We ‘Go Phishing’ with Todd Moore, Vice President Encryption Solutions, Thales, who tells us about life both in and outside the office.
What would you describe as your most memorable achievement in the cybersecurity industry?
The cybersecurity industry has evolved tremendously over the past 30 years, but the one thing that never gets old is hearing how cybersecurity products have helped protect customers. The public often only hear about the negative stories, like breaches that lead to reputational or financial damage, but there are so many positive stories out there from customers who deployed cybersecurity solutions successfully and there is always a sense of achievement when you hear that.
A close second memorable achievement would be having one of my products, the Luna hardware security module, featured on a Mr Robot episode!
What first made you think of a career in cybersecurity?
I started programming software in middle school and became fascinated with computers. At university, I studied computer engineering and quickly saw how an IT system could be compromised. I’ve spent most of my career building defences to protect various IT systems and communication products.
What style of management philosophy do you employ with your current position?
My management style is very collaborative and consensus building. I like to empower my team to be independent and to make decisions for themselves. It’s my philosophy to build team confidence and let them know that it’s okay to fail, as long as we learn from the experience. I’m always here to support when needed.
What do you think is the current hot cybersecurity talking point?
Ransomware has definitely taken centre stage based on the recent Colonial Pipeline and JBS attacks that made worldwide headlines and impacted many daily lives. The recent US Presidential Executive Order has also raised public awareness around cybersecurity and ransomware prevention best practices, including guidance around the use of data-at-rest encryption and multi-factor authentication.
Operational technology has also increasingly become the target for cybercriminals as more organisations bring their systems online as part of Digital Transformation projects. Bringing down a pipeline or powerplant can not only be disruptive from an operational and economic perspective, but it can also cost lives. Businesses should work to understand what is connected and who has access to data, before securing access through protocols like access management and fail-safe solutions.
How do you deal with stress and unwind outside the office?
Every day, I try to take a walk, usually with my Golden Doodle dog, Lucy. I find walking and hiking are great ways to relieve stress. I also enjoy gardening, as well as do-it-yourself construction projects. My to do list is never-ending!
If you could go back and change one career decision what would it be?
I’ve had some great opportunities to move around the world throughout my career. When I was a young engineer, I was asked to move to Malaysia to lead the go-to-market and sales in the region. I declined and sometimes daydream about how that move may have changed my career.
What do you currently identify as the major areas of investment in the cybersecurity industry?
Cloud security, zero trust and data privacy are some major areas of cybersecurity investment. Solutions already exist today, but there is a lot of technology innovation and emerging solutions coming to market. Think about cybersecurity in three simple words – discover, protect, control. Building a system architecture that can do these things will reduce risk and can help protect companies.
Are there any differences in the way cybersecurity challenges need to be tackled in the different regions?
The same cybersecurity challenges exist no matter where you are in the world. Digital Transformation is creating the same attack surfaces and vulnerabilities from the use of public cloud and Software-as-a-Service to IoT devices, payment systems and quantum computing.
However, data sovereignty dictates that digital data is subject to the laws of the country it is collected in, so different compliance and privacy laws around the world will determine requirements. For example, country sovereignty is very important in the European Union where GDPR requires that data must be either stored in the EU or within a jurisdiction that has similar levels of protection, such as the use of on-premise key management platforms. It’s vital that companies follow the rules of the appropriate nation, or else they will face the consequences of possible legal action and reputational damage.
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months?
Cybersecurity has impact across all functions and at different levels of an organisation. Developers are being asked to think about security from the ground up, not from the top down. As leaders of an organisation, we need to make sure that the appropriate security controls are in place, but it’s becoming less prescriptive on how to implement these controls. The job role is changing to make sure that all cross-functional teams have the appropriate ‘guardrails’, budget and tools to protect our business.
What advice would you offer somebody aspiring to obtain a C-level position in the security industry?
I would say get as much practical experience as you can today, while keeping an eye to the future. Drive yourself to take on new positions and new roles (within your company) at least every three years (think generalist versus specialist) and also make the time to experiment with new ideas. The IT security problems of today, may not be the problems of tomorrow.