Paul   McKay

Paul McKay

Senior Analyst Serving Security & Risk Professionals

Paul is a senior analyst on the security and risk team and a Certified Information Systems Security Professional (CISSP). Paul works with organizations to help them shape and deliver their cybersecurity strategies to support the delivery of their core business vision. Paul’s research coverage includes cybersecurity, Europe-specific regulation for cybersecurity, cyberstrategy/governance, cyber-risk management, and the managed security services provider and consultancy market in Europe. Paul’s research focus is geared toward the needs of our European client base, delivering insights in cyber specific to the challenges in the European market.

Previous Work Experience

Prior to joining the security and risk team, Paul spent nine years in the consulting industry providing cybersecurity advisory services to clients in all industries in the UK and Europe.

Paul was most recently a senior manager at EY, focused on private sector clients. Paul's prior consulting specialties included developing security strategies, target operating models, security architecture, and business technology and IT delivery programs. Paul has also previously worked at Deloitte and Accenture.

Education

Paul holds a BSc (Hons) from the University of St Andrews in computer science and mathematics. He has recently graduated with his MSc with Distinction from the University of Oxford. Paul is also a Chartered Engineer member of the British Computer Society and a CISSP.

Paul McKay

Senior Analyst Serving Security & Risk Professionals

Paul is a senior analyst on the security and risk team and a Certified Information Systems Security Professional (CISSP). Paul works with organizations to help them shape and deliver their cybersecurity strategies to support the delivery of their core business vision. Paul’s research coverage includes cybersecurity, Europe-specific regulation for cybersecurity, cyberstrategy/governance, cyber-risk management, and the managed security services provider and consultancy market in Europe. Paul’s research focus is geared toward the needs of our European client base, delivering insights in cyber specific to the challenges in the European market.

Previous Work Experience

Prior to joining the security and risk team, Paul spent nine years in the consulting industry providing cybersecurity advisory services to clients in all industries in the UK and Europe.

Paul was most recently a senior manager at EY, focused on private sector clients. Paul's prior consulting specialties included developing security strategies, target operating models, security architecture, and business technology and IT delivery programs. Paul has also previously worked at Deloitte and Accenture.

Education

Paul holds a BSc (Hons) from the University of St Andrews in computer science and mathematics. He has recently graduated with his MSc with Distinction from the University of Oxford. Paul is also a Chartered Engineer member of the British Computer Society and a CISSP.

Paul McKay's Research

Most RecentMost Popular
  • For Security & Risk Professionals

    REPORT: The Forrester Wave™: Managed Security Services Providers (MSSPs), Europe, Q4 2018

    The 14 Providers That Matter Most And How They Stack Up

    November 19, 2018Paul McKay, Jeff Pollard

    In our 26-criterion evaluation of European managed security service providers (MSSPs) we identified the 14 most significant ones —Accenture, Atos, BT, Capgemini, Deloitte, Fujitsu, IBM, NTT, Orange Cyberdefense, Secureworks, Symantec, Trustwave, T-Systems International, and Wipro — and researched, analyzed, and scored them. This report shows how each provider measures up and helps security leaders make the right choice.

  • For Security & Risk Professionals

    REPORT: Get Fighting Fit For EU's NISD

    The Hype Of GDPR Buried An Equally Important EU Cybersecurity Regulation

    October 5, 2018Paul McKay

    Over the past few months, organizations operating essential services across Europe have been finding out if they are in scope of the EU Network Information Systems Directive (NISD). The directive aims to improve the security and resilience of essential services such as utilities and healthcare and digital services such as cloud infrastructure. This report examines the current state of NISD preparedness across Europe and gives CISOs advice to get your organization ready by leveraging existing security capabilities and GDPR investments.

  • For Security & Risk Professionals

    REPORT: All The Fun Of The Fair: Lessons From Infosec Europe 2018

    Basic Security Hygiene Is Back In Vogue

    September 20, 2018Paul McKay, Enza Iannopollo

    Early June in London saw thousands of cybersecurity professionals gather for the Infosecurity 2018 conference, the largest event of its kind in Europe. The event is a carnival of the cybersecurity industry, with more than 1,500 vendors exhibiting their products. The show gives a good indication of the key issues that are at stake in the European cybersecurity industry. This report examines the most critical trends from the event and what they mean for you and your organization.

  • For CIO Professionals

    REPORT: The Strategy Handbook: How CIOs Can Drive Security And Privacy Improvement

    Strategy: The Cybersecurity And Privacy Playbook

    July 31, 2018Paul McKay

    As CIO, you must work with the chief information security officer (CISO) and chief privacy officer (CPO) to develop the cybersecurity and privacy strategy for your firm's business. This report lays out the roles that each must play in developing and refining that strategy. It gives CIOs the tools you need to challenge, support, and validate the strategy developed by your CISO and CPO colleagues throughout that process.

  • For Security & Risk Professionals

    REPORT: Master Your Security Service Catalog

    Processes: The S&R Practice Playbook

    July 24, 2018Paul McKay

    CISOs are increasingly expected to show their peers in the executive suite how security aligns to business needs. Today, too many CISOs are focused only on delivering technical controls, which results in a poor experience for the business. Instead, security leaders should explain to business stakeholders what they're getting when they invest in security and how it fits with their priorities. This report explains how to develop a security process framework to describe business-aligned services and helps you optimize these services for business and customer success.

View all of Paul McKay's Research

Clients Who Work With Paul McKay Also Work With:

View all related analysts