Intelligent CIO Africa Issue 67 - Page 72

GET TO KNOW come from the pandemic , have really sped up the industry . Specifically looking at cybersecurity though , I would have to say identity . Previously conversations around identity focused more on enablement , but recently they ’ ve pivoted to focusing on risk . This is particularly the case around digital identities .
How do you deal with stress and unwind outside the office ?
I have dealt with a lot of change in my personal life , so can adapt to stress quite well . It may sound typically British but if I have an issue , it always helps me to take a break , grab a cup of tea , and come back to the challenge in a better head space . It ’ s about removing the emotive thinking and coming back with a more logical point of view . Security professionals in my experience aren ’ t great at winding down and are always consuming content outside of work . It ’ s something I am especially guilty of . I try to exercise and spend time with my family to prevent myself doing so . I also have a newfound enjoyment of outdoor cooking and barbecuing which , contrary to popular belief , doesn ’ t just have to be a summer pastime .
What are the region-specific challenges when implementing new technologies in the MEA ?
There are two aspects that can be blockers for new technologies or new market entrants in MEA . One is to do with mindset ; end-users value the tried-andtested very highly . There is less willingness to take a shot with some cutting edge but unproven technology than there would be , say , with a challenger bank in the UK . Validation from peers is even more important in the MEA region – a strong reference within their own vertical preferably .
The second is to do with data residency . A big challenges cloud-first vendors face is the nonavailability of local SaaS data centres . There are policies and regulations around data residency which has parameters on where it is hosted . So , while much of the world is embracing cloud-first and SaaS solutions at pace , on-premises is still very much a requirement in some cases in the MEA region , should the vendor not be able to offer compliant data residency via local data centres .
If you could go back and change one career decision , what would it be ?
This is a tough one as every decision I ’ ve made has played a part in me reaching this point in my career but , if I could go back , I would have embraced Linux earlier . I was a Windows guy through and through , and so the transition away from graphical interfaces was hard for me .
What do you currently identify as the major areas of investment in your industry ?
Cybersecurity has definitely become a board-level issue , and with good reason . As investment in the industry continues to rise , one of the major investment areas is identity access management ( IAM ), and the control of entitlements and privileges of user rights .
Attackers are continuing to compromise identities in as part of their ‘ day to day ’ work , whether to steal data or money , or shut down services entirely .
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months ?
The obvious answer is the changes brought about by the pandemic . It ’ s completely overhauled how IT and security teams work . We can no longer knock on the office door to solve an IT issue , and users demands have also changed . IT and security teams used to be monolithic beasts . Everything went through them . Now though workers have a lot more freedom and can sign up to new platforms and services without the usual approval processes . This ‘ shadow IT ’ phenomenon has become a huge challenge for security teams and is putting potentially sensitive business data at risk .
What advice would you offer somebody aspiring to obtain c-level position in your industry ?
The best advice I can offer is that , while communication is key to moving up the chain , remember security is only one risks that businesses face . What I mean is , while board members understand cybersecurity is a challenge , they also have to think of the bigger picture beyond these risks . For example , how to deal with global pandemics , natural disasters and so on . Yes , security is vital , but it ’ s just one of many risk factors c-level teams must monitor and protect against . Understanding this will help to better communicate with these teams , in the right terms . p
72 INTELLIGENTCIO AFRICA www . intelligentcio . com