GO PHISH
is the most important aspect, even if
it’s not the most glamorous. Do all the
foundational stuff really well and then
invest in the required areas to close out
the remaining gaps.
How do you deal with stress and
unwind outside the office?
Detaching yourself from work is the first
part of the challenge! I’m a believer in
needing to test yourself and diving headfirst
into something new either mentally
or physically. A couple of years ago, I
decided to do a charity boxing match
and found it incredibly liberating. A lot
of people try to wind down to switch
their minds off from work activities, but
you can’t exactly be thinking about work
when someone’s standing opposite you
in the ring!
If you could go back and
change one career decision
what would it be?
There are lots of things but learning
lessons is what’s important. At the start
of each year, I look back and reflect
on what I could have done better
and if a lesson can be learnt – that’s
what’s going to help. Changing future
actions by learning from previous ones
is more important than thinking about
changing what is already done. From a
professional perspective, for example,
what worked in customer engagement
15 years ago might not work today, so
it’s important to adapt.
What do you currently identify as
the major areas of investment in
the cybersecurity industry?
National infrastructure is quickly
becoming the new frontline for largescale
cybersecurity attacks. Action needs
to be taken quickly to prevent this from
being a widespread problem. The utility
industry, for example, is transitioning
towards using more advanced operational
technology (OT) such as 5G connected
turbines, drilling machinery and drones.
This increased connectivity provides
a much greater attack
surface for the attackers
with more avenues to
take advantage of. As
cybersecurity adoption
continues to lag behind the
pace of the OT adoption,
the imbalance is one that
needs to be addressed
with a larger investment of
cybersecurity technologies
that are vital to maintaining the safe
use of new equipment. Having said
that, before anything else, organisations
need to understand what they have
on their networks and what they are
coming up against.
Are there any differences in the
way cybersecurity challenges
need to be tackled in the
different regions?
Yes, absolutely. Not just by region but by
the industry too. The regulatory aspect
of cybersecurity is such that differences
in both regionality and industry are
becoming more complex. Common
standards are designed to simplify
the problem, but it often actually just
makes it more difficult. Each region and
regulation has its own set of controls,
but within that, there is another level for
each industry. There are some examples
that help, such as NIS and NIST,
I truly believe
that recognising
and nurturing
people’s talents
is the best way to
help them develop
professionally.
within the utility industry but one of the
challenges of cybersecurity is that it can
be subjective and opinion-driven, making
it difficult to standardise.
What changes to your job role
have you seen in the last year and
how do you see these developing
in the next 12 months?
The current climate has meant that
being empathetic is really important.
The difference between now and three
months ago is night and day. I need to
be adaptable in my leadership because
the stresses and strains of work-life
balance are difficult while everybody
is working from home. Equally, it’s
important to be clear in communicating
what you need from people. Clarity and
focus in the areas that you can action
relative to the situation help to maintain
a high standard of output.
What advice would you offer
somebody aspiring to obtain
a C-level position in the
security industry?
First off, I’d say ‘keep it simple’. We
operate in an industry with an insane
amount of jargon, yet the very best
leaders are the ones that set clear
strategy and connect with their audience
in a simplified way.
Second, and as a former leader of mine
used to say, ‘run to the fire’, identify
issues quickly and deal with them.
Lastly, I’d say don’t ask anyone to do
something you wouldn’t do yourself,
always be willing to get into the trenches
and put in the hard yards. u
72 Issue 28
www.intelligentciso.com
|