GO PHISH
As a parent of three children , my management philosophy mirrors how I approach parenting . cloud security , mobile devices , phishing and the list goes on . It is determination that shapes outstanding practitioners . If you are driven to succeed and invest significant energy in studying the field , you will ultimately succeed .
GO PHISH
practice security research and threat intelligence . I am very satisfied .
However , of course there have been challenges along the way . For example , in one of my previous roles , I was appointed by a C-level executive . However , another C-level executive was unsatisfied with my appointment to this position . He tried to persuade me to quit by stating that he did not think I had what it takes to do the job and that there were better and more qualified candidates available . He specifically likened my appointment to assigning someone who had never flown an aircraft to command the entire air force , implying that it would not work and was a bad idea . Instead of being insulted by this remark , it made me stronger and helped build my character . I set a personal mission to succeed .
Now , as I continue in my career , I see that many practitioners in the cybersecurity field feel similarly inadequate at times . This is when you might experience what psychology refers to as ‘ imposter syndrome ,’ which means that the more you learn , the more you realise how much you do not know . This is especially true in cybersecurity . It is impossible for one person to learn everything there is to know in this field . The breadth of knowledge required in cybersecurity is vast . In this sense , attackers have it easier , as they only need to excel in one area , whereas defenders need comprehensive knowledge about servers , personal computers , network security ,
As a parent of three children , my management philosophy mirrors how I approach parenting . cloud security , mobile devices , phishing and the list goes on . It is determination that shapes outstanding practitioners . If you are driven to succeed and invest significant energy in studying the field , you will ultimately succeed .
What do you currently identify as the major areas of investment in the cybersecurity industry ?
Cloud-native security is an intriguing and challenging topic that is receiving significant attention . While the shiftleft approach aims to delegate some security decisions , practices and responsibilities to developers and DevOps teams , security traditionally falls under the purview of the CISO . The complexity of distributed systems and emerging technologies introduces numerous gaps . Therefore , the industry is investing heavily in this area and is likely to continue doing so .
Are there differences in the way cybersecurity challenges need to be tackled in different regions ?
This is a compelling question . My inclination is to say yes , due to the diverse stakeholders and threats . However , financially motivated groups and script kiddies , particularly in the cloud space , tend to behave consistently across regions . When considering state-sponsored Threat Actors ( TAs ) and hacktivists , regional differences emerge based on geopolitical realities . Thus , security practitioners need to be aware of the ‘ general ’ threat landscape , which includes many areas , while they should also be aware of specific threats . For instance , regions that are in feud with the Iran regime need to be aware of the Iranian threat actors .
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months ?
AI continues to be a central theme . I use AI actively on a daily basis , even for editing and gathering information to answer questions like these . However , this is not exclusive to security . In the security domain , a key focus is developing a comprehensive ‘ cloud ’ picture and crafting narratives about various attacks to form one holistic picture or campaign . This is a significant evolution on the horizon .
What advice would you offer somebody aspiring to obtain a C-level position in the security industry ?
I would advise aspiring C-level professionals to cultivate a broad understanding of various areas within cybersecurity , extending beyond their day-to-day responsibilities . This can be achieved by pursuing relevant certifications such as CISSP , CISM , CISA or CCISO . Additionally , I recommend that they periodically revisit the foundational aspects of their field and engage in the same tasks as their employees . Most importantly , it is essential to master the art of working with people , who are the organisation ’ s most critical resource . u
80 www . intelligentciso . com