Jonathan "Jonty" Marnoch is the Principal Cyber Architect at Jaguar Land Rover (JLR), working on the automotive company's new data platform and product engineering for electric vehicles.
With 25 years of experience in IT across various industries, including banking, retail, utilities, and defence, Jonty brings a wealth of knowledge to his role.
He is also a passionate advocate for neurodiversity in the workplace, having been diagnosed with ADHD and autism in recent years.
Jonty will be speaking on two panels at DTX London, taking place on 2nd and 3rd October at ExCeL London.
The following interview has been edited for length and clarity.
Q: You'll be participating in two panels at DTX London. Can you tell us about them?
Yes, I'm excited to be part of two panel discussions this year. The first is on neurodiversity and what leaders need to know about managing neurodiverse teams. Given my personal experience with ADHD and autism, I'm particularly passionate about this topic.
The second panel is part of the threat detection and intelligence stage on day two. We'll discuss the next generation of threat detection, including artificial intelligence (AI) and operational technology (OT). Both topics are crucial in today's tech landscape, and I look forward to sharing insights and learning from fellow panellists.
Q: Let's start with the neurodiversity panel. As someone who was diagnosed later in life, what insights can you share about the importance of neurodiversity in the workplace, especially in cybersecurity?
My diagnosis of ADHD and autism in my early 40s was truly an epiphany. It explained so much about my journey, both personally and professionally. For years, I struggled with decision-making, overthinking, and sleep issues.
I even reached a point where I thought I was going insane, which led to a suicide attempt. Getting the diagnosis was a revelation – I realised I wasn't broken; my brain works differently.
Neurodiversity can be a significant asset in cybersecurity. Neurodiverse individuals often think outside the box, considering angles that others might miss. This can be incredibly valuable when dealing with cybersecurity threats, as we often need to anticipate unconventional attacks.
Q: What advice would you give to business leaders for better managing neurodiverse teams?
First and foremost, flexibility is vital. At JLR, we don't mandate office presence. People can work from wherever they're most comfortable and productive. This is crucial for neurodiverse individuals who might struggle with sensory issues in a typical office environment.
Secondly, focus on outcomes rather than processes. Some neurodiverse individuals might struggle with specific administrative tasks but excel in their core responsibilities. For instance, I've historically needed help with timesheets and expenses, but I can design complex systems for multinational companies.
Thirdly, create an open and accepting culture. Encourage people to be their authentic selves and provide support where needed. JLR employs people from all diverse backgrounds, whether race, religion, or neurodiversity.
Lastly, educate your workforce about neurodiversity. Many people still need to understand what it means to be neurodiverse, leading to misconceptions and potential conflicts.
Q: Moving to your second panel on next-generation threat detection, how do you see AI and OT shaping the future of cybersecurity?
AI is becoming a crucial tool in cybersecurity, particularly in threat detection. It can analyse vast amounts of data in real time, identifying anomalies and potential threats faster than any human could. We should embrace AI for quicker response times and even predictive threat detection, flagging potential issues before they become active threats.
OT is a complex area. Many OT systems, especially in industries like manufacturing or shipbuilding, use legacy technology that wasn't necessarily designed with modern cybersecurity in mind. Integrating these systems with current threat detection technologies is a significant challenge.
For companies involved in government or defence contracts, securing OT is not just best practice – it's often mandated. A successful attack on these systems could result in losing crucial contracts. So, finding ways to protect these systems while leveraging modern threat detection techniques is a key focus area.
Q: The recent CrowdStrike outage caused significant disruption. What lessons can businesses learn from this incident?
First, it showed the dangers of relying too heavily on a single vendor or solution. Many businesses were severely impacted because they had "put all their eggs in one basket".
It also emphasised the importance of rigorous testing before deploying patches or updates. The incident stemmed more from a process failure than a malware attack, underscoring the need for robust testing procedures.
Finally, it served as a wake-up call for businesses to review their risk management strategies. Companies must consider what would happen if a critical security tool or vendor became unavailable. This is where good architecture and thorough options analysis come into play.
The incident also highlighted the importance of diversification in cybersecurity strategies. While it's tempting from a financial perspective to use a single vendor for multiple services, this approach can leave you vulnerable if that vendor experiences issues.
Q: You've attended DTX before. Why should others attend?
DTX is an excellent opportunity for several reasons. It's a great place to learn about new products and technologies in the market. You get to see demonstrations and speak directly with vendors, which can be incredibly informative.
Additionally, the networking opportunities are invaluable. I've met colleagues from all over the UK and Europe at these events, forming connections that have been beneficial long after the conference ended.
Q: What are your hopes for DTX this year? What are you looking to achieve or learn?
This year, I have two main objectives. First, I want to reach industry leaders and discuss the benefits of neurodiversity, particularly in cybersecurity and technology. We need to make tech a safe and welcoming space for neurodiverse individuals, and events like DTX are a great platform to spread this message.
Secondly, I'm excited to showcase JLR as a leader in technology and software development, particularly in the automotive sector. As we move towards fully electric vehicles, the role of software and cybersecurity in our industry is more crucial than ever. I want to highlight how JLR innovates in these areas and contributes to the broader tech community.
On a personal level, I'm always eager to learn about the latest developments in threat detection and cybersecurity. The field is evolving rapidly, especially with the increasing role of AI and machine learning, so I'm looking forward to gaining new insights from fellow panellists and attendees.
Jonty Marnoch will be speaking at DTX London, taking place on 2nd and 3rd October at ExCel London. For more information and to register – for free – please visit: https://dtx-london-2024.reg.buzz/