The gregarious introvert
Unconventional way to start a post but, I’ve always felt like an odd animal. In my natural state I’m what you might call a ‘gregarious introvert’, if that makes sense? Being an introvert means that I involuntarily hold myself back, and that’s something I’ve spent years trying to reverse engineer.
These days, I’m glad to say I’m comfortable talking to a room full of people I’ve never met. But the gregarious bit has always been there. It was once said about me that I have ‘an enormous capacity for glee’! Raised on pop culture like Monty Python, Spike Milligan and Queen, I’m quick to smile and don’t take myself very seriously. But that’s not to say I don’t take what I do, very seriously.
All about identity and access
Obsessed with tech from an early age, sure, I like my technical gizmos. Professionally though, it’s not the tech itself. Tech needs people to use it. I love seeing people using tech and being delighted by it. By virtue of having fallen into the identity & security arena from the very start of my career, this means I want to see people being delighted by technology that is also safe.
The way that identity, access, people, organisations, politics and so on all intermingle can enable amazing things and simultaneously present a challenge to the safe operation of systems. Clearly, modern technologies and approaches can alleviate this. But it’s always a story of people, process, and technology. We so often get hung up on the data and the gizmos. But identity sits right at the core of everything we do now. We can talk about enabling remote work, or zero trust, cloud or digital transformation, and all of these things hinge upon getting identity and access right. And that’s basically the story of my career so far, getting organisations to do identity and access right.
You make your own luck
My old man once said something which really affected me. I mean, he’s said a few things, not just this one thing, but this thing in particular has had a big impact on my career so far. He said, you make your own luck. When I left Maersk in early 2019, I honestly couldn’t imagine working anywhere else. After a fraught period recovering from and responding to the notPetya attack, I was fortunate in being able to go travelling with my young family and spend some time away. But I really loved that company, and I grieved for my role.
Upon our return from travels, I was fortunate again to be picked up by risual, where I was able to continue focussing on identity and security. Things were looking really good, and everything was on a healthy trajectory despite the craziness going on all around us.
Maersk, me & notPetya
In the summer of 2020, I published Maersk, me & notPetya. The response to the post caught me completely off guard.
I simply didn’t realise how much of an impact it would have. Over the summer and autumn I was astonished at the overwhelmingly positive feedback, and was humbled to be invited to speak at events like BSides Copenhagen, ESET Netherlands, Quest TEC, and others.
My story has been one focussed on the challenges involved in addressing what I now call the basics, how we overcome those challenges, and then what those basics look like. And the more I’ve spoken, the more refined this story has become.
The reason why I published that post, was I saw the number of ransomware attacks going up and up, and I found this was impacting me on some deep personal level. Having lived through it, there is some intangible need I have to help organisations in getting these basics addressed. I guess you might call it professional concern for the wellbeing of my fellow human!
Where I’ve made my own luck then, is in simply being principled, and telling this story; No matter what we might think our priorities are today, successful rapid cyberattacks have a dramatic impact. And the impact does not simply affect data, systems, and the bottom line. They impact people. Not just leaders, but employees, partners, vendors and customers too. So cybersecurity needs to be recognised now as a safety issue, not simply in terms of these abstract concepts of data and systems integrity.
These cyberattacks are becoming more common, and the tools involved continue to advance in their sophistication and availability. So it’s vital that we look after these basics; Identity, privileged access, patching, retiring or isolating unsupported systems, asset management, contingency planning and so on. These basics provide us with the mechanisms to prevent or limit the effects of the initial impact, and then recover as quickly and seamlessly as possible.
And that’s where I’ve made my own luck; Being vocal, sharing the knowledge, and helping others. The first organisation I presented was for Stealthbits, who were super cool. We got along really well. We were singing the same song on all of these points. And in telling my story, they saw something in me. What I’m so grateful for and humbled by, is how they’ve seen value in this story and built a role for me! This came out of nowhere and I was truly blown away. In the midst of so much turmoil in the world right now with COVID19, climate change, Brexit and so on, these opportunities must be rare. And it’s better to regret something you’ve done than something you haven’t. So, opportunity seized!
So from today (Nov 2, 2020), I’m delighted to be joining Stealthbits as a Security Strategist. I’ll be focussed on helping customers in addressing these basics, and we already have some really cool stuff lined up that I am super excited about.
My role will focus on research, customer advisory services and materials like webinars, vlogs, whitepapers etc. Some might call this ‘thought leadership’, I see it as shining a light for leaders and helping folks on the ground make real, tangible improvements in getting the basics addressed.
I really care about helping organisations take a holistic approach through people, process and technology to protect their data and systems. This in turn enables them to do a better job for their customers and show leadership within their own industries in a world increasingly exposed to rapid cyberattacks and digital warfare. So I’m super happy to be working with Stealthbits on this, and cannot wait to get cracking!