Five Minutes With: A CSO

Self-confessed “massive geek” Chris Denbigh-White is responsible for both information and physical security in his role as CSO. He thinks infosec professionals need to stop ‘trying to boil the ocean’ and putting each other on pedestals…

How did you get into cybersecurity?

I’ve always been a massive geek, but it was not until I worked for a specialist national intelligence unit when the IT manager unexpectedly walked out that I got my break into doing it officially! My bosses asked if I would “do the IT”, to which I said, “Yes, but I want to do it properly and (more) securely. Here are the courses you need to put me on before I touch this stuff, and this is what we need to do to make it more secure.” From then on, I built, managed and secured various environments until I was advising other people. I then went from the public sector to private sector consultancy, to Deutsche Bank’s office of the CSO, and now I’m the CSO of Next DLP.

Just how ‘converged’ are physical and information security?

Security is security. However, the size and structure of an organisation will determine what level of convergence makes the most sense.

If you could retrain for a dream job, what would it be?

Long-haul airline pilot, but I am both short and long-sighted, so it’s probably best I not pilot a plane! I’m also 6’6’’ tall, so not a very practical option from a comfort perspective.

What has been your most challenging role to date?

The most challenging roles were when I experienced friction in getting what I wanted done. They taught me patience, different ways of communicating and that there is no one-size-fits-all approach to implementing security.

If you could hire anyone in the cybersecurity industry, who would it be and why?

I wouldn’t. I think there are many great people in the cybersecurity world, however, I think we tend to put people on pedestals. Who I’d hire would depend on my specific needs. I’d always hire Chuck Norris, though (for obvious reasons!)

What’s the biggest misconception about cybersecurity?

That it’s like the TV series 24, or that we’re all hackers. (“No, I can’t/won’t get you into your wife’s/girlfriend’s/boyfriend’s Facebook account!)

What’s the best thing about your job?

I have the freedom to direct the security programme and mentor my team. I also get to travel, network, and speak to my peers regularly.

And the worst?

It can sometimes be so much fun that I forget to take breaks. Self-care is harder when you are passionate about something and really enjoy your role. Burnout is real and can creep up on you.

“No, I can’t/won’t get you into your wife’s/girlfriend’s/boyfriend’s Facebook account!”

Public sector vs. private sector roles: which are more satisfying?

Both. For me, it’s about having the agency to effect change and ensuring that the change being implemented is beneficial. Both the public and private sectors can offer this opportunity.

What advice would you give to industry n00bies?

Expecting to be an expert in information security is an unachievable goal (like boiling the ocean). Instead, aim to be open to learning something new. As you grow, build a support network of peers and associates in infosec.

What’s the biggest as-yet-unsolved problem in cybersecurity?

The myth of the big shiny ‘find and remediate the evil in my network button’. Such a button doesn’t (and is unlikely to ever) exist. It’s a major problem that many spend time (and large amounts of money) striving for this instead of getting the fundamentals of information security in place.

What’s the difference between a CISO and a CSO?

I genuinely don’t know. Even the title CISO has multiple meanings depending on the specific organisation and person you ask. In general terms, a CISO works primarily with information security and a CSO works in the realm of physical security. However, sometimes, I’ve seen the CSO title denote responsibility for information and physical security, which is the case with my current role.

What’s a CSO’s biggest headache?

The unknown!

What’s your one (as yet) unfulfilled career ambition?

I would like to see some of the people I mentor in prominent and fulfilling CISO positions. 

Tell us a guilty secret?

I am addicted to trifle. If left alone with a trifle, it will be gone in an embarrassingly short time!