GO PHISH
well as a few rounds of golf . I ’ ve also been able to get some home improvements done over the past year , which is great , especially as we ’ re expecting our first baby soon so we ’ ve been able to get everything ready .
If you could go back and change one career decision , what would it be ?
I realise I ’ m in a fortunate position where I can look back and honestly say I wouldn ’ t change anything . I feel like everything has happened for a reason and I was in the right place at the right time with everything , so it ’ s all worked out for the best .
What do you currently identify as the major areas of investment in the cybersecurity industry ?
In terms of where the investment ‘ should ’ go , businesses need to make sure they have the basic levels of cybersecurity covered and understand what their current tooling capabilities are and ensure they are maximising the most out of existing investment .
Businesses need to make sure their assets are secured at the network layer and that they ’ ve employed good coding practices within an application or API , I personally really like the OWASP ASVS for this – these are the baseline level controls that everyone should be doing but are often missed . Invest in and understand how to get the most from basic cyberhygiene and build on that . There is a lot of money spent on big ticket security solutions which invariably are not tuned to the environment they are protecting .
In terms of where we are seeing investment , I have alluded to it in the point above , there are a whole host of tools and solutions out there for protecting an organisation or environment from attack . There are definitely some exciting products on the market right now and which are worth evaluating .
Here at SureCloud at the moment we are starting to invest in how we change our services and products to drive more value for our clients and really help them improve from where they currently are . We are very big on longer term strategic relationships where we can help drive that improvement over time with our clients .
Are there any differences in the way cybersecurity challenges need to be tackled in the different regions ?
A vulnerability is a vulnerability , whether that exists in Europe or the Middle East . That said , there are different challenges in the way that people operate across the regions . For example , the US has different privacy laws in different states
I ’ m very much a person that will let people learn and find their own ways of getting the job done and provide coaching afterwards . and in the UK and Europe we have GDPR regulations .
Social engineering attacks also differ region to region with some attacks having a much higher rate of efficacy in some regions versus others .
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months ?
I ’ ve joined the SureCloud team earlier this year so that ’ s been an exciting change for me and my role within the business has also changed in the last few weeks . I now lead and have full responsibility for the security testing team . In the future , I think the market will continue to shift generally towards longer term engagements and relationships rather than single penetration tests .
What advice would you offer somebody aspiring to obtain a C-level position in the security industry ?
You need good knowledge and a broad understanding of security concepts . If you ’ re technical in a certain discipline that ’ s normally beneficial too , but what will ultimately set people apart is being able to explain technical concepts to a non-technical audience . For example , if you can convert an IT security risk to a business risk , you ’ ll be able to engage with others at a C-level audience and that ’ s crucial . u
72 www . intelligentciso . com