On the lighter side of things, we ‘go phishing’ with Darron Antill, CEO, Device Authority, who tells us about life inside and outside the office.
What would you describe as your most memorable achievement in the cybersecurity industry?
I’m proud to have started a company from scratch, building a software solution that our customers are investing in as a significant part of the platform or solution they offer to their end-users. Customers trust that it works, is scalable and solves real non-human Identity challenges.
I’m also proud that Device Authority won Microsoft Rising Azure Technology Partner of the Year for 2023, which was an important landmark for the business and its maturity.
What first made you think of a career in cybersecurity?
I was already CEO of a services company, where I was responsible for driving the global growth of the company by entering and expanding into new markets. Cyber was the next big thing, so building a new MSSP capability around exciting new technologies such as Checkpoint, Nokia and others led me down this path.
What style of management philosophy do you employ with your current position?
I believe in inclusive, shared and divested responsibility. This is a team approach with a leadership group. I aim to get the most from people and have them doing what they are good at. I have a personal bias towards action and getting things done.
We all have a primary job, but in any start-up or fast-growing business, people need broad shoulders. An organisation’s stars evolve from increased responsibility and leadership of key initiatives, enabling them to develop their job and grow a role.
What do you think is the current hot cybersecurity talking point?
Identities – specifically, non-human identities, due to the scale of the challenge and enormous threat landscape. AI and its use or misuse only makes this challenge even bigger and more important.
Humans are a big limiting and risk factor in all this, which automation can address. Automation eliminates the time it takes to complete all these manual processes (and the mistakes they generate) and reduces the administrative and reporting burdens.
How do you deal with stress and unwind outside the office?
Usually through an early morning dog walk – and in summer an evening walk too. This helps clear my mind and gives me thinking time away from email and message platforms. I also find playing golf with friends is a great way to de-stress. I enjoy the competitive aspect; it’s a really good release for me.
If you could go back and change one career decision, what would it be?
There is only one. When relocating back from the US, I made a poor choice but was also misled. On that basis I changed it and found my current path, so on reflection it turned out to be the right answer.
What do you currently identify as the major areas of investment in the cybersecurity industry?
Firstly, I would say AI and its related challenges – especially in the kind of connected environments you find in the automotive, medical, industrial and critical infrastructure worlds.
Then there is compliance and how to ensure you stay safe and respond to the increased demands of regulators. Thirdly, there is the identities category – how can you make the right choices to ensure you have human and non-human identities covered in the rapidly changing world of expanding IoT networks that comprise hundreds of thousands of connected devices?
Major enterprises today need to achieve zero trust on a vast scale across their IoT device networks and systems, and to comply with regulations like the SBOM (software bill of materials) requirements in the EU and US.
Are there any differences in the way cybersecurity challenges need to be tackled in the different regions?
Compliance and regulation are significant challenges and don’t just vary around the globe, they vary by vertical markets. Customers and markets make different choices and have different needs.
If you infringe the EU Cyber Resilience Act’s SBOM stipulations when fully in force you could be punished with financial penalties. In the US, if your company doesn’t meet the SBOM requirements it may be barred from contracting with the government and its agencies. But the burdens are greater in the medical sector, in which devices are regulated by the FDA in the US and the EU Medical Device Regulation in Europe.
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months?
You are always learning and evolving. There are global challenges, the need to build teams, and new go-to-market challenges as you expand. There is the need to understand markets and threat landscapes, and how the competitive, or perceived competitive landscape, evolves. New investors, new customers, new challenges – it’s an evolution, and rarely a revolution.
What advice would you offer somebody aspiring to obtain a C-level position in the security industry?
My advice? Go for it, work out your role and what you are good at, and build a team around you of those that fill the gaps. Build the company vision and plan. Solve your blind spots and always review and evolve.
