Intelligent CISO Issue 40 | Page 71



wWhat would you describe as your most memorable achievement in the cybersecurity industry ?

Writing a book on how to build a security program that is both useful and can pass an audit . Publishing the book wasn ’ t the achievement – the writing of it was . I had to really dig down and organise decades of ideas I had about security and compliance , then figure out how to present it in such a way that a non-security person could actually implement it . It was about six months of really deep thinking about security programs , why they fail to mesh with an organisation ’ s culture and how people can overcome that .
What first made you think of a career in cybersecurity ?
My entire career track , starting from working on mainframes in college , was always about exploring interesting and tough problems . As I progressed in my career , I chased tougher and tougher challenges . I was specifically interested in the mesh of people , technology and connectivity . Cybersecurity was the next logical step in that progression . What tougher puzzle could there be than doing tech in the face of attackers trying to subvert the system ? And the challenge never ends – once I make something secure , some new attack or technology comes along to change things .
What style of management philosophy do you employ with your current position ?
I ’ ve always pursued jobs where I could work with people smarter than me and who were willing to teach me new things . I think my management philosophy is deeply steeped in that love of learning . I am always looking to get new ideas and new concepts , not only from my team , but also from other peers and colleagues around the organisation and the industry . It goes both ways too . Whenever I can , I mentor , share and brainstorm with the folks all around me , so they can learn useful new things . That includes providing the executive leadership with an appropriate level of understanding about cybersecurity .
What do you think is the current hot cybersecurity talking point ?
Careers in cybersecurity . There ’ s so much going on there . Do we have enough people ? Are they getting the right training or education ? Are they motivated to stay in the fight ? How can we address the diversity issues in cybersecurity ? How can we get better and fresher perspectives into the field ? What does a successful and fulfiling career in cybersecurity look like ? When I started in cybersecurity , the field really didn ’ t exist . Now it ’ s huge , with so many different roles and skillsets . It ’ s a very exciting time for the industry and the fast-paced nature of it keeps me on my toes .
How do you deal with stress and unwind outside the office ?
Out of the office ? You ’ re never out of the office in cybersecurity . I do try to fit in some walks in nature or exercise . But really , it ’ s a 24 / 7 job so it helps a lot to remember why I do this . It ’ s not a job for me , it ’ s a calling . It keeps me going when there is a lot to learn ( always ) or fires are breaking out ( always ). It ’ s a double-edged sword though because you can care too much . Making sure I retain as much agency as possible has helped . I become stressed when I feel trapped or stifled by a lack of options . So , part of my way to manage workloads has always been to make career choices to ensure I can have as much autonomy as possible .
If you could go back and change one career decision what would it be ?
I ran my own network integration company for a handful of years . This was definitely a huge learning experience and provided me with a lot of freedom . But I have never worked as hard and long in my life . Running your own business means you do everything from marketing to accounting . I ’ m in this for the technology , not business operations . Running your own show isn ’ t for www . intelligentciso . com