GO PHISH
WE ‘GO PHISHING’ WITH JOE BROWN,
CSO AT BOOMI, WHO TELLS US ABOUT LIFE
INSIDE AND OUTSIDE THE OFFICE.
W
What would you describe as your
most memorable achievement in
the cybersecurity industry?
If I had to choose one particular
achievement, I would say it was
building out the web application
major
penetration testing program for a
y.
pan
com
tical
ceu
rma
pha
I was asked by the internal audit team
web
to test the security of 10 internal
t
grea
n’t
were
applications. The results
to
me
for
nity
ortu
opp
and it led to an
I built
build out a program from scratch.
ng
testi
of
a team and process capable
g
facin
rnal
exte
and
over 1,000 internal
ding
inclu
,
year
each
ions
web applicat
e
reporting and metrics. It was a hug
the
and
g
rdin
rewa
undertaking but very
day,
this
to
used
g
bein
program is still
10 years later.
I encourage my staff
to be authentic,
transparent and
accountable for
their actions and
behaviours.
www.intelligentciso.com
|
Issue 23
What first made you think of a
career in cybersecurity?
ate
Surprisingly, I have an undergradu
ut 20
abo
,
ever
How
s.
omic
degree in econ
nt
eme
impl
to
gned
assi
was
I
years ago
r
majo
a
an online banking solution for
was
I
n
insurance company. Whe
building out the web servers and
learning how to disable unused
ports and services alongside all
of the usual system hardening
activities, I became interested
in learning why this was
necessary and why it was so
important. From there, I started
reading more about information
security and I was fascinated.
Soon after, I took a position
the
performing penetration testing and
rest is history.
What style of management
philosophy do you employ with
your current position?
ers
People who work in analytical care
less
ly
eral
gen
are
like cybersecurity
more
comfortable with ambiguit y and are
ers.
logical, very black-and-white think
ency.
We value data, facts and transpar
,
entic
auth
be
to
staff
I encourage my
their
for
ble
unta
acco
and
ent
transpar
w
actions and behaviours. They kno
from
e
sam
that they can expect the
le
me. I also believe that it is acceptab
we
and
akes
mist
e
mak
all
we
to fail,
great
need to learn to move on. I had a
and
ct
dire
ly
leader who was extreme
liked
transparent but what I especially
to
yone
ever
ct
expe
ld
wou
he
was that
.
akes
mist
jump in, help out and correct
What do you think is the
current hot cybersecurity
talking point?
cy,
A huge talking point right now is priva
laws
nt
rece
the
ring
side
con
especially
and regulations such as GDPR and
CCPA. GDPR is already responsible
for about US$126 million in fines
so far and it is barely two years old.
Inevitably, more states in the US will
the
likely follow California’s lead with
cy
priva
le
Whi
.
laws
own
their
of
creation
rity
isn’t necessarily security, secu
d to
professionals are going to be aske
er
sum
con
keep
build the controls that
be
ld
shou
s
tion
nisa
data safe, so orga
cy
carefully considering how their priva
to
ther
toge
d
ban
can
s
team
rity
and secu
tackle this challenge.
71