How many times have we compared cyber security with a battlefield? Hundreds, right? Well, Cathal Judge, Information Security Architect at Pret & Manger, UK, is an innovator in his own way. For him, cyber security is more like martial arts. You need to anticipate your opponent’s next move in order to prepare your defence and of course, you need to keep practicing. Cathal will be among our exceptional speaker panel at the 2017 CyberCentral Conference this April in Prague. I had the pleasure to talk to Cathal a few weeks back and learn more about him.
Cathal, tell me a little about your background.
When people ask me where it all began, I often think all the way back to childhood in South Africa. I was very keen on martial arts since the age of 7, when I first learned about the art of attack and defence.
I learned about the principles of using everything you can to gain an edge over your competition. Diversity of thought, innovation and creativity, focusing on different elements of training such as diet, different martial arts disciplines including Judo, Kung-Fu and boxing, as well as adapting and testing yourself during intense sparring. The trick is to stay current!
In the cyber world, this is the equivalent of using a defence-in-depth strategy. In a way, you are using penetration tests and other forms of ‘red team’ sparring to build your defences. One of the most important things is to gather intel from as many sources as possible and to apply them to your own, unique risk strategy. So as you can see, Eftychia, cyber security has always been a natural fit for me as it involves a constant race to outwit, outplay and outlast your assailants.
A large chunk of my 15 years of corporate experience has been spent working in IT, however I am a firm believer that security is a business-wide and even partner-wide concern, because as the modern mixed martial artist knows all too well, you cannot work on one area and neglect the rest. You will land up flat on your back!
I can see that you are interested in poker. Isn’t your job as a Security Leader just like a game of poker? You need strategy, you cannot show your cards and you always need to think ahead…
Indeed. I always enjoy a friendly game of poker, because after all poker is a martial-arts battle of minds (laughs).
When it comes to the business end of it all, knowing when to reveal your cards and exactly how much to show is critical to negotiating better deals and managing to get the highest returns on your security spend.
As you alluded to, thinking ahead is just as important. Knowing what your 3-5 year strategy entails, how much you aim to reduce risk by & at what cost, and knowing that the goal posts are constantly moving as the threat landscape matures results in a dynamic strategy. It’s a bit like trying to navigate a ship full of treasure through hostile waters around Treasure Isle, trying to find the moving port, whilst having a limited amount of cannons and men on board to protect yourself from pirates! It’s almost impossible! (Laughs)
What was the biggest challenge you had to face so far in your career?
The biggest challenge must have been the jump into senior management, from an IT consultant role.
Before making the jump, I had worked for a number of organizations as an IT & Security consultant. When I was given the opportunity to make the jump at Oxfam some 7 years ago, the CIO -whom had just arrived from the BBC- encouraged anyone to approach him with any concerns or ideas.
At the time, I could see a gap in security so I approached him, and to my surprise I was allowed to interview for the Head of Security position in a multinational which operates in over 72 countries across the globe.
So, clearly the CIO saw something in you that you weren’t fully aware of.
Yes! And as you can imagine, making this step resulted in long and stressful hours, tons of personal coaching, security qualifications and lots of mistakes along the way in order to become a fully-fledged security leader, managing a multi-million pound budget at the age of 26.
This was a great opportunity for me, and I had the privilege to share my experiences in a number of security magazines and events. I really enjoyed the spotlight and looking back, this was certainly a career-defining moment.
Speaking of conferences, can you elaborate a bit more on your presentation on CyberCentral? What’s the #1 key takeaway?
The number 1 take away is treasure! In the form of information, of course.
I hope the attendees will be happy to share their “war” stories and lessons learned. However, for privacy reasons, no one will share corporate/staff names within the group.
For me, the most important point to discuss is the fact that security incidents are inevitable. How to detect, respond and minimize the impact is the key to managing cyber risk.
Cathal will attend the CyberCentral Conference in Prague. Will You?
Learn more about the program, speakers and topics, request your agenda and identify the sessions you want to focus on. But don’t stall. Reserve your seat today and pre-register for our workshops. In the meantime, join our online community on Facebook, LinkedIn and Twitter. We’ll keep you posted.