GO PHISH
If you could go back and change one career decision , what would it be ?
I don ’ t think there ’ s a lot that I would change . That ’ s not because I haven ’ t made any bad decisions – anyone who thinks that is either very lucky or not being honest with themselves – but I don ’ t think that agonising over mistakes ( or sub-optimal choices ) is helpful . Learn from mistakes and move forward .
My role has been stable over the last 12 months – building and optimising my team to help our customers gain value from their partnership with Veracode .
What do you currently identify as the major areas of investment in the cybersecurity industry ?
One major area of investment in the cybersecurity industry is the growing cybersecurity skills shortage . Companies are increasingly realising the need to invest in ongoing training to meet the demands of the changing workforce and skillset . Even though the number of cybersecurity graduates is expected to double in the next two years in Europe , ENISA already predicts this is not enough to close the skills gap which means it ’ s up to businesses to invest in training and education to close the gap .
Are there any differences in the way cybersecurity challenges need to be tackled in the different regions ?
There are , of course , various levels of market and technological maturity in different regions so the challenges are slightly different but I think that the delta has shrunk over time . Global connectivity has driven that strongly but also cloud technology . Increasingly , we see that software and infrastructure is in the cloud and so the region is less of a determining factor than the particular cloud provider or technology you use .
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months ?
My role has been stable over the last 12 months – building and optimising my team to help our customers gain value from their partnership with Veracode . What has changed and will continue to change is what that value looks like and the stakeholders we are working with .
This is a continuing trend for software security where ownership is transitioning from a pure CISOled function to a development-led approach . Most organisations are somewhere along this journey but the pace seems to be accelerating and means that we need to move with it .
What advice would you offer somebody aspiring to obtain a C-level position in the security industry ?
Don ’ t over-specialise . That ’ s not to say that it ’ s a bad thing to develop deep knowledge of the space you are currently working in but you shouldn ’ t be afraid to branch out and explore domains that are at first glance unrelated . This is true in both a horizontal ( different technology domains ) and a vertical ( strategic vs . tactical ) sense . u
72 www . intelligentciso . com