Cyber Scotland Aberdeen 2025 – Why Cyber Security Matters for Every Business

On 26 February 2025, from 10:00 AM to 12:00 PM, TechForce Cyber hosted Cyber Scotland Aberdeen 2025 at Robert Gordon University in partnership with Arctic Wolf and Robert Gordon University. Our aim was to explain why every organisation, regardless of size or industry, needs a clear incident response plan, a secure supply chain, and a practical approach to deciding whether to build an internal Security Operations Centre (SOC) or outsource that function. We also explored what happens behind the headlines when a breach occurs, shedding light on how public perception and organisational transparency play critical roles in cybersecurity.

Rather than listing each talk in chronological order, we have structured this piece as a blog article that captures the overarching themes, the speakers’ viewpoints, and the practical guidance offered to businesses. We hope this format makes it easier for you to apply the lessons to your own company.

The Context: Why Aberdeen?

Aberdeen is known for industries like oil, gas, and maritime services. Over the years, these sectors have modernised and become increasingly reliant on data-driven operations. Cyber threats have evolved in parallel, targeting not only large multinationals but also mid-sized and small organisations. As a result, cybersecurity is no longer optional. It is essential for business continuity and reputation management.

TechForce Cyber, Arctic Wolf, and Robert Gordon University organised Cyber Scotland Aberdeen 2025 to help attendees see that cybersecurity extends beyond antivirus software or firewalls. It is about building resilience through clear plans, robust supply chain practices, and well-informed decisions on whether to manage SOC operations internally or partner with an external provider.

Speakers and Their Focus Areas

We invited five experts, each with a different perspective on cybersecurity:

1. Hatem Ahriz, Senior Lecturer, Robert Gordon University

Hatem opened the event by outlining the core cyber risks faced by businesses of all sizes, from phishing and ransomware to insider threats. Drawing on academic research, he highlighted how theoretical models can help organisations predict vulnerabilities and design better defences. Hatem also urged Aberdeen-based companies to collaborate with educational institutions to stay updated on the latest trends in cybersecurity. He stressed the role of knowledge-sharing in keeping local industries resilient.

2. Jai Aenugu, CEO and Founder of TechForce Cyber

Jai focused on incident response plans, emphasising that preparedness can be the deciding factor between a costly crisis and a manageable event. He gave examples of organisations that had a well-tested incident response strategy, allowing them to contain threats quickly and protect sensitive data. Jai also warned that simply having a document labelled

“incident response” is not enough. Teams must rehearse their roles through tabletop exercises to ensure that everyone knows what to do in the critical first few hours of an incident.

3. Brian Stewart, Senior Sales Engineer Scotland, Arctic Wolf

Brian discussed the question of whether to build an internal SOC or outsource these capabilities to a managed security service provider. He pointed out that an internal SOC allows for greater customisation and closer alignment with a company’s operations but requires significant investment in technology and talent. Outsourcing can offer 24/7 specialised coverage at a lower total cost, but some businesses hesitate to cede control of their security operations. Brian suggested a hybrid approach for mid-sized organisations—maintain a small in-house team for quick response and delegate extensive monitoring to an external partner.

4. Shabnam Bisafer, Global Cyber Security Manager, EnQuest

Shabnam examined the importance of supply chain security. She shared instances where a third-party vendor’s lax protocols led to a breach at a major enterprise. To prevent such scenarios, Shabnam recommended establishing minimum cybersecurity standards for all partners and conducting periodic audits. She also reminded the audience that these efforts should be collaborative rather than adversarial. Vendors who see security requirements as a shared responsibility are more likely to make genuine improvements.

5. Dr. Zibby Kwecka, CISO, Arnold Clark

Dr. Kwecka closed out the speaker lineup by exploring what truly happens behind the headlines of a cyber incident. Drawing on his experience as a CISO, he explained how public perception can spiral if companies are not transparent. He advised businesses to be honest about breaches once the facts are confirmed, rather than allowing rumours to fill the void. Media outlets, customers, and regulators expect timely updates and clear communication. Dr. Kwecka also underscored the legal obligations organisations might face when customer data is involved.

Why Incident Response Plans Matter

A recurring lesson from the event was that no organisation is immune to cyber threats, and waiting until an attack happens to decide what to do is a recipe for chaos. An incident response plan is not just a technical document—it is a strategic tool.

Key Points from Jai Aenugu:

1. Role Clarity: Clearly define who has decision-making power and who coordinates communication.
2. Scenario-Based Procedures: Plan for different types of incidents (phishing, ransomware, DDoS) with specific protocols.
3. Regular Drills: Conduct tabletop exercises to simulate breaches. This builds muscle memory and identifies gaps in the plan.
4. Post-Incident Analysis: After any breach, even a small one, review what went wrong and how to improve next time.

Jai emphasised that the speed and coherence of the response directly impact how much damage is done. A confused reaction often prolongs downtime, leaks more data, and erodes customer trust.

The Silent Threat of Supply Chain Security

Shabnam Bisafer’s presentation made it clear that even the best internal defences can be rendered moot by weak links in the supply chain. If a supplier or partner does not follow basic security protocols, attackers can exploit that gap to infiltrate your systems.

Shabnam’s Practical Suggestions:

• Set Baseline Security Requirements: Update contracts to include clauses on encryption, multi-factor authentication, patch management, and incident reporting.
• Partner Audits: Periodically verify that suppliers are adhering to your agreed-upon standards.
• Mutual Accountability: Treat suppliers as collaborators in security efforts, not adversaries.

Several attendees raised concerns about how to enforce these requirements without damaging relationships. Shabnam pointed out that the cost of a breach can be far higher than the investment in better security. When both parties understand the stakes, they are more willing to work together.

Internal vs. Outsourced SOC: Brian Stewart’s Take

Brian Stewart tackled one of the biggest debates in modern cybersecurity: whether to create an internal SOC or outsource it. He illustrated the pros and cons of each option.

Internal SOC:

• Pros: Maximum control, deeper integration with the company’s environment, immediate internal coordination.
• Cons: High upfront costs, difficulty recruiting and retaining qualified analysts, continuous training needs.

Outsourced SOC:

• Pros: 24/7 professional monitoring, potential cost savings, access to advanced tools and expert talent.
• Cons: Reduced direct oversight, possible communication lags, reliance on a vendor’s business model.

Brian recommended a careful risk assessment before deciding. Some organisations prefer the agility and specialisation of a managed service, while others demand the direct oversight that an internal SOC provides. Hybrid arrangements can strike a balance.

Academic Perspective with Hatem Ahriz

As the opening speaker, Hatem used real-world case studies and academic frameworks to show how cyber threats evolve over time. His focus was on bridging theory and practice:

• Predictive Models: Identifying patterns that lead to breaches can help organisations plug vulnerabilities proactively.
• Collaborative Research: Universities can partner with companies to test new defence mechanisms in controlled environments.
• Continuous Learning: Students entering the workforce with up-to-date cybersecurity knowledge can become a valuable asset to local businesses.

Hatem ended his session by inviting attendees to explore research initiatives at Robert Gordon University, underlining that academia can be a powerful ally in staying ahead of sophisticated attacks.

Behind the Headlines: Dr. Zibby Kwecka’s Insights

Dr. Kwecka rounded off the event by addressing the realities of public perception when breaches occur. He explained that once a story hits the media, it can take on a life of its own if the organisation does not provide clear, factual updates.

Dr. Kwecka’s Checklist for Handling Breach News:

1. Acknowledge the Incident: Confirm you are aware of the breach as soon as you have verified facts.

2. Be Transparent: Hiding details often leads to speculation, which can worsen reputational harm.

3. Offer Support: Whether it is identity theft monitoring or regular updates, show stakeholders you are committed to protecting them.

4. Follow Legal Obligations: Know the reporting requirements for your industry and region.

Attendees asked about potential pitfalls of being too transparent. Dr. Kwecka acknowledged that while you should not release unverified information or hamper an investigation, being forthright with the data you do have can prevent rumours from filling the gap.

Key Takeaways for Your Business

Bringing together academic research, real-life incident response examples, and supply chain warnings, Cyber Scotland Aberdeen 2025 emphasised that cybersecurity is a shared responsibility. Below are some core takeaways that apply to nearly any organisation:

1. Document and Rehearse an Incident Response Plan: A dusty manual is no use in a crisis.
2. Secure Your Extended Network: Your security is only as strong as the weakest link among your suppliers and partners.
3. SOC Planning: Decide whether an internal SOC aligns with your resources, or if an external solution offers the coverage you need.
4. Manage Public Perception: Have communication strategies ready. A breach does not have to be a PR disaster if handled transparently.

DOWNLOAD THE SLIDES

Shabnam's presentation - CLICK HERE

Jai's presentation - CLICK HERE

Looking Ahead: Collaboration and Continual Improvement

At TechForce Cyber, we believe in ongoing collaboration between industry experts, educational institutions, and managed service providers like Arctic Wolf. The threats we face today are not the same as those we will face next year, which is why continuous learning and adaptability are crucial.

We encourage businesses to follow up on the advice shared during the event:

• Reach out to Robert Gordon University if you want to participate in research or internship programmes.
• Consider scheduling an audit of your incident response plan or supply chain security posture.
• Weigh the pros and cons of in-house vs. outsourced SOC, factoring in budget, expertise, and compliance needs.

Cyber Scotland Aberdeen 2025 was a reminder that none of us operates in a vacuum. Cybersecurity is an ecosystem, and every participant—company, university, vendor, or service provider—plays a role in keeping Aberdeen’s businesses resilient. When we work together and share insights, we reduce the collective risk.

Conclusion

Over the course of two hours, our speakers delivered a comprehensive look at the realities of modern cyber threats. From opening perspectives on the evolving risk landscape to the specifics of incident response and supply chain security, each session offered concrete steps to fortify your organisation.

Whether you opt for an internal SOC or partner with a managed security provider, do not wait for a breach to test your resilience. Draft that incident response plan, audit your suppliers, train your teams, and be transparent if a breach occurs. This collective approach can help Aberdeen’s business community thrive in a digital-first era.

If you have questions, need guidance, or want to explore partnerships, feel free to contact us for more information. Together, we can make cybersecurity a shared strength rather than an afterthought.