Throughout 2019, this mini-series will interview leaders from around the globe to discuss areas of cybersecurity. The purpose is to help students and those new to the industry, gain perspective and guidance from professionals in the field. These interview insights aim to kick-start or re-energise your career journey in cybersecurity.
In this month’s feature, Ben King, Chief Security Officer (CSO) for EMEA at Symantec, shares his story about:
These are his insights. How would you characterise your cybersecurity journey? King reverts to his time with Commonwealth Bank of Australia where he spent 11 years and served in a variety of IT roles. “Early in my career, I began to understand how the source code I was developing could be exploited. At CBA, I had the opportunity to watch the origination and expansion of the cybersecurity team from just a few people, often in non-specialised roles, into the huge team it became. I witnessed the exponential growth of the awareness of cybersecurity at executive and board-levels, and the demand for skills and talent that followed. In my current role at Symantec, I see a huge range of awareness and understanding of cyber risk across the entities I work with. Often it seems to be the board members who are best briefed, with the business they oversee playing catch up. “The Commonwealth Bank CISO at the time, Ben Heyes, was a visionary who was amazing to work with. His mindset was while encouraging schools and universities into STEM is important and necessary, it would not address a gap today. His solution was to rotate people from other parts of the organisation into cybersecurity, enable them with training and then have them rotate back to their position in the business to increase the organisation’s cybersecurity awareness. This included the usual feeder roles such as IT, but also across non-traditional entry points such as finance, legal and HR. These people have unique and useful skills to address the varied and dynamic challenges we face, while being able to communicate effectively back into the areas of speciality they have been recruited from – yes, sometimes cybersecurity risk needs some translation! In 2016, I took advantage of an opportunity to serve as the bank’s cybersecurity lead for Europe, and then after a long, memorable and extremely fun 11 years at CBA I moved on and into my current position as the Regional CSO for EMEA at Symantec mid-2018. From being based in London with a boss in Sydney, to a boss in California – it seems I will never avoid the late-night conference calls!” How would you characterise the evolution of cybersecurity? King emphasises how cybersecurity started off as a niche space within a great information technology discipline structured around hygiene. “This was how we secured data, endpoints and networks; however, the mass exploitation had not yet occurred or hit the front page. Once this happened, it was easy to characterise the industry as one of fear, uncertainty and doubt, much publicized. Playing on this was often used as the strategy to secure investment. But as with any strategy, it would only work for so long as investors and Boards inevitably want to see progress and maturity against their investment. Cybersecurity is a business risk, owned by the businesses I support, with governance, advisory and risk mitigation facilitated by the cybersecurity team. Approaches vary widely within the industry given the fluctuation in maturity and an organisation’s capability to manage risk in line with business expectations (and what those expectations, or risk appetite, may be). One challenge (among many) is the pace of change of technology and hence the change of risk profile. This complicates an organisation’s ability to define impact and likelihood of risk. An organisation may need to re-solve for the same risk at different times and adjust their approach as their landscape shifts.” What aspect of cybersecurity concerns you the most? King’s concerns are the ones that bleed over to the real world as opposed to purely corporate. “As a father with a young family, my biggest concerns are those our children need to face. The expansion of IoT devices, without much thought toward security or privacy, means the world they know is very different to the world I grew up in. This world includes social media of course, with young people and adults targeted or manipulated in new, inventive and nasty ways every day. This world is frightening to many. So, to wake up every day to work with a team that continues to develop solutions to keep our families, communities and workplaces safe is really inspiring. In the near to medium future, watching developments in encryption, mobility, ML/AI and then quantum computing will be fascinating to watch. Each will make our lives easily, and present new challenges.” How have you evaluated professional opportunities throughout your career? How has your approach changed over time? King reflects on his career and initially being wide open career-wise. “I needed to be challenged and learning to stay motivated. I look for roles which I can evolve over time. The most important things to me are having:
What fuels your passion? Why do you do what you do? King leads with his love for technology. “I grew up with computers and learned how to code in simple languages at a young age. I love technology because of how it empowers us. Nothing makes the geek in me happier than when a simple script turns a boring, repetitive task into an automated, on-demand activity done in seconds. The integration between business and technology has been phenomenal. When I started my career the number of people who could translate between business and technology were relatively few. New opportunities will continue to arise as the pace of innovation and disruption increases within cybersecurity, analytics, robotics, machine learning and AI, and their integrations. In another decade, add quantum computing to that list and watch how cybersecurity changes again. Having an opportunity to serve in a role and organisation so close to the cutting edge is hugely satisfying.” How would you suggest others new to the field get involved? King reverts to his time and advice from past mentors. “I encourage everyone to follow their curiosity. Be courageous, engage whether through job interviews or informal networking opportunities. Take someone in your network out for coffee and ask what they do. Evaluate if cybersecurity is an area of interest, and where you would be most excited to get involved. Understand every organisation will operate differently. When I evaluate opportunities, I connect with those in my network to gauge the landscape prior to engaging in more formalised discussions with the organisation. Training opportunities are endless and often quality content can be found free online. While pathways to some cybersecurity roles are well-understood, there are many others continually evolving, which can use skills from many different backgrounds as an entry path. This is just as much advice for those just starting out in their careers as well as those more experienced looking for a change and a challenge.” Cybersecurity is intriguing, in-demand by the market and considered as an excellent career starter. Please be on the lookout for next month’s issue of Decoding Cybersecurity: Interview Insights with Leaders as the journey continues.
0 Comments
|
AuthorElliot is a Senior Manager in the EY Cybersecurity practice. Elliot enables organizations to build in risk thinking from the onset, enhancing global innovation with confidence. He leads global teams to reduce response times and minimize the impact of security incidents by building and operating mature security, logging, monitoring, alerting, and incident response practices. He successfully led response to and recovery from complex security incidents, such as data exposures, third party compromises, and vulnerability exposures, by coordinating across large enterprises through effective incident response procedures to minimize business impact. Archives
April 2020
Categories |