“I watched my wife head out to catch her tube and, for the first time ever, I was pretty worried,” Dan Jeffery recalls. “She’s a nurse and at the time she was pregnant with our first child. Even though she is infinitely sensible and was taking all the precautions she could, it was a real wake up moment and a crystal clear recollection for me.”
As the memory of the early days of the pandemic rears its ugly head, it’s the first – and only time – in our chat that Jeffery’s trademark geniality and bonhomie fades a little. The good news, however, was that he was able to channel this concern into his role at NHS Digital, where he was heading up cyber innovation, delivery and business operations. It was not a job for the faint of heart.
“As we found our rhythm with the remote working, the demand ramped up for digital support – things like the NHS App and the delivery of a Cyber Defence Operations Centre – and so the pressure and the demand on individuals increased over time,” he recalls. It’s been a similar context at NHS Blood and Transplant (NHS BT), the authority he joined last September, where he is now chief information security officer and assistant director for data.
“The cyber team was, at the start, basically one person who was swamped and very busy,” he recalls. We had to put in additional resource and some clear objectives. And the information governance team – which is more focused on the clinical side – has been equally busy putting in place and enhancing all the relevant data protection and processes to enable the free flow of data and information to support initiatives like convalescent plasma trials.”
The operational pace is clearly intense and pressured – but I get the sense that that’s exactly how Jeffery likes it.
Jeffery is speaking to me from his home in London – an apt location given our discussion soon turns to the topic of hybrid working. As my colleague Martin Barber has recently explained, this is something that BAE Systems Applied Intelligence is embracing and Jeffery, too, is by and large a fan of this new approach.
“The choice primarily needs to reside with the individual,” he says. “There’s a whole host of factors – home life, mental health and wellbeing and so on – which will influence where and how an individual will want to work. I have a consulting background so I’m used to working all over the shop but even I now wince at having to get up at 4:30am to make the first train from London to Leeds in order to be there for an 8:30am meeting. That just seems ludicrous now.”
He says that hybrid was destined to become more widespread anyway – largely through the maturity of digital collaboration tools and platforms – but it’s been accelerated exponentially by the pandemic. “I think this is for the best, as long as employers actually do the right thing by it,” he adds. “I find it difficult to accept any argument that working from home diminishes your value by any respect in terms of the skills you bring to bear.”
Certainly, his own skills have been well in demand at NHS BT – the national authority which provides blood and transplantation services to the NHS.
Its responsibilities centre on managing the donation, storage and transplantation of blood, organs, tissues, bone marrow and stem cells, and researching new treatments and processes. In other words, it is tasked with ensuring that the NHS makes the most of absolutely every donation, including blood, organs, tissues and stem cells. In doing so it gives a lifeline to thousands of people every year.
Its delivery responsibilities – which place it at the very heart of the NHS – were crucial in luring Jeffery over from his previous role. “NHS Digital is truly amazing but it is a provider of services rather than being accountable for the direct delivery of patient outcomes and clinical services,” he explains.
“What I wanted to do in terms of career was go and feel the burden of accountability at a senior level in an organisation that provides critical national services – which is exactly what NHS BT does. Without it, surgeries, casualty units and so on simply can’t operate for long. Yes, we are a monopoly provider but one that is crucial in enabling the NHS to exist in its current form. The only other option would be multiple suppliers in an open market which drives interesting behaviours around quality versus cost and profit.”
“Yes, we are a monopoly provider but one that is crucial in enabling the NHS to exist in its current form. The only other option would be multiple suppliers in an open market which drives interesting behaviours around quality versus cost and profit” Dan Jeffery, CISO and Assistant Director for Data, NHS Blood and Transplant
Looking across the health sector as a whole, Jeffery surveys a landscape adorned by challenges large and small. “The short term will be about the readjustment to the new ‘new normal’ – however that ultimately works out,” he says.
And while one priority will be the ongoing development of its plasma for the manufacture of medicines programme, looming even larger is the growing waiting-list of about five million elective surgeries across the NHS, much of which is rooted in delays caused by the pandemic. Of these, a sizeable number will require some form of blood, and a smaller number will require elective transplants.
“These numbers will need to be reduced and the key issue will be supply,” admits Jeffery. “If we cannot attract enough donors then how are we going to be able to support the NHS? And with organ donations, even at the best of times only two per cent of the population die in circumstances in which donations can be carried out.”
A new initiative which aims to help address these challenges is NHS BT’s drive for blood plasma donations – the first in more than 20 years. The plasma will be fractionated and used to make antibody-based medicines – called immunoglobulins – for the thousands of people who rely on such medicine for short-term or lifelong diseases and genetic disorders.
Jeffery is also eyeing up how his organisation can help fuel the UK’s general rebound from the pandemic. “We want to identify how we can play our part in the economic recovery – particularly through our research and innovations, working out which areas of our development programmes can be converted into things that have economic value,” he says. “Given that 80 per cent of all genomic research is done in the UK. I think this will be a really interesting area over the next couple of years.”
Jeffery is no health lifer – he’s only been in the sector since 2016. His initiation occurred during his previous life as a management consultant when he was tasked to develop the cyber strategy of NHS Digital. There was certainly much to be getting on with.
“At the time they were relying on a £5 million system to defend a multi-billion asset and I just found it fascinating to pull together,” he recalls. “Here was an interesting, complex and important sector possessing some unique – but mostly solvable – challenges and it was just a case of getting the right people in the right room to make an informed and correct decision around things like spending and priorities.”
Coincidentally, having written up a new cyber strategy, on the very day that it was to be presented to the NHS Digital board, the WannaCry ransomware attacks occurred – a worldwide cyber incident by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system. Talk about timely.
“There’s nothing like a burning platform to focus minds,” admits Jeffery, “and ultimately the strategy ended up as the backbone of a £152 million cyber programme, with another £300 million for a Windows 10 roll-out secured separately. And subsequently I was then asked to move across permanently and take on the delivery too.”
This was a genuine career crossroads moment – stay on the consultancy track towards partner or take the plunge into public service? In truth, it sounds like it was an easy decision. “I thought it was a once in a career opportunity to really make a massive impact on something I really cared about,” he says.
“This was a chance to fundamentally shift the dial and help provide the conditions for the NHS to realise the full potential of the digital revolution because security is a key enabler for this. We wanted to move security from being seen as something that stops stuff to something that is viewed as an enabler of the wider NHS objectives. It was the sort of opportunity that I would always have regretted turning down.”
A lawyer in the house – kind of
Interestingly, Jeffery is a lawyer by training. “I always wanted to be a lawyer and studied law as an undergraduate degree – but I then did a summer internship but found it less than interesting to say the least,” he says, laughing. “I liked the academic side – how to construct a debate – but couldn’t see myself doing it as a profession.”
Instead, he pursued a Master’s in Middle Eastern politics with Arabic before going to work for the Royal United Services Institute as an analyst. “I was working on Middle East issues and one of those was cyber security, together with things like Big Data and the implications for privacy – I just found it very interesting. I saw it as an area of continuous growth and opportunity as it will continuously evolve.”
His final role in the private sector prior to joining NHS Digital was at Accenture, where he established its security strategy and risk practice in the UK. In all of his positions, including his roles in the NHS, he says that his legal training has been far from wasted.
“I’m not overly technical but I’m able to translate technical language into messages and convey it in a way that senior executives and people who know nothing about technology can understand,” he explains. “A large part of that is borne out of the skills I learned in my law degree, and being able to map it to regulatory compliance and general risk for an organisation as it seeks to achieve its objectives.”
There’s no doubt that Jeffery has no regrets about making cyber the basis of his career – and why should he? It’s given him a diverse and challenging career across the public and private sectors, as well as an opportunity to drive real change at the heart of the UK’s health and social care system.
That all said, he is at pains to stress that his is a mission to remove any glamour attached to his chosen profession. Not for him the image of a hero cyber defender repelling attacks – instead, he wants cyber to take its place amongst the other normal everyday tasks and risks facing any organisation.
“I’ve always tried to make it less sexy,” he admits. “I don’t want cyber security to be something to be afraid of – I want senior executives to grasp it and have a level of understanding to determine what is scary and what isn’t. It’s getting them to a point where they manage it the same way as they would clinical risk or financial risk – it’s here to stay and it’s something that we will have to get to anyway.”
“I don’t want cyber security to be something to be afraid of – I want senior executives to grasp it and have a level of understanding to determine what is scary and what isn’t” Dan Jeffery, CISO and Assistant Director for Data, NHS Blood and Transplant
Jeffery admits that his recent ascent to fatherhood – his son, Naite is now ten months – has prompted something of a change of outlook. “I used to be more blasé about work life balance and just plough on to work stupid hours,” he says. “But it’s made me realise that what I want to do at work is meaningful – I want to be able to talk to Naite when he is older and point to the impact and value.”
Helping safeguard the NHS from cyber attackers both in the midst of a pandemic and beyond would seem to be a good place for this future conversation to start.
About the author
Gary Poole is Head of Security Capabilities for BAE Systems Applied Intelligence email@example.com
- All roads lead to IT. Victoria Higgin has her pedal to the metal. The CIO of Highways England tells Mivy James about growing an IT function, digital literacy and life connecting communities up down the country
- Catching the new technology train. Thomas Bennett may have spent his career focusing on cyber security but he remains an optimist at heart – and a passionate fan of technological advances. He tells Nadia Doughty about his life as the security business development manager of Norway’s Telenor Group
- Conflict in the grey zone: Preparing ourselves against cyber opponents. When it comes to the cyber arms race, Miriam Howe says that preparation, collaboration and adaptability are critical
- Moving out of the fast lane. When it comes to new technology, organisations would be better served by slowing down and considering whether they first really need it. Holly Armitage explains why it’s better to hit the brakes
- Transformation through innovation. Agile is everywhere for software development but are government organisations getting off to the best possible start? Ian Horlock investigates…