Intelligent CISO Issue 32 | Page 71

GO PHISH

WE ‘ GO PHISHING ’ WITH CHRIS HODSON , CISO , TANIUM , WHO TELLS US ABOUT LIFE

INSIDE AND OUTSIDE THE OFFICE .

wWhat would you describe as your most memorable achievement in the cybersecurity industry ?

My first role running a security organisation at a large UK retailer ; being entrusted to develop a cybersecurity strategy for a company at such a young age is something that I am incredibly proud of . The role was vital in shaping the trajectory of my career .
I ’ ve also been fortunate enough to collaborate with many industry leaders on subjects that I am incredibly passionate about , including cloud computing risk and cybersecurity . My paper on demystifying the myths of public cloud computing was published in Computer Weekly . I have also written Cyber Risk Management : Prioritize Threats , Identify Vulnerabilities and Apply Controls , which became a bestselling book on Amazon .
What first made you think of a career in cybersecurity ?
I started out working in traditional IT roles , but this developed due to my curiosity and drive to understand the inner workings of IT systems to make them more secure . I was originally working in application development and systems engineering , but went on to take Microsoft exams and security electives at the end of my first role . From there , I was drawn to security , creating threat models and protection strategies .
What style of management philosophy do you employ with your current position ?
My style of management is one of cross-functional responsibility . At Tanium , our engineering practices are both agile and waterfall . We need to ensure that security is offering pragmatic risk assessment , often under time pressure , and catered to the situation at hand . Our security leadership is given a lot of autonomy and we provide services to a broad range of internal stakeholders . When it comes to recruitment , we are extremely diligent in our process . We always look to smart and tenacious people who are inspired by our mission to help some of the world ’ s largest enterprises and governments solve their hardest IT challenges and close critical endpoint visibility gaps .
What do you think is the current hot cybersecurity talking point ?
Given the current pandemic , distributed working is unquestionably the major talking point of the industry . The past few months have seen vulnerabilities emerge that have resulted in some damaging public attacks . As a security leader , you must keep on top of patch management and allow for black swan events and significant changes to operations .
The sudden rise in unknown endpoints as a result of widespread remote working has resulted in a surge in unprotected computing devices and stressors that threaten to expose corporate assets to elevated cyber-risk and compliance challenges . Our recent research revealed that 93 % of UK IT leaders have discovered computing devices within their organisation ’ s IT environment that they previously didn ’ t know about .
Leaders can be fundamentally blindsided by unknown devices in their environment . This lack of visibility into how they see and manage endpoints can cause major issues . Without true visibility and control of all their IT assets , organisations are creating vulnerabilities that can be exploited . As a security leader , you must be able to answer the questions , ‘ what patches are missing ?’ or ‘ how many IT assets do we have under management ?’
How do you deal with stress and unwind outside the office ?
As is the case with so many others at the moment , a definite benefit to working www . intelligentciso . com
71