GO phish and capabilities and fully grasp the corresponding implications from a risk management perspective.
Cloud security remains a critical focus as companies determine the optimal environments for their workloads. Zero trust continues to gain prominence as organisations reconsider how they segment networks and services and re-think access and identity strategy.
How do you deal with stress and unwind outside the office?
I ride motorcycles and fly airplanes. Working on my bike or piloting a plane demands a different kind of focus that helps me disconnect and recharge.
If you could go back and change one career decision, what would it be?
Every role I’ ve had has been a learning experience, but I do think my knowledge accelerated faster when I moved from local and state government into the private sector, so perhaps making that move a bit earlier would have been beneficial. However, I’ ve built a career doing good work with exceptional colleagues and exciting clients, so I would not want to change anything that affected that outcome.
What do you currently identify as the major areas of investment in the cybersecurity industry?
Zero trust architecture is attracting significant investment, focusing on two critical components: segmentation and access management. Both require skilled resources to effectively protect the organisation without hampering its operational agility.
Are there any differences in the way cybersecurity challenges need to be tackled in different regions?
Local regulations will shape regional differences. For instance, some countries prohibit background checks, while others require government access to encryption keys or limit encryption strength. These variations significantly influence security resourcing and implementation strategies across different geographies.
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months?
I’ m increasingly focused on evolving our compliance management approach. What does next-generation compliance look like? The ISO framework that earned us the Stevie award provides a robust foundation, but continuous iteration is essential. The challenge lies in developing systems that enable our team to collectively monitor and respond to global regulatory shifts in real-time.
What advice would you offer somebody aspiring to obtain a C-level position in the security industry?
Master both business and technical domains. You must understand how the business works: what the strengths are, the weaknesses and what is going to impact revenue. As a CISO, your focus is on securely enabling growth, not simply saying‘ no’. However, without technical understanding, you’ ll miss critical vulnerabilities. Seeking mentorship from respected CISOs can help develop this expertise while building your business perspective.
68 WWW. INTELLIGENTCISO. COM