GO phish
If you could go back and change one career decision, what would it be?
There is only one. When relocating back from the US, I made a poor choice but was also misled. On that basis I changed it and found my current path, so on reflection it turned out to be the right answer.
What do you currently identify as the major areas of investment in the cybersecurity industry?
Firstly, I would say AI and its related challenges – especially in the kind of connected environments you find in the automotive, medical, industrial and critical infrastructure worlds.
Then there is compliance and how to ensure you stay safe and respond to the increased demands of regulators. Thirdly, there is the identities category – how can you make the right choices to ensure you have human and non-human identities covered in the rapidly changing world of expanding IoT networks that comprise hundreds of thousands of connected devices?
Major enterprises today need to achieve zero trust on a vast scale across their IoT device networks and
Major enterprises today need to achieve zero trust on a vast scale across their IoT device networks and systems.
systems, and to comply with regulations like the SBOM( software bill of materials) requirements in the EU and US.
Are there any differences in the way cybersecurity challenges need to be tackled in the different regions?
Compliance and regulation are significant challenges and don’ t just vary around the globe, they vary by vertical markets. Customers and markets make different choices and have different needs.
If you infringe the EU Cyber Resilience Act’ s SBOM stipulations when fully in force you could be punished with financial penalties. In the US, if your company doesn’ t meet the SBOM requirements it may be barred from contracting with the government and its agencies. But the burdens are greater in the medical sector, in which devices are regulated by the FDA in the US and the EU Medical Device Regulation in Europe.
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months?
You are always learning and evolving. There are global challenges, the need to build teams, and new go-to-market challenges as you expand. There is the need to understand markets and threat landscapes, and how the competitive, or perceived competitive landscape, evolves. New investors, new customers, new challenges – it’ s an evolution, and rarely a revolution.
What advice would you offer somebody aspiring to obtain a C-level position in the security industry?
My advice? Go for it, work out your role and what you are good at, and build a team around you of those that fill the gaps. Build the company vision and plan. Solve your blind spots and always review and evolve.
68 WWW. INTELLIGENTCISO. COM