First and foremost, I like to think that I am a ‘people person’, frequently described as ‘affable’. I aspire to treat everyone I meet with respect, be it the janitor of an organisation or the CEO. Antiquated hierarchical structures have no place in the modern enterprise…or society more generally!
I would that full-time CISO and part-time epistemologist. I like to understand how things work and love the process of learning; pretty lucky given our digital worlds are evolving at breakneck speed. I like to challenge conventional thinking and ways of working – not in some contrarian, attention-seeking kinda way, but in the interests of understanding if legacy rationale stands up in a work starkly different to a time when firewalls and DMZs were all that was deemed necessary to protect an organisation.
For me, it was some time in 2017 which was a watershed time for our industry; perceptions of cybersecurity changed indelibly. It was the dinner party tipping point. I shall explain:
I used to dread the “so, what do you do?” conversation. You know the one, it takes place at dinner parties, the pub and first dates. It is the dialogue uttered to fill silences and pass the time while you are waiting for the kids to leave the classroom. There are particular vocations ubiquitously understood: milkman, surgeons and electricians, everyone knows what he or she does. Until recently, if you said that you worked in cybersecurity, you may as well have said that you designed the hadron collider. The layman hears “something to do with IT”. I assert that such disinterest is based on one over-arching belief: cybersecurity just doesn’t affect me.
I have seen first-hand the changing role of IT, from a response organisation to a strategic business unit that drives value and a competitive advantage for the business. Ten years ago the IT department controlled what a user had access to and how they connected; now the user demands access to applications of their choosing at a time they specify and on a device and platform they stipulate – oh how the tides have turned. How do we keep up? In most cases, it’s a challenge but not an insurmountable one.
I hold an MSc in Cyber Security from Royal Holloway and retain an active role in the InfoSec industry through directorship of the IISP and membership of CompTIA’s Cyber Security Committee.
Recognition and Achievements:
- MSc (Distinction) Cyber Security, Royal Holloway – Thesis prizewinner for: ‘Demystifying Myths of Public Cloud Computing.
- Author: Cyber Risk Management
- IISP Board Member and M.Inst.ISP
- IDG Cybersecurity Expert Writer
- Member of CompTIA Cyber Security Committee
- Vulcan Cyber’s 2018 ‘Top 10 Cyber Risk Experts to Follow’
- Writer: IDG Contributors Network: https://www.csoonline.com/blog/ciso-20/
- Writer: TechTarget Contributor: http://www.techtarget.com/contributor/Chris-Hodson
Certs and Stuff
- CompTIA Advanced Security Professional (CASP+)
- EC-Council Certified Blockchain Professional (CBP)
- EC-Council Certified Ethical Hacker (CEH)
- Certified GDPR Professional (C-GDPR-P)
- Certified Information Systems Security Professional (CISSP)
- British Computer Society Certificates in Enterprise and Solutions Architecture
- MCSE 2000 | MCSE +S 2003, MCSA, Exchange, SQL and Win Server MCPs