Robin Smith, CISO at Great British Energy – Nuclear

In this two-part Sage Spotlight, Robin Smith, CISO at Great British Energy – Nuclear and former CISO of Aston Martin, shares how he’s advancing cyber resilience through automation, AI integration, and intelligence-led defense. He also reveals how Sagetap helped him cut vendor outreach time by 95%, replacing long sales cycles with faster, more focused conversations that deliver real innovation.

Part 1 Video

Part 1 Key Takeaways

• Building Resilience Across High-Stakes Environments: As CISO for Great British Energy – Nuclear (and formerly Aston Martin), Robin focuses on security standards, workflows, and technology that protect against disruption and strengthen organizational resilience.
• Hyperautomation as a Top Priority: Hyperautomation tops Robin’s 2025 agenda. He believes AI should enhance talent, emphasizing that “AI + brain = the future” and that digital literacy is key to maximizing automation’s impact.
• From Reactive to Predictive Defense: By combining hyperautomation with CTEM, his team can anticipate threats, prioritize real risks, and strengthen their overall security posture.

Part 2 Video

Part 2 Key Takeaways

• Rapid Security Gains with Bionic: At Aston Martin, Bionic delivered quick wins in data and cloud security, integrating seamlessly with Microsoft tools and providing immediate results that validated its value.
• Global Compliance Clarity with Hyperproof: Hyperproof simplified regulatory complexity across Aston Martin’s international markets, offering clearer visibility into compliance requirements and cybersecurity risks.
• 95% Time Savings on Vendor Discovery via Sagetap: When Robin started using Sagetap, he went from spending 10 hours a week with salespeople to just two hours a month, and he now connects with better-fit vendors who bring clear innovation and long-term roadmaps.

Full Transcript

Robin Smith: I'm currently Chief Information Security Officer of Great British Energy – Nuclear, which is a government-owned nuclear agency in the UK, newly established in the last couple of years. And I was formally CISO at Aston Martin, the luxury automotive brand.

In the role of CISO, I'm board advisor on all aspects of information cybersecurity risk, and the focus is on building security standards and services that can really protect the business, ensure that the brand is fully immune from disruption, but also builds resilience across technology, processes, and workflows to ensure that we have cyber resilience across the operations.

Meghan Lafferty: Going a little bit deeper, can you tell us what's most pressing for you, the projects that you work on, and how you decide on those projects?

Robin: Hyperautomation is really top of my list for priorities this year, and I really want to get to a point where I have confidence about how automation makes the tools flow and interoperate better rather than worrying about job losses or the other AI catastrophism that goes around. You still need really good quality CISOs, engineers, risk analysts, people to train and build skills. There's a formula of AI + brain = the future, and I think I can go with that. If we can really build digital literacy, that will 10X the value from AI projects.

One of the things we're trying to work out is predicated on continuous threat exposure management. If there's a nearly infinite supply of cyber crime, and it sometimes feels like that on a Monday morning, we'll be able to really focus our priorities on being intelligence led, using our resources well, and tackling what's most urgent to a business.

The way that we've tapped into that is staying abreast of what's going on in the industry, and then that drives our intelligence-led cyber strategy, and it's making big impacts. It's given us new opportunities for innovation, it's reducing the risk from cyber criminality, we're moving into a model where we can forecast or anticipate what's coming around the corner, and that's a really good position for a CISO to be in.

Meghan: Alright, the before times. Can you tell us how you used to identify the right vendors to evaluate?

Robin: It feels like the Stone Ages now that I've been working with Sagetap for a few years. Just before the pandemic, we were doing market testing whereby we would invite in 10 vendors to do the sales pitch. So it would take a lot of time, would waste a lot of your resources, and not always get to a decision point because, you know, a sales pitch is not reality. A sales pitch is what it can do, not what it will do. When we would then implement solutions, there would be a bit of a gap, and that all arose from a very poor filtering and prioritization process.

It was a painful process, really fractured, and I was very glad to find solutions to these problems.

I feel like a veteran of Sagetap. My first interaction with them was in 2021 when they reached out to talk about the new way of approaching these sort of solutions. It was like a lightbulb moment. Sagetap would be the answer, and the impact it made was immediate. I went from, let's say, 10 hours a week of engaging with salespeople to two hours a month. They were gonna go and find the best people. They were gonna go and find the best solutions. All I had to do was listen.

It was a better quality of vendors. I think the filtering and the profiling when you engage with the platform has always been first rate. You'd be able to determine whether, number one, the solution was a good fit, number two, whether the partners themselves would be able to engage, and number three, I think this is most valuable, where the solutions would be in 24 and 36 months' time. I don't think there was an instance where I posed that question to a Sagetap provider and they weren't able to give me confidence that they had a real development pathway. They knew about what was coming through in the industry and they were adapting at high pace.

Meghan: Let's talk about some of the vendors that you've met on Sagetap.

Robin: The first one's Bionic. For Aston Martin, back in, I think it was 2022, we were able to introduce a Bionic product to do data security management and cloud security posture management for us. From a very short implementation, it was giving us value. And when Bionic were acquired by CrowdStrike, it wasn't a surprise to us. You know, we were really proud to be early partners with them, and we were really happy with the testing around Bionic because it gave us really robust results, it integrated really well with our Microsoft estate, and it gave us a real route to improving data and cloud security very, very quickly, so Bionic was a poster child for great engagement, great implementation, and great results.

Second solution was Hyperproof. Now, automotive exists in a fairly regulated industry. Aston Martin was dealing with European, Middle Eastern, Asian, and American markets. When we found Hyperproof, what we found was a really elegant solution to managing all of this jigsaw of jurisdictions. It was a compliance and risk management tool that enabled us to assess, manage, and take actions around compliance risks, all whilst giving us really good analytics and insights into what best practice was around compliance. That enabled us to go into those markets with real confidence, having a solution that mapped out exactly what we needed to be thinking about from a regulatory position, but also giving us really good insights into risk management across cybersecurity services, so Hyperproof remain one of my favorites.

I've never had an engagement on Sagetap that hasn't yielded some decent insights: the very best solutions, the best kind of new ways of working, the best ways of engaging with existing technology solutions. You're getting the keys to the best minds in cybersecurity.

So the conversations that arise, the collaboration that arises from working with Sagetap can't be underestimated, so I'm really happy to partner with them and I look forward to another four or five years of working with them.