shelfware – that such assets are sweated fully. Sometimes this can be because the right skill sets required to properly implement tooling an organisation purchased isn’t there. To some extent, this was the case with the Qualys implementation OneAdvanced had started, meaning they weren’t going to get the most of it. Baird saw it as an opportunity to reset.

“The first step I took was to pause and do a health check. Only once I had done this was I comfortable reporting our vulnerability risk to the business, because I knew I could stand by the figures that I was showing them,” Baird explains. From this point on, the company could ensure the implementation of Qualys was optimised and delivered real value.

Baird says one of his priorities as a leader is always ensuring that security works more closely with the business to improve cyber-resilience. 

He says that having progressed from the IT coal face, to a leadership position much closer to business priorities, has taught him some valuable lessons about the balance you need to strike as a security professional.

Aligning patching with business continuity 

“From my techie days, I could never understand why I couldn't get to that box, and roll that [security] patch out; why I couldn't take it down for that 5, 10, 20 minutes, sometimes an hour depending on the patch,” he says. 

As you grow in your career as a security professional, you learn to understand that other priorities are at stake and need to be juggled, he says; whether that is, simply, the importance of uptime for revenue-generating applications, or applications that could impact the delivery of national citizen facing services. 

“What I've done is align patching programmes with business continuity” he explains – something that means finding windows within the organisations and customers  operational timetable where patches can be applied with no or minimal impact. That might be during a shift change, a pause in manufacturing, or out of operational hours. 

Overcoming dyslexia to lead from the front

Baird has spent 27 years in IT and cyber. An IT administrator, he moved into cyber after 15 years, joining Bovis Homes as IT security operations manager. This was despite dropping out of a degree in computer science and business law, and overcoming the challenges of dyslexia.

“I got two years in [to my degree] and I realised that I am a ‘doer’, " says Baird. “I realised my degree wasn't going to get me anywhere.”

He needed, he says, to just learn on the job. 

Dyslexia, Baird adds, was not well understood when he was growing up. 

“People were typically branded more ‘stupid’ than anything else. It was very frustrating” he says – noting that today’s cybersecurity industry is far more open to neurodiversity, but there is still a lack of understanding, in some quarters, about how to support neurodiverse colleagues.

He tries to help do that across his team, he says, learning from his own experiences of fighting this fight – including through things like writing clean presentations and documentation whilst struggling with spelling.

“My challenge was when I started moving out of more of the technical roles and into leadership and management roles: I needed my English rather than my PowerShell or Python,” he says. He sees this issue linger.

“All my SOC teams have all been technically perfect. Where they lacked was the communication skills,” he says.  But they need them: “Gone are the days where the SOC used to sit behind a pair of access doors.”

Simple things like getting colleagues access to Grammarly can make a huge difference, he says, or coaching cybersecurity staff to make use of some of the plethora of tools now available that can take the sting out of writing or presentation work and make them feel empowered. 

Back to the security side and beyond upskilling widely and encouraging security awareness and maturity as the business and security function get closer, Baird says OneAdvanced plans to make more use of tools such as Qualys’ Enterprise TruRisk Management software, which brings deeper risk-based prioritisation to cybersecurity programmes.

Qualys, he says, currently has over 26 modules. “They do everything that I currently need right now, which is discovering assets, discovering vulnerabilities, discovering misconfigurations across hybrid environments.

That includes bringing together multiple data points from across OneAdvanced’s IT environment, both on premises and in the cloud. 

Among many other metrics he is now reporting upstream to a highly-security conscious executive team is “the actual distribution of the Qualys agent”, says Baird. “That’s how important Qualys is.”

Delivered in partnership with Qualys.

The link has been copied!