Go Phish: Mark Belgrove, Head of Cyber Consultancy, Exponential-e

We ‘go phishing’ with Mark Belgrove, Head of Cyber Consultancy, Exponential-e, who tells us about life inside and outside the office.

What would you describe as your most memorable achievement in the cybersecurity industry?

Once when I was working for a large global company as its CISO, the business was hit by a ransomware attack. A CISO’s worst nightmare of course, but one that we’re always preparing for. Fortunately, it was one of the proudest moments of my career, even if it was also one of the scariest! My team and I ensured the incident was contained, that recovery was prompt and that we suffered no reinfections. We also implemented additional security controls following the event to prevent similar attacks from happening again, and to this day, there haven’t been any further incidents like that one within that organisation. You always wonder how these incidents will play out, and it was reassuring to know you can survive them.

What first made you think of a career in cybersecurity?

I actually worked at Yellow Pages for a number of years not long after leaving university. I moved between various departments during my time there and after some time, was given the opportunity to work in security, which proved to be my calling. I was very passionate about the job and eventually became the company’s CISO. I’ve been in the security industry ever since!

What style of management philosophy do you employ with your current position?

I’ve experienced working for managers who simply command or tell their employees what to do and I’ve found that it’s simply just not a good way of getting the best out of people. That’s why, as I began managing my own employees, I made it my mission to encourage and educate them. I quickly saw that it made them feel motivated to continually learn, push themselves and further develop their skills. Every one of my team has ambition, drive and a passion for the industry, and that’s what I try to bring out in them. I never want them going home feeling as though they don’t have the opportunity to shape their own path. It’s about focusing on developing themselves and their careers.

What do you think is the current hot cybersecurity talking point?

We live in a very exciting time when digital is becoming a huge part of all our lives, and the future possibilities of technology appear endless. That said, I think it’s hugely important that everyone is educated effectively on the security risks associated with these new technologies. Every individual needs to realise and understand that data is now the main currency of criminals and industries and the connotations that brings.

How do you deal with stress and unwind outside the office?

I have a large family and two dogs, so it’s a busy household and I don’t get a lot of time to think about stress or relieving it! When I do get the time, my favourite way to unwind is to go mountain biking with the dogs early on a weekend morning, when the sun is just rising, and most people are still asleep. It’s very peaceful and gives me the opportunity to get some fresh air and clear my mind.

If you could go back and change one career decision what would it be?

I consider every part of my career a learning experience, so I wouldn’t change a thing. But, if there was a way to go back in time, from a personal perspective I would save more money when I was younger instead of partying!

What do you currently identify as the major areas of investment in the cybersecurity industry?

One of the biggest areas of investment right now is data loss prevention (DLP). Lots of businesses are beginning to explore solutions in the area, which have advanced a lot recently. Given the implementation of new regulations like GDPR, it’s a wise move because the fines for not having good control over your data are significant.

Are there any differences in the way cybersecurity challenges need to be tackled in the different regions?

I think cybersecurity threats across the world are largely consistent in nature. That said, there are different regulations and cultural differences across countries that need to be taken into consideration. The key for most security operation centres is to try and ensure consistency. Regularly auditing policies and postures in each region should mean any required changes are quickly highlighted, and alerts actioned appropriately when threats do occur, so there’s no need to worry about regional false positives.

What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months?

I hope to see more people in my role in the future. Companies are taking security more seriously than ever and as a result, are investing in the appropriate solutions to ensure their cyber processes are more robust. I just hope this trend continues because in most modern security scenarios, cybercriminals usually come out on top. They’re making a lot of money and many businesses are falling victim. So, anything that can be done to minimise their success would be welcome.

What advice would you offer somebody aspiring to obtain a C-level position in the security industry?

Keep learning! Make sure you have a well-rounded knowledge because the security industry is as much about compliance and regulation as it is about IT. The next generation of board-level security executives will need to implement appropriate security controls which don’t impede digital business, so experience is quite often key in understanding the industry and what would be an appropriate level of risk.