Throughout 2020, this mini-series will interview leaders from around the globe to discuss areas of cybersecurity. The purpose is to help students and those new to the industry gain perspective and guidance from professionals in the field. These interview insights aim to kick-start or re-energise your career journey in cybersecurity.
In this month’s feature, Fred Thiele, Group Chief Information Security Officer (CISO) of Transport for New South Wales (NSW), shares his story about:
Thiele graduated in the early 2000's with a computer science degree from Fort Lewis College in Durango, Colorado. “I was fortunate to start my career with IBM’s Managed Security Services division. We began with thirty team members and during a five-year period grew to over three hundred. While my university studies were not centred around cybersecurity, I quickly jumped up to speed to help support a vast array of IBM’s services that included:
I have been fortunate in my career to serve in a variety of roles for numerous organisations from large enterprises to owning my own cybersecurity firm. There are three consistencies with my career – my enjoyment to build from the ground up, my desire to learn, and my pursuit of assignments that challenged my thought process. Thus far in my career, I learned how to:
Each step in my career presented unique and challenging opportunities. I was and continue to be motivated by the unsolvable, or the perception that an objective may be too difficult to achieve without putting in the hard work. My curiosity and drive to persevere often opened doors that may not have been otherwise. I often find the key to success is to simply do the work.” These are his insights. How would you characterise cybersecurity, and how has this evolved over your career? “Cybersecurity was all about the technology in the early days. Organisations required network protection with intrusion detection and were advised to perform penetration testing and scan for vulnerabilities. When I left the United States and transitioned to Australia, I felt like our local industry was working tirelessly to adopt best practices that expanded upon the use of these early solutions. Fast-forward to today and there is additional emphasis to communicate in simple business terms how these solutions are protecting the organisation's crown jewels and their return on investment (ROI). This translation has always been a challenge for our industry and I do not believe we have reached our potential. There are frameworks published today like FAIR (Factor Analysis of Information Risk) that help place dollar figures around risk. These types of frameworks will continue to help better enable our cybersecurity professionals speak the language of the Chief Financial Officer (CFO) and the rest of the business.” What aspect of cybersecurity concerns you the most? “Three areas concern me the most. Being Right Every Time. The bad guys only need to be right once, and cybersecurity professionals must be right one hundred percent of the time. This asymmetric relationship and model are unsustainable and unscalable. The innovations around artificial intelligence (AI) and machine learning (ML) are helping to reduce the impacts of this asymmetrical relationship by replicating (not replacing) our security analysts. However, we are still far from a reasonable capability in this space. Translating the Message. Communicating how real this threat is to the business. The inevitable will occur if we, as cybersecurity professionals, are unable to communicate to the business in a common language. Our approach has positively changed over the past fifteen years from ‘pure prevention’ to a 'not if, but when' mentality that has emphasised the importance of resilience. Blending In. Attackers are now using similar pathways that resemble normal end-user behaviours. Consider a college campus and their expansive walking paths to get from point A to point B. Students, faculty and visitors use these walkways to navigate campus. Attackers are learning to do the same and mimicking this behaviour to go undetected. They are becoming less of an anomalous alert at a staggering rate.” How have you evaluated professional opportunities throughout your career? How has this changed over time? “I always knew I wanted to own a business, which is why I helped to start Laconic Security and served as the Chief Operating Officer (COO) for six years. I explored opportunities that provided a chance to expand my skills inside and outside of work. I aim to attain a broad set of experiences across industries or verticals, with large enterprises or start-up companies. I enjoy gaining a new understanding of how various organisations operate. Transport for NSW was intriguing because of the opportunity to build and operate a cybersecurity program across 30,000 people and numerous agencies. I used the breadth and complexity of the opportunity as evaluation criteria as well as the chance to obtain a wide-arrange of experiences in a new industry.” What fuels your passion? Why do you do what you do? “I am what many may call a life-long learner. I always had an interest to experiment and build things growing up. I was on track to be an automotive mechanic in high school, fascinated by engineering. At the last moment I chose information technology (IT) almost by accident. This personal drive translated to my professional career. I am inherently motivated by the challenge to accomplish goals that others may have said were too difficult to achieve. My curiosity is fed when I lean into new opportunities and explore the unknown.” How would you suggest others new to the field get involved? “Three things come to mind. Be ready for anything. When you are a consultant you may on-board as part of an engagement with limited exposure to the subject matter. It is often your responsibility to get up to speed quickly and become an expert before stepping foot on the client’s site. Take this approach with any opportunity and give your best effort. This will often pay more dividends and open more doors than you may think. Do not be afraid of hard work. Jerry Seinfeld once spoke at a leadership conference. When asked about the secret of his success, he wrote three words on the whiteboard - DO THE WORK. Dive in and understand how things work. Learn the mechanics from the ground up. With this approach, you may find it easier to talk to your experiences irrespective if you are interviewing or pitching to the Board of Directors for program funding. You can speak authoritatively about the subject because you put in the effort to understand how things work. Aptitude. One of the things I look for in potential recruits is the willingness to learn. Demonstrating your ambition, passion and interests can go a long way in an interview to help forge your cybersecurity path.” Cybersecurity is intriguing, in-demand by the market and considered as an excellent career starter. Please be on the lookout for next month’s issue of Decoding Cybersecurity: Interview Insights with Leaders as the journey continues.
0 Comments
Leave a Reply. |
AuthorElliot is a Senior Manager in the EY Cybersecurity practice. Elliot enables organizations to build in risk thinking from the onset, enhancing global innovation with confidence. He leads global teams to reduce response times and minimize the impact of security incidents by building and operating mature security, logging, monitoring, alerting, and incident response practices. He successfully led response to and recovery from complex security incidents, such as data exposures, third party compromises, and vulnerability exposures, by coordinating across large enterprises through effective incident response procedures to minimize business impact. Archives
April 2020
Categories |