What would you describe as your most memorable achievement?
My most memorable achievements tend to be the ones where there is a highly visible, positive impact to a customer. Quite early in my career when I was implementing an IAM system for a large media organisation, I wrote a fairly small piece of code which glued together the company’s Identity Provider and the Access Management system. For several years thereafter, I knew that every single user of what was a pretty high-profile website was depending upon my code.
Of course, impact is not always purely positive. Another example from a few years later is when I was leading an AppSec training course for a customer and one of my students, in a spirit of inquisitiveness, accidentally shut down a business-critical SQL Server via an SQL Injection vulnerability. That was not entirely positive, but it did confirm a significant vulnerability that was quickly remediated.
What first made you think of a career in technology?
When I was exploring options for university, there were two subjects of interest – music and electronics. As I investigated further, I found a course at Newcastle upon Tyne for Micro-electronics and Software Engineering, which sounded fascinating, so I went to the open day and it captured my imagination. At the time I wasn’t aware of the Arthur C. Clarke quote – ‘Any sufficiently advanced technology is indistinguishable from magic’ – but I definitely came away with a sense of magic about the place.
What style of management philosophy do you employ with your current position?
One of the most important ingredients for a successful and fulfilling career is having great managers and/or mentors to guide and support you. I have been lucky enough to have some of those excellent managers and it’s now my main priority to emulate that for my own team.
The one trait which always helped me was my manager’s ability to coach me and let me reach my own conclusions, rather than force my hand or micromanage. I believe this kind of management style is crucial for helping individuals learn and progress and so it’s now the philosophy I employ.
What do you think has emerged as the technology trend of 2023 and why?
There’s absolutely no doubt about it, it has to be generative AI and the risks and opportunities it presents to businesses. Security concerns have caught a lot of attention and led some businesses and even geographies to ban the use of tools like ChatGPT entirely. However, we can’t ignore the exciting possibilities it presents, especially for the software development industry.
One of the main benefits of working with generative AI models for developers is that they can move much faster to deliver innovation; an area that has become a significant differentiator as more companies race to meet quickly evolving customer needs, in particular their requirement for speed of new and improved services. ChatGPT for example, can be used as a partner by human programmers for a process called Pair Programming, where one writes the code and the other offers guidance and spots mistakes.
What do you currently identify as the major areas of investment in your industry?
Again, it has to be AI. At Veracode, we are using GPT technology to automatically identify software security flaws and offer remediations. This helps developers automate common fixes more quickly, so they can focus their time on more complex and sophisticated issues. This is a crucial use case as software security flaws have become a huge problem, with over a quarter of applications containing high severity security flaws.
While AI regulation is still very much in the works around the world, the technology is moving at such a pace that businesses must take advantage of its power now. However, while appropriate regulation and controls will take time to come into force, it’s important that organisations take matters into their own hands to safely implement AI. Large language models, for example, are only as good as the dataset they have been trained on. Those that use a curated proprietary dataset should be an important consideration for businesses, due to their ability to create more trustworthy and accurate results.
How do you deal with stress and unwind outside of the office?
I have a couple of different hobbies that help me take my mind away from work and unwind. On a weekend, you might find me in my workshop or perhaps more likely in the garden where I enjoy growing vegetables, though with varying degrees of success. Having a physical hobby like this has become very important to help me destress since the corporate world has found itself almost entirely virtual. It’s also very rewarding to see the fruits (or vegetables) of my gardening efforts on the dinner table!
If you could go back and change one career decision, what would it be?
Everything happens for a reason and every decision I’ve made has led me to where I am today, so right or wrong, good or bad, there isn’t anything I’d change.
What are the region-specific challenges when implementing new technologies in Europe?
There are different levels of market and technological maturity in different regions, so the challenges each region faces are often unique. However, these differences are shrinking over time, largely driven by global connectivity and cloud technology. Increasingly we see that software and infrastructure is in the cloud and so geography is less of a determining factor today than it once was, making way for other important considerations like cloud provider or the specific technology being used.
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months?
While the industry continues to be fast-moving, my role within it has remained relatively consistent. My priorities continue to be building and optimising my team to help our customers gain value from their partnership with Veracode.
What has changed and will continue to change is what that value looks like and the stakeholders we are working with. This is a continuing trend for software security where ownership is transitioning from a pure CISO-led function to a development led approach. Most organisations are somewhere along this journey already, but the pace seems to be accelerating and that means that we need to move with it.
What advice would you offer somebody aspiring to obtain C-level position in your industry?
Don’t over-specialise. That’s not to say that it’s a bad thing to develop deep knowledge of the space you are currently working in, but you shouldn’t be afraid to branch out and explore domains that are at first glance unrelated. This is true in both a horizontal (different technology domains) and vertical (strategic vs. tactical) sense.Click below to share this article