After Baker discovered his first hack, he was fascinated by the world of cybersecurity.

At the age of 8, David Baker had discovered his first hack.

While struggling to progress in a video game, Baker discovered the files were labelled in a pattern: level1.xxx, level2.xxx, and so on. Upon copying the file level4.xxx, renaming it level1.xxx and booting the game, Baker found himself starting at level 4.

“That was it,” Baker says. “I was hooked.”

Without internet access, IT books or mentors, Baker discovered his first hack through curiosity and experimentation alone. This fascination compelled him to pursue an honors degree in Computer Studies at the University of John Moores, then a master’s in Cybersecurity from the University of Chester, where he graduated with distinction.

Throughout his career, Baker has held several cybersecurity positions, including a PC/Network Support Officer at Flintshire County Council and a Head of Information Technology at ClwydAlyn. Currently, Baker serves as the Head of Automation and Technology at Shropshire Council, where he oversees the organization’s technology infrastructure, architecture, and information security management, develops and executes the organization's technology strategy, collaborates with executives, and leads innovation initiatives.

“Something I champion in my role is the principle of becoming ‘digital by choice’ rather than ‘digital by default,’” explains Baker. “The distinction, while simple, carries profound implications for our approach to digital services. I am dedicated to ensuring the Council’s digital services are so exceptional that residents actively choose to engage digitally, creating a more inclusive and efficient system that ensures those unable to engage digitally aren’t left behind. This approach allows technology to enhance the Council’s service delivery, freeing up staff to focus on residents who require more traditional, personal interactions.”

Baker also serves as the Co-Chair of Shropshire’s Digital Inclusion Network, where he aims to close the digital gap within the community. Baker explains, “We collaborate with both local and national government officials, the National Health Service, community organizations, businesses and technology partners to promote digital literacy and ensure inclusive access to digital services for all residents. Through workshops, training programs and community outreach efforts, the network enables Shropshire residents — regardless of their age, income or ability — to feel confident and capable when using digital technologies. The network empowers individuals to access essential services, educational resources and employment opportunities, ultimately improving their quality of life and creating a more connected, informed and inclusive society.”

 I’ve come to understand that taking care of your people is the key tosecurity lea achieving organizational success.

Unique cybersecurity challenges in local government

Like any industry, the government sector presents unique challenges for cybersecurity professionals. In Baker’s experience, these difficulties include:

• Managing budget restrictions
• Navigating compliance requirements, bureaucracy and red tape
• Coordinating interagency collaboration
• Privacy concerns for sensitive information

Another challenge Baker notes is balancing risk aversion and innovation. Baker states, “While innovation is essential for progress, local governments often exhibit a cautious approach to risk. The potential consequences of failed initiatives can be severe, leading to public backlash and political ramifications. We must strike a balance between pursuing innovative solutions and managing risks effectively. This cautious approach can sometimes stifle creativity and slow the adoption of new technologies and practices.”

Furthermore, cybersecurity professionals in local government positions can experience significant political impacts on their work.

“Political influences play a substantial role in the government industry,” Baker says. “Policies, priorities and leadership can change significantly with each election cycle, impacting the direction and continuity of government initiatives. Employees must remain adaptable and prepared for shifts in policy that can affect their work. Additionally, government professionals must navigate the delicate balance of implementing policies while remaining apolitical and unbiased, ensuring that their actions serve the public interest rather than political agendas.”

Supporting the community

Baker volunteers with Cyber Wales, a collaborative cyber ecosystem connecting a community of government bodies, businesses, academia, and cyber experts for the purpose of fostering greater cybersecurity abilities in Wales.

“By working together, these entities can share knowledge, resources, and best practices to address common cybersecurity challenges,” Baker states.

Over the years, he has attended meetings as a member as well as a speaker, offering hacking demonstrations and educational talks to promote knowledge sharing and cyber industry growth. Baker recommends new cybersecurity professionals find ways to volunteer their expertise, as they will not only support their communities but also grow themselves as professionals.

“Giving back to the cybersecurity community through writing blog posts, conducting workshops or participating in open-source projects can enhance your reputation and knowledge. Community involvement demonstrates your commitment to the field and helps you stay connected with like-minded professionals.” Baker adds, “Remember that the cybersecurity community is vast and supportive. Reach out, connect, and learn from others.”

What cybersecurity leadership is truly about

Opinions on leadership will vary from one person to the next. For cybersecurity leaders, whether prospective or current, Baker shares his perspective.

“Leadership is often dissected and analyzed through the lenses of strategy, innovation and business acumen,” Baker says. “But as its core, leadership is about people.”

He explains further, stating, “I’ve come to understand that taking care of your people is the key to achieving organizational success. It’s about understanding, supporting and empowering those you lead. When you lead with empathy, build trust, understand individual strengths and weaknesses, listen actively, and create a culture of respect and inclusion, you set the foundation for a successful and cohesive team. When you prioritize the well-being and development of your people, everything else falls into place. When you look after your people, everything else will look after itself.”