My most memorable moment was when I was running an AppSec training course for a customer and an enthusiastic ^{student accidentally shut down a}

business-critical SQL Server via a SQL Injection vulnerability we had been discussing . In terms of achievement though , I think that my time at Veracode has allowed me to help many customers both large and small with their AppSec challenges over the ( almost ) 10 years so far . This is my first time at an SaaS vendor

What first made you think of a career in cybersecurity ?

Truthfully my first step was entirely a happy accident . I was working as a developer and a former colleague brought me into a security start-up as part of the development team . The thing that has kept me in the security space is the pace of evolution and innovation – both from the attackers and the defenders . These days I think that more than ever I also appreciate the responsibility of cybersecurity . You don ’ t have to look far to see real world examples of the consequences when defences are breached and so the extent to which all aspects of our lives are now entwined with the digital world makes cybersecurity ever more important .

What style of management philosophy do you employ with your current position ?

I ’ ve been fortunate to have some truly excellent managers over my career so far and one thing they ’ ve had in common is that they almost never told me what to do or how to do it – at least not beyond giving me assignments or projects to own . When I needed help , they were happy to coach me and patient enough to let me reach my own conclusions . That ’ s how I try to work with my team .

What do you think is the current hot cybersecurity talking point ?

The most recent cybersecurity fire drill has been the Log4J vulnerability which once again highlights the difficulties in managing the security of the software supply chain . This was a hot topic throughout 2021 , including the Executive Order . More broadly , I think that the trend of Everything-as-Code will drive a lot of cybersecurity conversations in 2022 . When EAC is combined with the rapid deployment of code ( i . e ., CI / CD ) there are huge benefits to enterprise agility but that also brings a new challenge of being able to apply continuous security .

How do you deal with stress and unwind outside the office ?

I have a very basic workshop in my garage where I work on various projects , with varying degrees of success . I also enjoy gardening and in particular growing vegetables , again with varying degrees of success . I find that much of my working life is virtual and never more so than in the last two years , so doing something quite different that has a physical result helps me to fully switch off and unwind . It also helps that once in a while I make something that is useful or tasty . www . intelligentciso . com

71