GO PHISH
How do you deal with stress
and unwind outside the office?
I like to get out of the technology
space while keeping things
technical and analytical, as
contradictory as that may sound. As
a risk management professional, I
enjoy managing risk in my hobbies
as well – I fly aeroplanes and
ride motorcycles. I have been
riding motorcycles for the last two
decades and enjoy the scenery
that Northern California and the
Bay Area have to offer. And for
the last few years, I have been
working on and earned a private
pilot’s license with instrument
rating and I continue to seek new
aviation ratings.
If you could go back
and change one career
decision what would it be?
I like to have a philosophy of
no regrets. I may have made
some decisions that might
have negatively impacted
my path or caused me some
trouble, pain, or slowed me down in
some ways, but I like where I’m at and
what I’m doing now.
What do you currently identify as
the major areas of investment in
the cybersecurity industry?
I see a lot of investment in automation,
AI/ML and cloud security. Also, an
understanding of the need for security
across the software development life cycle
and applying the proper, tested tools. What
I would like to see is more companies
focusing on people and processes to build
it in, rather than bolt it on.
Are there any differences in the
way cybersecurity challenges
need to be tackled in the
different regions?
For me, the primary differences based
on region are not so much within the
cybersecurity realm, because best
practices don’t vary depending on where
in the world you are. However, there
are differences in how you’d approach
I enjoy managing
risk in my hobbies
as well – I fly
aeroplanes and ride
motorcycles.
a given problem with regards to local
regulations or how you communicate
within a region or across regions. For
example, in the case of Aryaka with our
global footprint, there are issues around
licensing requirements, regulatory issues
and import/export rules.
What changes to your job role
have you seen in the last year and
how do you see these developing
in the next 12 months?
Boards and organisational leadership
are becoming more educated in
cybersecurity
requirements. Also, the role is
increasingly moving from an IT problem
to a business problem. The CIOs and
CISOs I work with are becoming more
sophisticated because of this.
What advice would you
offer somebody aspiring to
obtain C-level position in the
security industry?
Try and get exposure to as many
different aspects of cybersecurity
as you can: network security, system
administration, email security, forensics,
incident response, vulnerability
management, penetration testing,
compliance, risk management and
privacy. The field is so broad, you
don’t need to know all of it; but the
more you know, the easier you can
address issues or hire the right people
to address your issues. Also, try to
think of problems and solutions from
a business and risk perspective rather
than a technology perspective.
Stay current and, crucially, never
stop learning! u
72 Issue 24
www.intelligentciso.com
|