Complete the following sentence: “Cybersecurity is... / is not...”
Cybersecurity is... Cybersecurity is really hard. One of the things that I think we should never forget, we exist in an imperfect world. Security controls are varied and complex, and we face every day a dynamic and relentless adversary. So I always tell people cybersecurity is really, really hard and it needs us all to work together to make it a little bit easier for some of us.
What prompted you to work in cybersecurity?
I think I was first prompted to work in cybersecurity many, many years ago when I realized that some of the world's most complex and largest networks were only as strong as their weakest link. And that, you know, that led me down a series of sort of engineering and developing pathways, which really helped me understand that the interlinked nature of everything we build from a technology perspective has to be seen through a lens of security and privacy. And every time you enable a piece of that technology landscape, you also need to protect it. You know, rolling out secure networks for governments around the world was, I think, the first realization for me that every single time you connect something, you also have to protect it.
If you could go back in time and tell your younger self something about cybersecurity, what would it be?
I think if I had a time machine and I could go back and talk to myself, I'd ask a series of questions. But the piece of advice I would give would be never assume that other people understand the implications of security or actually take it as seriously as you do. I think most organizations, businesses, governments and people are positively minded. They think about the good that the world can bring. They think about the opportunities. But so seldom do they really understand and are able to articulate the cybersecurity risk that's facing them or their organizations. So the piece of advice would be, we never assume that people understand their risk and they understand the complexity of the security world behind it. I think if we start every conversation with reminding ourselves the importance, the impact and the risk, you know, we will level set every time. That would be my piece of advice to myself, because I think that's a that's a really important place to start.
What are you looking forward to most at the conference in November?
I'm really looking forward to getting together in Berlin in November and sharing with lots of other people, I think, who are joining virtually. The thing that I most look forward to in these events is taking the time, taking the time to share ideas with other people who have got unique and expert perspectives and really thinking about what's coming next. We so often understand and are planning for what's happening today, this month, next month, next year. But actually genuinely thinking about the next wave of change and what will quantum mean and how will we manage identities in the metaverse, how will people and organizations interact to develop an enhanced privacy? These are the things that I'm really looking forward to, sharing and understanding with peers and experts from around the world.
Is there anything you would like to add?
One thing that I would really ask and hope from the people attending the conference and actually for the entire security community, is that we help organizations who are smaller or less fortunate than ourselves. Security has always been an opportunity and an industry designed for large, complex, well-funded organizations. And we help build large, complex and expensive solutions. What I think we're moving into now is an area where security affects everybody, no matter your size. And it's something I'd really like our industry to do is think not just about the large organizations and the large risks, but the smaller organizations who have just as equal importance in this ecosystem but don't have the skills, the capability or always the funding to address security in a way that should be. So that would be my call to action, it’s let's help the little guys as well as the big large organizations.