Read our Annual Key Trends Document for your Sector | Download Key Trends 2022
×

Risk & Compliance in the Cyber Security Industry 

In episode #69 of The Tech That Connects Us, we were excited to be joined by Chris Strand, Chief Risk and Compliance officer at CyberSixGill. 

With 20 years of experience, he’s a subject-matter expert in cyber risk and compliance and a regular conference speaker, most recently holding a Chief Compliance Officer role. 

Earlier in his career, Chris founded and built the global compliance and risk strategy arm of carbon black, which became a fast-growing and critically important business unit. 

We hope you enjoy this episode as much as we did recording it. 

How has the relationship between risk compliance and securities changed over the past few years?  

I’ve experienced the good and the bad with this – a bit of both. I would say, “they’ve” – and it’s not by choice, but they have converged. And this is where I say there’s the good and the bad. There are a lot of folks in the industry that for obvious reasons, see the Risk and Compliance angle as a negative thing.  

And I understand why –  they’ve grown together, out of necessity. You fast-forward to today, and there are a lot of regulations, in fact, there’s too many regulations and frameworks, it’s confusing and mind-boggling. But, it’s still a necessity. 

Look at the state of the security industry right now. I mean, we’re under a barrage of threats, they’ve grown more than I could ever imagine when I started out in my career. So, you know, with that, you can observe almost a 45-degree angle of increase in the number of regulations, frameworks, and mandates; the privacy laws that we see  the national and regional types of mandates around privacy and data that have grown. So, they’re all in one place, because we have a need to try to measure our effectiveness to protect that data.  

And again, I don’t view it as a negative, but sometimes it is a negative because we’re under such threat, right? It’s sort of like, why do you have five locks on your door now, whereas, you know, 10 years ago, you only had one – and now we do this because there have been more break-ins, it’s the same thing. We don’t like to see the world becoming a more dangerous place.  

How have you found getting back into things such as conferences?  

So, I found it extremely refreshing. I think most of us are social creatures. And I actually tend to be a very introverted person. I’m uncertain if that would surprise people because I love being in front of people, but on the other hand, I am a bit of an introverted person. So, it’s sort of a weird mix. But,  since I’ve been able to get out in back into the public, back face to face and speaking with people, I can never look back.

I mean, it’s the most refreshing thing I’ve ever experienced, and a very surprising feeling as well, it was a euphoric feeling at the time! 

What has the ubiquity of cloud platforms and services for enterprises meant in terms of risk management? 

It’s thrown a wrench into risk management for sure. Because the accessibility of the cloud alone, I mean, there are so many security themes that we can talk about such as the move to the cloud, and what’s happened over the last five, six years or so. It’s definitely created a lot of stress for risk managers that are trying to work with what they used to see as closed systems.  

But one of the main themes that have become a huge thing and has helped evolve and create a lot of data privacy laws is the fact that data now is much more accessible than has ever been with the cloud.  

Now, that data is way more accessible, there are so many different threat vectors to that data that we’ve never ever had before we’ve never had to deal with. So, it’s made risk managers’ lives much more difficult, because there are a million more variables that you have to consider when you’re measuring the threat to that data.  

What major lessons do you feel that organisations need for this decade to better manage risk and compliance? 

When I think of lessons, it’s hard for me to say what a particular lesson is because I don’t want to sound like I’m preaching to organisations, and to say, you know, you should have learned this, you should have been doing this from day one etc.  

But I do think that there are a few lessons that we can look at. And one of the big things is, and this is very hard to talk about with different businesses is the transparency of their business process.  

The more transparent you can be with how secure your data is, the easier it can be to find faults. But, you’re basically asking someone to talk about their weaknesses.  

And businesses think “I don’t want to make it sound too weak”. Because, hey, if I’m an assessor, and I’m in an assessment with a retailer, let’s say, you know, and I’m asking them, where are all your faults and such? They’re thinking, Hmm, I don’t know if I want to tell you this. Because the minute I do, what if this gets out? What if I don’t trust this individual? Right? What if we don’t have a trusting relationship between us, and this gets out, and my brand gets damaged.  

But, the lesson is to be transparent as it’s done good for many organisations. 

To listen to the full episode click here. 

Every Wednesday we sit down with some of the biggest names in our industry, we dedicate our podcast to the stories of leaders in the technologies industries that bring us closer together. Follow the link here to see some of our latest episodes and don’t forget to subscribe.     

What are the major IT data challenges currently facing enterprises and governments?  

In episode #62 of The Tech That Connects Us, we were excited to be joined by Hash Basu-Choudhuri. He is the current GM at Cribl, and has held advisory and senior roles across the world, mostly in the EMEA region. 

We touched on his career so far, as well as specific topics around data challenges, crypto, and D&I.  

We hope you enjoy this episode as much as we did recording it. 

What would you say are the major IT data challenges currently facing enterprises and government? 

“Just complexity, look at the rate of change, I think if you look at the rate of change from 2000, it was not that high. Things weren’t being innovated at the rate they’re being innovated today.  

The problem today is that every three years there’s a new cycle riding. You had the mobile cycle, the cloud cycle, now you have the container cycle. And now, we’re moving into completely trustless environments using blockchain technology.  

Airbnb disrupted travel, and not even seven years later, Airbnb is probably going to get disrupted by blockchain! I think the biggest challenge is that.” 

How has the UAE handled COVID differently to other parts of the world? 

“This is a great question. So, this has literally been a business case study in probably how to do it right. The UAE has looked at the impact, looked at the facts, looked at the science, and been ahead of the game.  

I deal a lot with Emirates Airlines and Dubai airports. I would say 70 to 80% of the world’s vaccines fly through Dubai, because they’re manufactured in India. This is their distribution hub. And then from here, Emirates Airlines repurposed god knows how many planes into vaccine carriers. And then from here, they’re distributed globally. So, they’ve got the distribution for the world sorted.” 

What novel cybersecurity challenges does the growth of cryptocurrency prevent present? 

“When you’re talking about cryptocurrency, it gives you immense power, you do not have to trust the third party, there is no centralised system. But the problem with security from a blockchain perspective is that you are responsible for your keys, for your wallet, for your assets right now.  

Sounds simple, but how do you secure it? You just have to be very, very careful with the way you manage such assets. There are a couple of tech players out there that are trying to solve it with escrow accounts, and the ability to have extensive multi-party certificates.” 

What is your assessment of how well tech industries are tackling diversity? 

“So for me, obviously, you know, I fall into that category. But for me, it’s not about this, It’s about the diversity of thought. My background is not going to be exactly the same as your background.  

But, if you can attract talent and have multiple different mindsets, it’s good for business. Look at your target audience, which is the world, right? If you want mass adoption, it’s everyone. So, you kind of have to mirror that. And you can’t mirror it if you don’t have a diversity of thought.  

I think a lot of these companies are leading with just hard metrics. And it’s like a sales process, right? You can do metrics one, two, and three, and you don’t do anything at the end of that, right? When really, it’s the way you interpret that data. It’s the way you apply it. And it’s really what you do with it once you have met those targets.  

I think a lot of companies are just laser-focused on “we need to have this many Asians this many, you know, blah, blah, blah” right. And I don’t particularly like the topic because I think it’s an over-rotation, it should always be merit-focused. And it should always be diversity of thought that you get from it over anything else.” 

You can listen to the full episode here.

Every Wednesday we sit down with some of the biggest names in our industry, we dedicate our podcast to the stories of leaders in the technologies industries that bring us closer together. Follow the link here to see some of our latest episodes and don’t forget to subscribe.     

UNICORN-UCOPIA. – $1bn Cyber Valuations we’ve seen this year

Investors have been chomping at the bit so far in 2021, creating a record-breaking* 12 galloping Unicorns to fight global cyber criminals.

Most recently, the end of April saw Vectra AI join the club, winning $130M in their latest funding round and a valuation of $1.2B.

In other news, UK stallion Darktrace went public, after a very thorough examination of its dental records.

*“A record was set in the first quarter of 2021, with 12 cybersecurity unicorns created globally, which is more than double the previous quarterly ” PitchBook (Private market data provider)

Vectra gains $130M funding and $1.2B valuation

Vectra AI, a cyber security, threat detection and response firm has announced an additional $130m round of funding.


Darktrace shares jump 32% in IPO

Cambridge-based cyber security company Darktrace and its backers raise £165m in London debut.


A unicorn on steroids

Wiz raises $130 million series B to reach $1.7 billion valuation a year after its launch


Aqua Security hits unicorn valuation after completing $135 million series E

The Israeli cybersecurity company has stayed ahead of the cloud revolution, refuses to be sold and has it eyes on some acquisitions of its own.


Orca Security raises $210 million, becomes ‘unicorn’ with $1.2 billion valuation

Google’s growth fund leads investment in the Tel Aviv-based cybersecurity firm set up 2 years ago by former execs of Check Point Software Technologies.


New unicorn Axonius raises $100M to expand its cybersecurity asset management platform

Cybersecurity asset management startup Axonius Inc. today revealed it has raised $100 million in new funding on a unicorn valuation of above $1 billion.


Automation for the people

Snyk raises $150 million at $1 billion valuation for AI that protects open source code.


Lacework Banks $525 Million as Cloud Security Market Heats Up

Lacework, a five-year-old cybersecurity company that automates security across enterprise cloud deployments, has reached unicorn status with the closing of a $525 million round of Series D financing.


These latest additions mean that there are now 31 Cyber Security Unicorns due to go public.

So what’s behind these huge valuations, is it set to continue – and what does it mean for the Cyber market in general?

Rather than dampen cyber spending, the rapid digitalisation caused by the pandemic has revealed worrying gaps in IT Infrastructure – further exposed by the accelerated move to Cloud and home working.

And it’s this exponential growth in demand that is causing investors to feel bullish and make sure they are on the right side of these major technological shifts.

Cyber is a huge growing market with healthy competition and – so far –  few monopolies to keep a lid on sky-high valuations, so the trend certainly seems set to continue.