Go Phish: Matias Madou, Co-founder and CTO of Secure Code Warrior

Go Phish: Matias Madou, Co-founder and CTO of Secure Code Warrior

We ‘go phishing’ with Matias Madou, Co-founder and CTO of Secure Code Warrior, who tells us about life inside and outside the office.

Matias Madou, Co-founder and CTO of Secure Code Warrior

What would you describe as your most memorable achievement in the cybersecurity industry?

I think for me it was making the move to the defensive side of cybersecurity. Building a house to protect your most prized possessions is a complex task but essential to ensure their safety. When applying this to the world of business, we’re helping people to build secure systems at scale and undertaking this shift has been the most memorable achievement of my career. 

What first made you think of a career in cybersecurity?

I came to realise early on in my career that individuals were reverse-engineering systems to enable IP to be stolen and then used in other systems. I then explored the possibility of whether internal systems could be altered so this couldn’t take place, so I pursued a PhD in obfuscation and deobfuscation of code. My mission was then to find out how the internal workings of a software system could be truly hidden.

What style of management philosophy do you employ in your current position?

We don’t hire people to tell them what to do, we hire them because we know that they can bring a particular skill to the organisation and we need to foster that ability. I’m there to remove any obstacles to them succeeding in their role, so my position is all about helping and consulting people to allow them to perform at their best.

What do you think is the current hot cybersecurity talking point?

I’ve been really impressed with the rapid introduction of the Executive Order on Improving the Nation’s Cyber Security by President Biden in the United States, which details policies to improve the nation’s cyberdefences. I think it’s really good for the industry and I haven’t really seen other countries evolving as rapidly. With risks expanding, it can only be good news that more regulations and certifications around building secure systems are coming in. 

How do you deal with stress and unwind outside the office?

My day job is sitting at a desk, so I like to unwind by being outside and spending time with my two children. When I’m away from home, I find that the best way to connect with my kids is to play video games with them online. If I ring them to chat, I’ll usually only get yes or no answers, but they’re much more engaged when we’ve started a round of Fortnite!  

If you could go back and change one career decision, what would it be?

I would honestly say that there is nothing that I would change about my career. Time travel films, such as Back to the Future, have shown how your entire life can be altered from just one minor change in the past! That’s not to say I haven’t made mistakes, but I’ve learnt from them and applied those learnings to make improvements next time. 

What do you currently identify as the major areas of investment in the cybersecurity industry?

For too long, there’s been too much of a spotlight shone on the tools to help professionals in the industry, but I personally believe this is wrong. I think there needs to be a shift towards focusing on people. Throwing more tools at the problem isn’t going to help improve cyberpractices if the upskilling of the people using them isn’t prioritised. We need to ask them about what they need to be able to build secure systems.

Are there any differences in the way cybersecurity challenges need to be tackled in the different regions?

I would say that regardless of region, cybersecurity challenges need to be tackled in the same way, which is fundamentally building secure systems from the ground up. If we don’t start with the foundations of a cybersecurity strategy, then it’s never going to work and ultimately provide any value – a consistent mindset and approach needs to be taken in every location.

What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months?

As is usually the case with a start-up organisation, I initially spent a lot of time with customers to identify their problems and devise solutions, followed by a period of internal focus to ensure that our solutions effectively met those requirements. Following the completion of that phase, the last 12 months have involved me moving to a more external focus to communicate with customers and the wider industry, and I expect this to continue over the next year. 

What advice would you offer somebody aspiring to obtain a C-level position in the security industry?

My one piece of advice is to help others to succeed. Something I see quite often is that people often focus on themselves when it comes to their career development, but the professionals that I’ve witnessed as making the most progress are those with a plan on how to assist others. It’s not a silver bullet to immediate promotion to a C-level function, but I firmly believe that it hugely assists those who want to make it there.

Click below to share this article

Browse our latest issue

Intelligent CISO

View Magazine Archive