The CISO community
is very small.
Everyone thinks it’s
this massive beast
but it’s actually not
and we really need
to protect each
other and that’s now
you add the tech at the end. People buy
technology thinking it’s a silver bullet
and that’s a very dangerous and naive
place to be.”
level. For 14/15/16-year-olds, before
they go into doing their GCSEs, A-levels
and degrees we need to be saying
‘guess what, there is a whole career
here and you don’t actually need to go
down the university route if you don’t
want to, there are different ways to do it’.
“Law firms typically pick out future staff
during GCSEs and A-levels and certainly
in advance of any university placements.
We need to be doing that in this industry
but even earlier.”
The biggest threats keeping
CISOs awake at night
“Behaviour is a big one. And not
necessarily malicious behaviour but
accidental behaviour, not realising what
you’re doing is going to create a huge
problem for us,” Walmsley says.
Nation state attacks, he adds, are leaving
CISOs ‘terrified’. “Because there is no way
of preventing those. If they [the attackers]
want to get in, and you’re targeted, it’s
We have to invest
in the future and
schools at proper
going to happen. So it’s all about how you
deal with the aftermath of it.”
There are many vendors in the
cybersecurity sector – how
should CISOs deal with that?
“Mostly CISOs inherit stacks of
technology that are difficult to
manage – we’re constantly looking at
consolidation,” Walmsley said. “Top tips,
don’t look for point solutions, look for
something that’s more holistic.
“The second thing is that it’s not all
about technology. You’ve got to start
with the people, then the process, then
CISOs also need to work with vendors
as many are diversifying and able to
work on specific business cases to meet
He added that it’s also important to
have trust in the people you’re working
with. “We don’t talk about suppliers we
reference partners and the relationship is
as important as the technology,” he said.
Advice for aspiring CISOs
“I think the role of a CISO is changing.
For me, it’s becoming much less of
a technical role and much more of a
business advisory role.
“So rolling it all up together I’ve got a
view of what the footprint looks like with
risk and my job now is to advise the
business on options and preferences.
“I think CISOs also need to recognise
that you can’t talk in technical terms to
your board. And if you’re saying to your
board you now own the risk, can I advise
you, which is what we should all be
doing, then the role of the CISO needs
to change.” u