Neil Tindall

St John’s College is part of Oxford University and situated in the heart of Oxford. Its historic buildings and beautiful gardens are complemented by first-class modern facilities. The College of St John the Baptist was founded in 1555 by Sir Thomas White. The college has a student body of some 390 undergraduates and 250 postgraduates. There are over 350 Academic and Professional staff.

Founded: Founded in 1555

Neil Tindall, Domestic Bursar: As Domestic Bursar, I am responsible for the efficient working of the College’s support, catering and residential facilities. I am supported by an excellent team of department managers who oversee the day-to-day provision of these services including: the Lodge, Accommodation & Housekeeping, Catering, Conference & Events, the sports ground, the boat house, the gardens and the college nursery. The Domestic Bursary also supports the college’s health & safety, compliance and business continuity.

The Challenge

What challenges were you and your team experiencing before working with us – what prompted you to seek a solution? When I started working at St John’s College, our incident response team had sessions on various hypothetical incidents, but it became clear to us that the cyber incident response plan was the missing piece. We know that a cyber incident is likely to happen at some point, given the current threat landscape, so we wanted to go through an exercise and test our assumptions and how we’d respond.

Please describe the reasons you decided to work with us. We found Evalian through a Google search. The website gave us a good indication of what the service included and it looked promising. The initial conversations with the Evalian team were positive, the team were friendly and we felt reassured that Evalian could provide us with what we needed to take the opportunity to look at what we already had in place and build on that.

The Live-Play Cyber Scenario

The scenario involved a ransomware attack and data breach, and was created using known Tactics, Techniques and Procedures (TTP’s) of a well-known ransomware group. Initial access was obtained via a phishing email, before evading anti-malware defences and moving laterally throughout the network allowing access to the staff file server, accounts server, and KX database. Data from network shared drives were collected and exfiltrated to a command and control server before being encrypted for impact. The attack was then posted on a dark web page, with the threat of release of sensitive data if the ransom was not paid.

How did you find the questionnaire, it’s quite long and thorough – did you understand what it was you needed or did you need some guidance? We thought getting access to a portal to do this was really helpful and set the standard for good information security. It was myself and our Head of IT who completed the questionnaire.

In terms of the questions, there were a few we found difficult to answer, given that we’re part of Oxford University, who run their own separate IT department, so we had a lack of control over that aspect. But we had a couple of conversations with our Evalian consultant and we were pleased with the quick response and support in guiding us through how to answer those. It also helped Evalian to build a bigger picture of how our systems are run and who is in control of what.

How did you find the live-play cyber incident exercise? We had good feedback on the day, particularly regarding the ‘Breaking News’ video. We felt it helped to break up what can sometimes be a “dry” subject and it made the whole scenario feel realistic.

We felt the exercise was well tailored to us, from the information we provided to the Evalian team in terms of branding and how we operate. In hindsight though, we may give a different brief when we run a training exercise again. That isn’t a reflection on Evalian’s exercise, but the result of the intricacies between what parts of our systems are integrated with or provided by Oxford University versus those solely managed by the college made it more challenging to separate to what extent the impact to College systems versus University systems would ultimately be in the event of a ransomware incident. This in itself was a valuable learning exercise. Next time, we would look at choosing a different ‘cyber incident’ to simulate so we can cover all bases and look at other aspects in more detail.

I think next time we’d also consider an in-person training session. Other than that we felt the whole programme was run smoothly. We felt our Evalian consultant, David Chadwick, was very knowledgeable and delivered the training very well.

How did you find the report, did you understand the issues and vulnerabilities that needed to be fixed? The report was really easy to understand, with helpful action points and we have shared it with our team. There were a couple of tweaks we required from the outset on things we had amended already, but these were made quickly by our Evalian consultant.


What has been the most significant achievement for your business facilitated by using our services? We’ve reviewed our processes, to improve on them, facilitated with our deeper understanding of how to effectively respond to a cyber incident.

The training has definitely helped with our cyber security awareness overall, particularly with our more senior level members of the business, who wouldn’t usually have visibility over this kind of situation.

We now feel we’re in a place of a deeper understanding of how to respond efficiently and confidently to a cyber incident if/when one occurs.

Learn more about our Cyber Incident Response services or download your FREE Guide to Cyber Incident Response

Contact us to discuss your requirements and to get a quote.

  • This field is for validation purposes and should be left unchanged.


Talk To Us:

If you’ve had a data breach, are confused about DPOs, or would like to discuss penetration testing or cyber incident response training, please give us a call or email us. We promise no hard sell and only real-world guidance.

We love to talk privacy and security and we’d be delighted to discuss your requirements. If we can’t help for any reason, we’ll probably know someone who can.

Get In Touch