As Head of IT for the BWT Alpine Formula One Team, Joshua David is responsible for managing the IT and cybersecurity needs of a workforce which demands speed.

That isn’t just on track, at over 20 race circuits around the world during a Formula 1 season, it’s on the pit wall, it’s in the garage and it’s back at the Alpine headquarters in Enstone, Oxfordshire.

Whether analyzing data to make split-second strategy decisions during races, or conducting the cutting-edge research and development to build updates for the car, swift access to IT systems is key.

All that data and intellectual property needs to be kept safe from a range of cyber threats. But in the high-speed, high-pressure environment of a Formula 1 team, it’s especially vital that cybersecurity protections don’t restrict engineers, mechanics, analysts and other staff from doing their jobs.

In this conversation with Infosecurity, David detailed how he ensures that cybersecurity is balanced with technological innovation, why it’s so important for cybersecurity staff to communicate with the rest of the organization, how he plans to futureproof Alpine against evolving cyber threats.

Infosecurity Magazine: Why is secure and reliable access to data particularly important to the BWT Alpine Formula One Team?

Joshua David: Data is the backbone of the sport. Certainly, from an IT perspective, it’s our job to give the engineers the information they need as soon as possible so they can make the decisions that impact the car performance. When we talk about strategy or pitstops, that’s seconds which are critical to our race result.

It’s not about just the platforms being stable and running, it’s how quickly we can get to those solutions. It makes us more agile and efficient as team which ultimately increases the performance of the car.

On the infrastructure and hardware side, it’s often completely different sets of equipment depending on whether we use sea or air freight.

We need to know what we’re running, and we look at the overarching connectivity. Being able to see everything in that single pane of glass: we can see if it’s a local issue or our connectivity, our engineers can quickly get to the problem

IM: What are some of the key cybersecurity challenges you need to manage at Alpine?

JD: We are very conscious that we don’t want to impact the development or performance of the car with our security controls. We design everything in a way that compliments what our engineers want to do.

The key for me is visibility, seeing which services are in use and that we can capture shadow IT. But also having that granular functionality, so we’re not just blocking or allowing services. We are able to get really granular and integrate with APIs to make sure we’re allowing functions that are required, while limiting the risk from a cybersecurity perspective.

Something like that goes a long way to make sure everyone sees what we are trying to do with security culture, and I hope we are doing it in a way where they see we’re not trying to stop them doing what they need to.

IM: How do you drive cybersecurity awareness while also balancing security and efficiency in such a fast-moving, high-pressure environment?

JD: I wouldn’t say we’re perfect by any means but it’s a continuous process. The key thing I want for my team is to have that personal touch.

If someone raises something, we don’t just want to be hiding behind keyboards and emails, we want to go to speak to people, understand why they are doing what they are trying to do.

Formula 1 engineers are some of the most intelligent people in the world and if there is a barrier in their way, they will find a way around it. They will find the optimal path to the end result and it’s our job to understand that we’re all one team, all focused on one end goal. We need to work with people on a personal level.

Also, we have got a complex network architecture here which has grown in size and complexity over the years and as cybersecurity has evolved, it has become more and more of a focal point for us.

We had a number of different products and platforms that ran on disparate systems and we got to a point where we stopped and looked at what we wanted to achieve with our strategy over the next five years. And some of the key features of the Cato Networks platform aligned with exactly what we wanted.

We chose technology because it met everything we needed to do when we talk about performance, resiliency, simplicity, it was a straightforward tick box in all of those areas.

IM: How is technology helping you to efficiently manage cybersecurity strategy and solve cybersecurity challenges?

JD: Our cybersecurity vision is all based around evolving with the threat landscape. Not being set in stone and rigid so we can’t change, making sure we can adapt.

The perfect example of that is Cato Networks and generative AI. Straightaway, within a matter of hours of rolling out the platform we were in a better place around granularly giving our staff access to those [gen AI]tools.

That’s not just good from a security perspective, but it’s also good from an efficiency perspective. We can open many more opportunities because we can control the risk. We can be a lot quicker with how we get to requests for projects for racing environments and we can achieve them so much faster now.

That’s the outcome we wanted. It’s making life easier for our infrastructure teams and race teams and being able to give the business what they need to target those incremental performance gains.

IM: How do you set up secure, reliable infrastructure at 22 locations around the world during the F1 season?

JD: It’s a well-rehearsed orchestra. We like to be careful around introducing new technologies to those racing environments because we have to be able to rely on them at the most critical times of the season. And if something does go wrong, we have very little time to react and resolve issues. So, we go through a rigorous testing process, but we’re always looking for technologies to reduce that set up time.

For example, Cato Networks being able to auto-connect to give us connectivity immediately. It’s a real step forward for us to be able to implement those technologies that cut hours from our set up time.

We’ve got engineers telling us they can get access to data that they previously had to wait 30 minutes to get to, but now when the car is travelling on track, between turns, they can access that data immediately.

IM: How do you look to future-proof cybersecurity and IT against technological developments and innovation?

JD: From the protection standpoint, we’re really investing in those platforms which have been built. Making sure that it’s just choosing your core infrastructure, that you need to make sure that these platforms are ready to scale,

So, we’re putting a lot of effort into how we select our vendors and it’s paying dividends for us so far. We’re really pleased with how we’ve been able to progress.

For the future, it’s understanding that we’ll never be finished, it’ll never be complete and we will have to keep reinventing ourselves and our technology.

We’re not just trying to protect against new technologies, we’re trying to benefit from them as well

IM: What is the most significant challenge in cybersecurity at the moment?

JD: There is never going to be an end to work, to the risks or the vulnerabilities and it’s being able to see through the trees and see what’s most important.

It always goes back to the basics. You just need to be exceptional at the basics. There will always be new buzzwords that come along, but we just keep going back to the basics and focusing on making sure we do everything correctly.

IM: What has been the biggest success in cybersecurity in recent years?

JD: For me, it’s around how breaches are dealt with nowadays. When I started in IT, it was sort of a taboo subject, you never spoke about it.

But now how public everyone is with breaches and how that information is shared openly, so that others, we can take the learnings from them and the whole community that comes out of that. There’s so much information, so many practical steps on how you can improve out there.

IM: What’s one piece of advice you’d give to other cybersecurity leaders?

JD: You have to find a way of dealing with stress and focusing on what’s important. I’m in a very fortunate position that for all of the high workload and pressure, there’s the positive of the end result we’re able to see on track most weekends.

When it comes to cybersecurity, it’s focusing on what really matters. You can really see the things that reduce the likelihood of you being breached and your organization being affected.

It’s very easy to focus on what matters for IT and cybersecurity, but really, it’s about what matters for the organization.

Image credit:  Motorsport Photography F1 / Shutterstock.com