We ‘Go Phishing’ with Ellen Benaim, Templafy’s first female Chief Information Security Officer
What would you describe as your most memorable achievement in the cybersecurity industry?
My most memorable moment is probably an obvious one – becoming Templafy’s first female Chief Information Security Officer (CISO). To reach a c-suite position in any field is an achievement, but to be a female CISO is a significant milestone in tech – it’s a marker of progress in an industry where women are still underrepresented. I experienced a fairly quick progression to CISO within two years, which I think underscores the joint impact of dedication and the supportive environment at Templafy that allowed me to grow and lead.
What first made you think of a career in cybersecurity?
My interest in a cybersecurity career really took hold when I was 15 and on a school trip to an IBM roadshow. I was fascinated by the servers and the technical complexity of the infrastructure on display. This early exposure, combined with my father’s software engineering background, was ultimately what helped me decide what I wanted to do in the future.
What style of management philosophy do you employ in your current position?
I try to embody a management style that emphasises collaboration, communication and trust. I think it’s really important to foster an environment where teammates feel comfortable asking questions and taking initiative. Micromanaging isn’t my thing at all. I prefer empowering my team and encouraging openness, and I try to act as a facilitator who removes the roadblocks in the way of people’s success. Leading with empathy and transparency is my goal.
What do you think is the current hot cybersecurity talking point?
The rapid adoption of AI across organizations is the biggest conversation right now – especially how to get visibility into where and how it’s being used across a growing number of platforms and applications. Many companies are applying legacy security approaches to AI, but the reality is, we may not yet have the right tools or frameworks in place to keep pace. Securing AI requires a shift in mindset, not just technology – and we’re only just beginning to bridge that gap.
How do you deal with stress and unwind outside the office?
I play hurling (Irish field sport) with my teammates. It’s a fast-paced, physical sport that demands focus but what I really enjoy is the energy I get from playing as a team. On the other end of the spectrum, I also enjoy going on walks or hikes. It’s a way to slow down and clear my head.
If you could go back and change one career decision what would it be?
It’s less about changing a specific decision and more about reinforcing a principle: even in a C-level role, I would’ve been more intentional about carving out time to stay hands-on with emerging technologies. It’s easy to shift fully into strategy and leadership, but staying close to the tech – especially with something as transformative as AI – is invaluable. Prioritising that ongoing, practical learning keeps your decisions grounded and your perspective relevant.
What do you currently identify as the major areas of investment in the cybersecurity industry?
A key area is upskilling – particularly around how to use and secure machine learning and AI. As these technologies become more embedded in business operations, understanding how they work is essential to protecting them. You can’t effectively secure what you don’t understand, so investing in talent that can bridge both domains is critical.
Are there any differences in the way cybersecurity challenges need to be tackled in the different regions?
Absolutely. One of the most noticeable shifts is the growing emphasis on data sovereignty – particularly between the US and the EU. This creates regional variations in how data can be shared, processed and stored, which in turn influences how threat intelligence is exchanged and how we respond to cross-border threats, including state-sponsored attacks. These legal and operational boundaries are shaping how cybersecurity strategies must adapt at a regional level. I hope this is a temporary phase. Ultimately, I believe we’ll move toward stronger data alliances that enable more unified, global responses to cyber threats because attackers don’t respect borders, and our defenses shouldn’t be limited by them either.
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months?
Over the past year, my role has shifted from focusing solely on protection to actively enabling secure innovation – especially as AI adoption accelerates. I now work more cross-functionally, embedding security into product development, compliance and culture. As for the year ahead, I expect this to deepen, with a focus on managing AI risk, automating compliance and fostering security-first mindsets across teams.
What advice would you offer somebody aspiring to work in cybersecurity?
Just do it! Don’t be afraid to jump in. It can seem daunting and intimidating but that changes quickly once you get stuck in and keep an open mind. Don’t be put off by the field’s complexity or the perception that it’s only for highly technical experts. There’s plenty of room for diverse backgrounds and skill sets and the most important thing is to be curious, proactive and willing to learn. We should work on revealing Cyber as a choice earlier on in the education system.
Do you have any predictions for the new year? Any new trends or technologies shaping the market in 2025?
In 2025, End User Behaviour Analytics (EUBA) is becoming significantly more effective, marking a clear shift from reactive security to proactive defense. Advances in machine learning are enabling EUBA tools to better baseline normal activity and detect subtle behavioral anomalies, whether it’s compromised credentials, insider threats, or lateral movement, before they escalate.
The improvements in accuracy and contextual awareness are reducing false positives and allowing security teams to act faster and with greater confidence. As EUBA matures, it’s proving to be one of the most practical and high-impact applications of AI in cybersecurity today, easing analyst workload and strengthening overall threat detection.
