GO PHISH
At the same time , one of the worst talking points I am hearing in Europe is about distrust in cloud technology , which is unfortunately a more common sentiment in biotech . A lot of biotechs are still adhering to a security strategy from the late 1990s , using on-premises technology and essentially using firewalls as the first and only line of defence . Often , maintaining an on-prem strategy exposes you to more risk because 100 % of the security responsibility and resourcing is on you . Most companies that distrust cloud computing are actually less secure than the cloud providers they distrust .
How do you deal with stress and unwind outside the office ?
I read a lot of books . When I ’ m reading with my daughter , I ’ m not thinking about work .
I ’ ve also developed a winemaking hobby . Some security executives and I make award-winning pinot noir .
If you could go back and change one career decision , what would it be ?
Each step I took in my career has helped shape who I am today , so I wouldn ’ t have changed anything on that front . What I would ’ ve done differently is understand faster – that you really can use security , technical knowledge and leadership to make significantly positive change .
What do you currently identify as the major areas of investment in the cybersecurity industry ?
Overcoming the skills gap for cybersecurity engineers should be priority number one . Security engineering roles are hard to fill – as a security engineer , you need to create new solutions , understand security problems and create solutions for them .
You ’ re not buying off-the-shelf software as often , as there is no off-the-shelf software that can solve all the problems .
At Benchling , as an example , every security employee we have is an engineer . In almost any industry , security engineers are really sought after . In biotech , most companies have security analysts . That provides value . But there ’ s a delta between what they ’ re doing and what a security engineer is capable of .
Are there any differences in the way cybersecurity challenges need to be tackled in the different regions ?
In Europe and in the biotech industry , we see a hesitancy to shift from onprem to the cloud . Part of this is due to a reluctance to invest in and change the workforce , skills and technologies needed to make the transition . Part of this is also due to a myth-making narrative questioning the security of the cloud .
Beyond taking a data-driven approach to making security decisions , the most important lens I can offer to change attitudes around the security of cloud computing is that of economies-ofscale . Companies that adopt cloud and enterprise SaaS take advantage of economies-of-scale on security that modern software companies provide . Enterprise SaaS companies have a responsibility for security and they have security capabilities and teams beyond what most companies can afford .
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months ?
This is my first role that ’ s focused on security and IT for biotech . As such , I ’ ve needed to really understand the biotech customer ’ s dilemma , including how they think about use cases and workflows in research and development , how IT enables research and development , their pain points and their needs .
Biotech organisations generate revenue based on intellectual property , and if compromised , a great deal of revenue stands to be lost . These organisations are also highly regulated due to the potential human impact of their products , and complying with regulations can make or break the organisation ’ s ability to compete . Both of these factors mean that for a cloud-based platform like Benchling , maintaining industry-leading security , privacy and compliance standards for biotech customers is paramount .
What advice would you offer somebody aspiring to obtain a C-level position in the security industry ?
Your goal is to reduce security risk across the board . One of the best ways to do that is to truly , deeply embed security throughout your organisation . You need to not only understand your company ’ s business ; but also to have a seat at the table in making that business successful . u
80 www . intelligentciso . com