A Catch-Up with Co-Founder Nick Ashton

Can you tell me a bit about your background?  

So in the past year, I have set Amicis Group up. I focused on developing a diverse skillset of talent from various areas to bring fresh ideas and fresh demographics into the industry, as we look not just to address skills gaps in certain areas but broaden the minds of businesses as to what cyber can be for them.

Prior to that, I have spent the last 10 years professionally in IT, with the most recent 5 years working in cybersecurity. Working in that space with an organisation that is world-leading regarding its technical capabilities has given me good insights into what businesses care about when it comes to accelerating their cyber resilience.

How was Amicis Group formed and how did you meet everyone in the company now?  

Rob Wilson and I have been friends since school.  We already had a property business together and it got to about March last year and whether it was just more time to reflect in lockdown or just thinking about opportunities that I’ve not taken in the past or what I really want to do with my life and now was a really good time to explore that. Rob and I had this sort of conversation all of the time and decided on the cyber industry because of my background. We looked at the areas where I believed that there were opportunities, so that is the route that we went down in terms of planning last summer.

A couple of people that I have worked with very closely in the past who were very strong mentors and friends for me in David Hallam and Peter Wood had both recently become available over the summer. So we started conversations with them and evolved the plan further about how we would take it to market.

In the meantime, we got introduced to Carly Barnes-Short and Ben Rees at PSMG and got to understand their story in more detail, they have a great track record in the training space and some of the stuff that they are involved with is very exciting. They wanted to get into cyber training because they saw the opportunity, but they didn’t have much experience in the industry, so Amicis and Phoenix Sports and Media Group merged to form Amicis Group itself. The conversations continued over the past 6 months and we launched in May.  So it’s been over a year of taking it from fresh air to building a plan and creating some sort of infrastructure, bringing people in, and now delivering courses.

What is your 5-year plan for the business?  

The focus is being the destination for any individual who is looking to establish and evolve their career in the cyber and digital space by delivering best-in-class training programs for that individual. Aligned closely with that we want to make sure that businesses are acquiring the knowledge and skills they need to ultimately design, deploy and continually develop their cyber resilience strategy and be their ally throughout that process.

If I had to cut it down to a motto, it would be, ‘Cyber for All’. Regardless of the route you want to take into cyber, we are your destination. We’ll look after you from the start, supporting you throughout as a business, again regardless of where you are at when it comes to cyber resilience. Whether you are at the very beginning or if you are looking to take that capability further, we’ve got the ability to drive the skills and knowledge into your organisation but sustainably you are staying ahead of the threat actors that exist out there. As long as we are remaining focused on what we are doing for people and what we are doing for the businesses that trust us with their training then we will succeed in our 5-year plan.

Why is it important for businesses to have a cyber strategy?  

As a business whether you’re looking to grow, thrive or innovate you are reliant on technology nowadays, it’s that simple. Technology can be the greatest enabler for innovation and growth in an organisation.

However, if you don’t understand the risks within the infrastructure that you are building and crucially how to manage them and remain resilient to the threats that will just be pouring into your organisation, if you’ve not established that cyber resilience strategy, then you will continue to feel the consequences of that. Be it operational downtime, be it a financial loss, falling trust from clients, or pressure from the regulator. It’s also very damaging to your reputation if as an organisation you are not considered resilient to cyber threats people will be reticent to do business with countless proven examples.

How can an organisation benefit from having a cyber trainee or apprentice?  

I’ve worked with hundreds of businesses on their cyber resilience, and for those who are looking for a service that will take care of an issue there and then, it’s great and it’s important to do that.

However, if that is all you are doing and you are reliant on external bodies to do that for you, by not building that internal knowledge, and missing that skill set to evolve as the business grows then cyber will never be able to be turned into an operational strength and it absolutely can be. I’ve seen first-hand that organisations that invest in cyber knowledge in their business, both to support board-level agendas and then also take care of the day-to-day operations of matters, are a much stronger outfit for it.

They are operationally enabled and a lot of the time they can then take all the great stuff they are doing to build their cyber resilience strength and use that as a commercial differentiator as well. Because of where we are heading, businesses looking to contract with other organisations for a particular service, often now ask questions about how secure potential vendors are as part of their procurement process.

You need those individuals in the business to take care of those matters as well, so address what is important internally to make sure you have that operational enablement. Then be on point when you are going after business where you’re being asked about how secure you are.

Is there anything happening within the cyber industry now that could have an effect on people to come?  

What I’ve seen in the past 2 or 3 years is businesses from a variety of industries going from barely being able to scratch enough pounds and pennies together for an annual security assessment of their critical infrastructure to requesting a six-figure investment in a managed security service.

What’s now happening in 2021 and will continue to happen is the number of threat actors is growing, the level of sophistication accelerates by the day and small businesses can be a target that is very attractive and there’s such a low path of resistance to breaching them and achieving whatever goal they’ve got for undertaking that attack.

So the investment in managed security in some way shape or form is absolutely going to impact millions of more businesses over the next few years than it is right now. It’s driven by fear of being breached and what that will do for them reputationally, financially and in terms of legislation as well.