We ‘go phishing’ Rik Ferguson, VP of Security Intelligence, Forescout Technologies, who tells us about life inside and outside the office.
What would you describe as your most memorable achievement in the cybersecurity industry?
There have been so many: induction into the Infosecurity Hall of Fame; first time on live TV; seeing my name in every major newspaper on the same day; or being invited to be an advisor to Europol’s EC3 or to join Vaultree’s advisory board. Although, the thing that gives me the most feels was founding Respect in Security in 2021 where it feels like we are actually taking concrete steps to make our industry an inclusive and welcoming one, free from harassment or abuse.
What first made you think of a career in cybersecurity?
My career in IT started largely by accident. I have long said that my qualifications at the time (1994) were ‘speaks two languages and knows a bit about computers’. That was enough to land me my first step on this long ladder which was frontline tech support for English and French speaking customers. This was for Tektronix, so not cybersecurity. I became disillusioned a couple of times and desperately wanted to find a role where I felt I was contributing to the greater good, rather than simply taking home a paycheck. I considered becoming a teacher, I even went to an open evening for recruitment at my former school, but realised I wouldn’t be able to pay the mortgage. I thought about using my tech skills in a career in law enforcement but knew that I may have to deal with CSAM (Child Sex Abuse Material) as a part of that and didn’t have the courage. Cybersecurity was my next great plan and has allowed me to fulfil that desire.
What style of management philosophy do you employ with your current position?
I hope that I am a collaborator, a connector and an enabler. I have been fortunate enough to have had the examples of some amazing people as my own managers and I want to pay that forward. I am ready to listen, to engage, to empower and to trust. I don’t really know what my philosophy is, but I know what it is not: I do not micro-manage.
What do you think is the current hot cybersecurity talking point?
If we recognise that current talking points and actual priorities are often very entirely different things, then the application of AI – specifically GANs and LLMs within an attacker framework – is definitely taking up a lot of column inches right now. The truth is though, the vast majority of threat actors do not innovate until they are forced to – there is still an abundance of low-hanging fruit and much simpler attack vectors that continue to be profitable.
How do you deal with stress and unwind outside the office?
I don’t really do stress – it doesn’t have a place in my life. I have dealt with major traumas; death, divorce, redundancy, unemployment, recessions, moving houses, moving countries and demanding jobs. I am sure that some of them, more than once, have had a physical impact on me, but I don’t consciously recognise it. I’m not sure if that’s a blessing or a curse.
I do cherish downtime though and my go-to is music. I have a pretty sizeable collection of records and CDs, which I’ve been buying since 1980 and have never stopped. I’m old enough now to have had the time to put together a decent hi-fi system, so when I need to switch off completely and get lost, that’s where I go. I also sing, write and record with a very good friend of mine, so if you ever come across ‘Clearly Deluded’ that’s us.
Audiobooks on a long dog walk are another very fulfilling obsession; my current companion is Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency by Andy Greenberg.
If you could go back and change one career decision what would it be?
If I could guarantee that the rest of my life would still unfold as it has, only then would I change anything. My professional journey has been architected by a series of mostly fortunate accidents and I am extremely happy with where I am today as a result of opportunities presented to me.
So, with that as a given, one small detour I would take (that I turned down at the time), would be to go to work in a compound in an oil field in the Sahara. Just for the sheer adventure of it, although I think the ‘months off’ part of the six months on/six months off work calendar may just about have led to my untimely demise through excess globe-trotting partying in my 20s.
What do you currently identify as the major areas of investment in the cybersecurity industry?
Software Composition Analysis, Software Bill of Materials related technologies and dynamic supply chain analysis. Recent events and recent legislation conspire to make these areas of critical focus for enterprises looking to secure their increasingly complex and increasingly digital supply chains.
Are there any differences in the way cybersecurity challenges need to be tackled in the different regions?
While it is facilitated through poor configurations, insecurity by default or design and vulnerabilities in products and services, cybercrime remains a problem that largely targets people. Training and education needs to take account of individual learning styles and cultural differences but unfortunately, right now, we seem to take a ‘one-size-fits-all’ approach.
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months?
I accepted a role at Forescout and these next 12 months will be an incredibly eventful and exciting period. Forescout has emerged as a major player in the cybersecurity world. It is fantastic to be part of an organisation that sees the rest of the industry as partners, not as competition, meaning our customers can maximise the benefit from all the security investments they have made.
What advice would you offer somebody aspiring to obtain a C-level position in the security industry?
There’s no magic wand or silver bullet. Figure out what drives you, which industry lights fires inside of you and makes you want give your all professionally and stick with that. Don’t corral yourself into a pre-meditated career path with that industry though. Experiment as much as you can, find your niche, offer your help and time to colleagues, particularly those in different roles to you. Talk less, listen more. Leave time for yourself. By the time you make it to that C-level role, your opportunities for leaving work at work will be much more limited, so until then, try to leave the work on your desk. The sun always rises again and you can pick up where you left off with renewed energy and a sense of purpose that is put into perspective by your time away.
Click below to share this article
