GO phish
SOC 2 compliance, something that is a critical requirement for our customers.
How do you deal with stress and unwind outside the office?
I try to not get too high or too low. My friend used to talk about riding a motorcycle through a canyon and learning to straighten out the curves. I really liked that analogy to how I try to deal with stress in the CISO role. I try to straighten out the curves and keep my emotions in check. Outside of work I love to read and learn new things. I also have wonderful friends who know nothing about cybersecurity so we can hang out, play cards and enjoy talking about topics that are unrelated to my day job.
If you could go back and change one career decision, what would it be?
I wouldn’ t change a thing. My whole career has been an interesting and wonderful journey. I have learned valuable skills at each stop along the way and the totality of the experiences has made me the CISO and leader that I am today.
What do you currently identify as the major areas of investment in the cybersecurity industry?
For the majority of businesses, ransomware remains a top priority due to its potential to cause significant disruption and incur high costs if it is not managed properly. The impact of a ransomware attack can be devastating, leading to substantial operational and financial losses. Therefore, investing in robust defences against it is crucial.
On top of this, phishing is another major area of focus as it often serves as the vehicle for ransomware and other malicious activities. While we have advanced technology and tools to catch the obvious threats, the real challenge lies in the decisions made by employees that can inadvertently compromise security. This is why a significant proportion of our investment goes into training and security awareness programs. Implementing phishing simulation programmes and ensuring regular communication with the entire employee base helps them understand their role in the security programme. Employees are the first line of defence and their awareness and vigilance are critical in preventing security breaches.
Are there any differences in the way cybersecurity challenges need to be tackled in the different regions?
I think there was a time when there were different threats and trends depending on the region you were located in, but in today’ s connected world, those boundaries no longer exist. Regulatory compliance is a key driver for cybersecurity investments. Regulations are normally regional or country specific which forces different investment and focus to ensure compliance. But the reality is that the threats are generally the same regardless of your geographical location and it’ s always best to find the high bar for a particular requirement and apply it globally in your organisation.
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months?
In the past year, my role as CISO at BlackLine has evolved significantly with the integration of generative AI technologies. These advancements have streamlined many cybersecurity processes, such as automating threat detection and enhancing incident response through AI-driven insights. However, the introduction of generative AI also brings new risks and exposures, including potential biases, inaccuracies and heightened cybersecurity threats from sophisticated AI-driven attacks. This necessitates robust risk management strategies and continuous monitoring to mitigate these threats.
Looking ahead to the next twelve months, I anticipate further integration of AI tools to enhance our capabilities, with a stronger emphasis on ethical AI practices and data privacy. Organisations will need to develop comprehensive AI usage policies, regularly review and update them and ensure that employees are adequately trained to work alongside new AI technologies.
What advice would you offer somebody aspiring to work in cybersecurity?
One of the key pieces of advice I would offer is to recognise the unique perspectives and skills you can bring to the table.
Women, in particular, bring a different mindset to cybersecurity situations. They often approach problems differently than their male counterparts, which can be highly complementary. This diversity in thought is incredibly valuable in cybersecurity, where innovative solutions and varied viewpoints are crucial.
You should feel confident that your ideas and contributions are valued. Even if something seems fundamental to you, it might be a fresh perspective that others haven’ t considered.
Do you have any predictions for this year? Any new trends or technologies shaping the market in 2025?
I feel that the rapid growth and implementation of Generative AI and Agentic AI will lead to new threat vectors that must be carefully monitored and protected. The key focus for any mature cybersecurity programme starts with what we refer to as CIA; Confidentiality, Integrity and Availability. Each of these three areas is susceptible to being targeted with the introduction of AI capabilities into an organisation.
Data can more easily end up in public LLMs without proper internal controls, putting at risk the confidentiality of sensitive data. Areas of concern such as inconsistency, inaccuracy, incompleteness and irrelevancy can lead to a lack of integrity in data sets leading to incorrect output. And the introduction of new technologies that require substantial computational resources can lead to self-inflicted denial of service events impacting availability.
Cybersecurity is always a cat and mouse game and so I expect many vendors will be focusing on addressing the new threats posed by Gen AI – hoping to stay a step ahead of our adversaries.
68 WWW. INTELLIGENTCISO. COM