Created with Pinsent Masons

Life as a cyber security leader at an international law firm

Avatar photo

By Philippa Canfield on

Christian Toon, chief information security officer (CISO) at Pinsent Masons, reveals the risks and opportunities associated with digitalisation, as well as how a career in cyber security may be of interest to those studying law

Christian Toon, chief information security officer at Pinsent Masons

Christian Toon, a man with “many hats”, holds both the positions of chief information security officer (CISO) and head of office for business operations in Birmingham at Pinsent Masons LLP.

Joining the international law firm in 2017, having previously worked at one of the Big Four professional services firms, Toon is responsible for Pinsent Masons’ “cyber and information security strategy”. More specifically, Toon works to safeguard the business and its clients against cyber threats and risks that come through information security breaches.

Toon summarises his day-to-day responsibilities using three Ps: “PowerPoint, People, and Politics”. In this context, ‘PowerPoint’ refers to his overall efforts in communication and collaboration — namely “ensuring that all our people understand and appreciate their role they need to play in keeping us safe. Making sure our teams have the right skills, behaviours and awareness to securely go about their day job”.

With regards to the ‘People’, this is about making sure the security team and others across the firm are in their best position to deliver on their objectives. Supporting them as a line manager, mentor or confidante that allows them all to come together and succeed as one.

Then there is the ‘Politics’. “Information and cyber security are not the only risks to our business and are also not all the opportunities we’re exploring,” says Toon. “There are many seats at the table of which we’re only one, so it’s important that we work with others for the greater good of the Firm. Sometimes this means standing down on some of our activity so that others may flourish, and vice versa. This involves a lot of stakeholder management, compromise and negotiation. Especially when it involves trying to keep cyber security at the forefront of everyone’s minds as the remote working revolution continues.”

Inevitably, the pandemic has impacted the quantity and content of Toon’s work, as a shift to remote working has upped our dependency on technology. “Traditionally, the legal sector has underinvested in both technology and security, and the pandemic has brought these deficiencies to light”, says Toon, “as suddenly you are at home and all you have to work with is the laptop in front of you”. Toon reflects upon the “rapid period of adjustment” that we have seen in early 2020, particularly in the legal sector, which has included relaxing some security controls to enable people to work from home effectively, as well as investing in new legal tech, or fixing and improving existing technologies. Good security is about understanding and managing the risks, not controlling the business so much it can’t function.

The biggest risks facing law firms now, Toon tells me, are those around data loss, cyber-enabled financial crime and fraud and disruption to business through something like Ransomware. As such, it is important to ensure that the new technologies being used across the profession have been deployed, implemented and maintained professionally and securely, so as not to leave the business vulnerable to exposure or exploitation further down the line.

Find out more about training at Pinsent Masons

A challenge deriving from this, is the way in which controlling the use of these new technologies can encroach upon the culture and purpose of a business: “There is a fine line on the security front between maintaining the confidentiality, integrity and availability of a business, without being overly invasive in this approach and making your people feel monitored”. Toon remarks that the increased sensitivity we have seen around GDPR in recent years, relating to the use and storage of personal data, only increases the challenge.

Drawing upon the ‘People’ element of Toon’s work responsibilities, his position as head of office for business operations in Birmingham involves developing a sense of “togetherness”, or “virtual togetherness”, in order to mitigate the current absence of face-to-face interactions and social gatherings. One way in which Toon has been able to do this is by offering drop-in virtual AMA’s (Ask Me Anything’s) to answer questions and address concerns amongst those in the office.

Toon also tells me how well Pinsent Masons has been doing with regards to maintaining social interaction amongst staff. Some of the stand-out virtual gatherings that he’s been involved with so far have included virtual bingo, wine tasting, cheese making, cocktail masterclasses, virtual escape rooms, and even a virtual black-tie awards! “People have become very creative in supporting virtual events, everything gets delivered home and you just need to get dressed up and switch on your webcam!”

After spending several years working in London and travelling across the world, Toon felt a calling to return to Birmingham, his first home, and take on a role that would allow him to spend more time with his family. By no means is Toon missing the London life, however, describing Birmingham as a “multi-cultural hotpot of people and places”. Birmingham is very much a vibrant city, having enjoyed an increase in funding over recent years and a huge regeneration of the city centre. The progression of HS2 is also set to develop the connection between Birmingham and London, thereby offering many exciting opportunities for young graduates.

Reflecting upon his career journey so far, Toon says, “I don’t regret much in my life, but I wish I’d gone into cyber security a lot earlier”. According to Toon, over the next three to five years, there is going to be a huge technological revolution in the ways that businesses operate, particularly within the legal industry as it tries to play “catch up”. Toon foresees that the opportunities to develop technologies within the profession will “flood the market”, and so, developing digital and legal skills will help graduates stand out.

For those interested in the legal industry, although perhaps not the legal route specifically, Toon encourages a consideration of cyber, data and technology as potential career paths, naming these as “three of the most employable industries across the globe right now”.

Christian Toon will be speaking alongside other panellists at ‘Secrets to Success Midlands’, a virtual student event taking place on Wednesday 3 February. You can apply to attend the event, which is free, now.

Find out more about training at Pinsent Masons

About Legal Cheek Careers posts.

Related Stories

From labs to law: Why I became an IP lawyer

Chemistry graduate turned Pinsent Masons intellectual property associate, Kirsteen McEwen, shares her career story, ahead of next week’s virtual event with STEM Future Lawyers

Oct 22 2020 3:46pm

The skills lawyers of the 2020s need to succeed

As told by Pinsent Masons tax partner Peter Morley

Oct 22 2019 12:30pm

The tech revolution through the eyes of a data privacy lawyer

Pinsent Masons senior associate Rif Kapadi reflects on the far-reaching implications of GDPR

Jun 26 2019 12:50pm