Five Minutes With: A Technical Director

Cybersecurity isn’t complicated, and it’s not always super interesting and glamorous either, admits Dan Bridges, but the satisfaction from helping organisations solve security challenges makes it all worthwhile

What was your route into cybersecurity?

It was unconventional. Before my cybersecurity career break, I worked as a windsurfing instructor for six years. Someone I was teaching offered me a job [in cybersecurity]. Before long, I was installing firewalls for a living, which put me on a path to where I am today.

In your 27 years in the industry, what is the most significant evolution you’ve witnessed?

The shift from on-premises to cloud means organisations have less direct control over their infrastructure than ever before. This has some important security implications and has changed how organisations, their partners, and vendors focus their time and investment. It also has a knock-on effect on the role of security leaders, who must deliver effective protection even though many have limited visibility over their IT estate.

Have you ever considered the cybersecurity practitioner route?

Earlier in my career, I was a practitioner, having worked for a local council and then with one vendor before helping to launch and run MSPs. In total, I’ve been a consultant for half my career, which gives me a view of both sides of the coin: how to introduce and explain these new technologies and methods, but with the mindset of hope that they can then be used to deliver some value to a customer.

Is AI having more of a positive or negative impact on cybersecurity?

So far, it has had a positive impact by helping analysts and advisors understand and communicate better. However, it is also helping the bad guys do things much quicker, with AI being used to create extremely convincing phishing emails, for example.

If you could retrain for a dream job, what would it be?

I have always liked the idea of working as an agronomist or arborist, not least because those roles have the added advantage of being able to play with large power tools and climb trees.

What has been your most challenging role to date?

I worked in a very, very large corporation — one of the oldest computer companies in the world. My role involved navigating large corporate processes and working on huge deals with very sizeable customers.

If you could hire anyone in the cybersecurity industry, who would it be and why?

Jim Paker. Legend. I can’t say anymore – it’s a security thing.

What’s the biggest misconception about cybersecurity?

The biggest misconceptions are that cybersecurity is really complicated or—as portrayed in the movies—always super interesting and glamorous. Neither is completely true.

What’s the best thing about your job?

Meeting lots of people and feeling like you’re making a difference. I get a huge amount from helping organisations and their teams solve security challenges in a meaningful way.

And the worst?

The hours can be long and intense.

What advice would you give to industry noobies?

Invest time into understanding how contemporary technologies work and interact with each other. That can give people a good foundation for building their security knowledge, including how systems are targeted and breached. A host of resources are available for aspiring industry professionals to use, with those provided by the National Cyber Security Centre an excellent starting point.

What’s the biggest as-yet-unsolved problem in cybersecurity?

Securing people – the human factor. It’s human nature that someone will always click on something, say the wrong thing, or lose a laptop. The result is that people are the best defence, but also your biggest weakness.

What industry or sector do you think cyber could learn from?

Sports. This may sound left field, but the idea of teamwork and collaboration could take the cybersecurity industry further in being ahead of the bad guys.

Tell us a guilty secret?

I’ll tell you three: 1) I still yearn to go back and do another Glastonbury, 2) I’m a Chelsea fan, and 3) This isn’t my real hair.