Get to Know: Andrea Carcano, Co-founder and CPO, Nozomi Networks

Get to Know: Andrea Carcano, Co-founder and CPO, Nozomi Networks

What would you describe as your most memorable achievement in the cybersecurity industry?

As the founder of a company, it would of course be having built Nozomi Networks to where it is today. But I don’t see this as a finished achievement. We are constantly evolving and building on our strengths, working out how to improve the things we need to. I’m most excited about the achievements that are yet to come.

What first made you think of a career in cybersecurity?

I am driven by my curiosity and passion for logical thinking. Games that make you think out of the box and forcing alternative ways of thinking are my passion. Cybersecurity is exactly that, so I had no choice but to immerse myself in this game, where one is always expected to innovate, progress and find new solutions to a problem. Initially, I was curious and then discovered my passion for cybersecurity and followed it.

What style of management philosophy do you employ with your current position?

Working with passion is my personal philosophy, so I tend to apply the same philosophy inside the company. I believe that company success depends on the ability to build a passionate and driven team working towards one goal. I personally can’t stand ‘finger-pointing’ and in Nozomi Networks, everyone is a team player, equally responsible for driving the business forward. Being customer-focused is another important aspect of my philosophy. It is important to remember that we are here to support and understand customer needs – this is what drives the innovation in our business and culture.

What do you think is the current hot cybersecurity talking point?

A lot of our discussions are around AI’s ability to bring actionable intelligence to customers about their network. But what equally deserves mention is providing visibility and understanding about the whole network rather than about one type of technology. While there is separation between OT technology, IT technology and IoT technology, physical separation does not exist. Therefore, the industries must focus on understanding how industrial technology is interacting with the rest of the world.

How do you deal with stress and unwind outside the office?

A lot of people talk about work/life balance as limiting the amount of time you spend working. While it’s important not to be working all hours of the day, if you are following your passion in your work, as I do, then this work is something you enjoy. It’s something that energises you rather than draining you and doesn’t inherently cause stress and discomfort. Since starting a family, I do now have another incredibly important passion to focus on outside of work, but I’d urge people in this industry to seek work that aligns with your passions.

If you could go back and change one career decision what would it be?

I wouldn’t change one single thing. The way I look at it, I am who I am because of the mistakes I may have made, successes achieved and lessons learnt. Everything in my past brought me here. My career path made me a better person as I learnt from my own mistakes.

What do you currently identify as the major areas of investment in the cybersecurity industry?

I see a demand for wider visibility in a shorter period of time. More businesses base their decisions on data and thus companies are focused on investing in tools that provide actionable intelligence to customers. Deeper analysis and further visibility will be game-changing as decision-making is now highly dependent on timely data analytics.

Are there any differences in the way cybersecurity challenges need to be tackled in the different regions?

Absolutely. As a global company, we have installations in every part of the world and in every part of the world there is a different approach to cybersecurity and different factors to consider. For example, one region might test solutions focusing on specific tools and threat actors, while another will look closely into insider threat mitigation. The reasons vary from different political ecosystems to cultural aspects but at the end of the day, everyone in cybersecurity is working to reduce risk. Yet, it is important to remember that 100% security doesn’t exist, so you need to consider small and big differences to maintain high cybersecurity standards. With insider threats on the rise, you always need to consider the level of trust in employees depending on the region. This way of thinking will reflect your risk and ways you invest your money.

What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months?

In the past year I’ve seen my role as a leader change in two ways. The first is regarding the people at our company. Now that we’re coming out of the pandemic which required remote working with no possibility of travel, it has really focused my attention on ensuring that our employees are feeling happy and fulfilled, not just professionally but personally as well. When you’re fully remote you can end up working long hours and negatively impacting the rest of your life. Over the past year it has become a much more tangible part of my role to try and maintain the culture of the company and the connections between people despite these challenges.

Secondly, in the cybersecurity industry we have seen a shift from just focusing on being the best at detecting the next new threat, to helping customers effectively manage the technology they have in place. Cybersecurity budgets are not unlimited, so we are now making sure that as a company we are helping our customers do more with the technology they have without it becoming a burden on their cybersecurity teams.

What advice would you offer somebody aspiring to obtain a C-level position in the security industry?

First, if you are aiming for a C-level position you already know all the ins and outs of the industry. However, as I’ve mentioned before, it is important to remember that 100% security doesn’t exist and if you are to obtain a C-level position, you are expected to walk a fine line, balancing your investment and business’ need against operational resiliency and risk reduction. You must always keep this equation in mind, seeing the big picture and reminding yourself not to focus on one thing.

Click below to share this article

Browse our latest issue

Intelligent CISO

View Magazine Archive