The NCSC’s new and first Chief Technical Officer (CTO) Ollie Whitehouse is a seasoned hacker with deep technical nous whose “knowledge of software security appears to exceed that of most governments” as one colleague lauded him enthusiastically in a LinkedIn recommendation.
Announcing the new hire on September 1, the NCSC said that Whitehouse will “play an instrumental role in shaping and delivering the UK’s national approach to cyber security, working to combat the cyber threats we face today at scale, and building our collective resilience…”
Whitehouse was until late 2022 CTO of LSE-listed NCC Group. He married that senior role with a close and ongoing engagement with security-at-the-coal-face, authoring blogs on subjects like “detection opportunities for implant framework behaviour on Windows” or the root cause of CVEs of interest – and admitting in an earlier biography for a talk that he “still performs applied research in the twilight hours in aspects of cyber offence and defense…”
New NCSC CTO: "A big sigh of relief"
The new NCSC CTO will, the agency – part of cyber and signals intelligence agency GCHQ – said in a release, “help maintain the NCSC’s role as the National Technical Authority for cyber security and be influential in tackling the challenges of tomorrow, from diversifying the pipeline of expert talent to anticipating technological capabilities, to ensure the NCSC remains at the forefront of digital developments”.
Whitehouse was hired not as a direct replacement for, but certainly in part to fill the gap left by Ian Levy, NCSC’s respected technical director who left for the private sector last year. The influential agency having hired someone with highly technical chops and an appreciation for the role offensive as well as defensive security can play as been welcomed warmly by many of the UK’s leading CISOs as well as security firms, with Rob Stemp, CEO at Red Maple Technologies noting on LinkedIn that “I think a large number of cyber professionals in the UK are giving a big sigh of relief tonight, I am.
“Right person, right role. Doesn’t always happen.”
Whitehouse has previously written to Parliament in favour of reforming the UK’s Computer Misuse Act, noting in 2020 in an email to The Stack’s Ed Targett that “[The CMA] criminalises any access to a computer system without permission of the system owner. Threat intelligence and security researchers, by the very nature of the work they are undertaking, are often unable to obtain that permission…”
In a meet-the-team video from NCC Group in 2019 that asked what skill he would like to master at work, he responded: "I have a tendency of using overly emotive language and so being able to moderate that and adjust it to the audience is one I'm currently working on!"
Whitehouse’s appointment as the NCSC CTO comes as the agency takes an increasingly proactive approach to security UK Plc., for example as earlier noted by The Stack it started using honeypots in late 2022 to identify the sources of brute force attacks against common protocols and take down their infrastructure, whilst in late 2022 it started scanning all internet-exposed devices hosted in the UK for vulnerabilities.