Interviews 21.08.2024
Five Minutes With: A CISO
What keeps Cyro Cyber’s CISO up at night? Here’s a spoiler…it’s people!
Interviews 21.08.2024
What keeps Cyro Cyber’s CISO up at night? Here’s a spoiler…it’s people!
I came from an advertising and business development background but met Paul Rose (Cyro’s CSO) while playing rugby in Dubai. He persuaded me to make the leap to cyber, and since then, I’ve never looked back. I started with Paul at Six Degrees as their information security officer. Now, we’re raising the bar together at Cyro Cyber.
When I was younger, I always wanted to be a firefighter… but I’m not very good with heights so that quickly stopped that dream!
There are lots of things that could keep me awake at night, but the one that does, and one I always press upon my colleagues, is human error, specifically the execution of malware or vulnerability exploitation due to human error or phishing. You can apply as many layers of security as you like, but there isn’t a fix for human error.
I’m a big F1 fan, so I would hire Adrian Newey! He’s currently the CTO at Red Bull Racing and is one of the greatest designers and engineers in F1 history. A mind like that could do brilliant things in cyber.
That you have to be technical to work in cyber. This isn’t true at all. There are many roles and opportunities within cyber that aren’t overly technical and just as important as the more technical ones. My background and early career weren’t technical, and it was the perfect launch pad for me; I have since skilled up and gained the technical understanding that my role demands, but my foundation is in governance, regulation and compliance.
Continuous learning. Nearly every day, there is something that will test your understanding of cyber and give you the opportunity to ask questions and further your knowledge.
Pressure. There’s a lot asked of CISOs. I enjoy the pressure, as this is when it counts, and you demonstrate why you have the role, but equally, I prefer calm and business as usual.
Jump right in. Ask lots of questions, and don’t be afraid to get it wrong. I did all my learning and progressed the most in the deep end. It wasn’t without mistakes, but as long as you have people around you that you trust and give good guidance, you’ll be absolutely fine.
I really hope not! The CISO role does come with responsibility and accountability, but it also comes with brilliant opportunities to influence your company and the industry. As long as these responsibilities are measured and understood, it should only increase people’s desire to pursue a role like CISO.
“The biggest unsolved problem in cybersecurity is the unregulated use of AI”
Today, it’s the unregulated use of AI. ISO has only just released standards on AI and how to manage information security alongside AI. But the threat it poses increases daily, and I believe we’re only at the start of what it can do.
Industries and sectors that focus heavily on environmental impact. With the development of AI and the power demand, there will be a much larger environmental impact. It’s important that we work to minimise this as best we can.
Increased knowledge sharing. Given the sensitivity required in this industry, it can be tricky, and it does exist in pockets through some really good forums, but I’d like to see the availability of knowledge and opportunities to share with peers increase.
I would like to give a keynote address at a major conference. This year, I spoke at Cyro Cyber’s InfoSec event, which was my first taste of real public speaking, and I loved it.
Well, who’s reading this…? Ha! A guilty pleasure of mine is pop music – nothing beats a good sing-along to a really good pop song!
Alec Warriner is the CISO at Cyro Cyber. With nearly seven years of experience in the cybersecurity field, Alec not only leads Cyro Cyber’s internal security efforts but also delivers top-tier consultancy services to a diverse range of clients in various sectors.
Alec is a certified ISO27001 and ISO22301 lead auditor with deep expertise in implementing and auditing information security and business continuity management systems. He is well-versed in frameworks and regulations such as NIST, GDPR, DPA, and TSA, making him a trusted authority in the industry. His professional interests include incident response and threat remediation, where he excels in identifying, responding to, and mitigating cyber threats.