For the latest episode of the Security Stories Podcast, I met someone who actually has the title ‘CISO Supremo’. It’s an award which recognizes the individuals and teams working hard to protect the United Kingdom from cybercrime.
Security Stories: Quentyn Taylor
As well as being CISO Supremo, Quentyn Taylor is also the CISO for Canon Europe. Odds are that you might have had your hands on a Canon camera or a printer at one point in your life. If you’ve ever had a security related query about one of their products in Europe, it’s Quentyn’s team whom you would have spoken to.
That’s because they are a customer centric security team (as well as also protecting the internal aspects of the business). Hearing the story behind this was incredibly interesting.
It’s clear from the get go how passionate Quentyn is about the cybersecurity industry. During the podcast we talk about having a degree vs. relevant experience , and how to overcome the “virtual hurdle” of working remotely. Like many of us, Quentyn is really missing those in person interactions with his team members. We also talk about data breaches, and why firing the CISO shouldn’t be the first resort.
We then end the interview as all interviews should: with a spot of cybersecurity cocktail making.
One of the biggest things I took away from our chat, is the concept of “T-shaped” people. I hadn’t heard the term before, but apparently it’s fairly common in the recruitment and agile software world.
For anyone who doesn’t know, “T-shaped” people is a way of describing someone who is an expert in one particular field, but you also spend time acquiring different skills. For example, a cybersecurity engineer who spends some time on the IT help desk, or even in the PR team, as some of Quentyn’s team do.
I really like that, because it means that it doesn’t matter what age you are, or what field you’re in. You can learn another skill, see the other side of the coin, and bring that knowledge back to your area of expertise.
It occurred to me that if more people did that i.e explore other departments in a business other than their own, we might see more harmonious communications between different teams.
And that applies to security as well. As Quentyn was saying, those of us in the cybersecurity industry often think that security is the most important thing in any business. Because we have a natural bias, and, well, we’ve seen things…
However, business decisions are made for various reasons at the time, and sometimes security is not the foundational factor behind those. Or, there’s a level of security risk that people are prepared to holster.
In those scenarios, the role of the cybersecurity team is to find a way to cushion the risk. Even if the simplest, or the fastest, solution isn’t a solution any more. We’ll find another way to support you.
On this Day: Mirai botnet
Also in episode 10, we take the DeLorean for a short spin back to 2016. “On this Day” is a regular Security Stories feature, where we visit a significant cybersecurity event from the past, and this time, we explored the story behind the Mirai botnet.
After it first surfaced in August, Mirai came into the media’s attention a few weeks later when researcher Brian Krebs was targeted by a large DDoS attack.
In his debrief with Akamai (the CSO of which, Andy Ellis, we spoke to in the last episode), it was noted that rather than relying on DNS amplification to achieve such traffic, it seemed to have come from many different sources.
This suggested that an enormous number of devices were compromised, and soon enough the world started to hear and read the word “Mirai”.
Are you a security leader who would like to share their story on the podcast?
Please get in touch with me on LinkedIn and we’ll take it from there.
On the Security Stories Podcast, we meet pioneers from across the world of cybersecurity, who then share their experiences with us.