Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.

Shan Lee: the CISO Old Guard

Acorn Newsbot

Junior Member
Joined
Jan 28, 2006
Posts
22,611
Reaction score
127
“I sometimes feel like the one of the Old Guard,” says Shan Lee, CISO of TransferWise. “I have been working with computers since back in the day when most people didn’t have them. I was lucky, to be honest, that my all-consuming hobby has turned into a job I love.”

Yet it wasn’t his first choice. Despite a boyhood enthusiasm for computing and technology, Shan had only one option in his mind: “All I ever wanted to do was join the Royal Air Force,” he says. Consequently, when he was medically discharged, he struggled to find an alternative vocation.

If only he’d paid more attention to his hobbies. It wasn’t until Shan was into his twenties and working as a salesman that a friend pointed out he was acting as unpaid tech support for everyone he knew – and enjoying it more than his day job. “’Why don’t you just make it your career?’ he asked me,” says Shan. “It was the best thing I ever did.”

His 24-year career progression from tech support to CISO has been alongside the very concept and discipline of cyber security itself. This has given him a unique perspective on such a fast-changing landscape: “The whole industry moves so rapidly. The biggest surprise for me has been the speed of growth, the rate of change and the massive complexity,” he says. “But then the constant change is what keeps you interested. No two days are ever the same and I still learn something new every single day.”

One thing he has learnt more recently is the importance of self-care in a role that has an alarmingly high incidence of burnout due to stress. “People are finally starting to talk about it, and people I really respect have spoken out about their own issues – one was my friend Thom Langford. That really came as a wake-up call for me. I’m think I’m probably just lucky to have never had any problems myself. I’ve worked so long in this industry that high-stress has almost become normal.”

He recounts a time in his career when he stayed at work for three days straight to respond to an incident. “It sounds crazy, but at the time you are just riding on the adrenaline,” he explains. “I think security people love the rush that comes from an incident response.” Today, he is far more mindful of his own wellbeing; he actively encourages his team to take breaks and recently went on holiday without taking his laptop “for the first time ever. I felt like I’d had my leg cut off, but when I got back to work I realised how much I had needed that break.”

He is quick to credit his team for managing in his absence and admits “working with a team is the best bit of the job. And that’s what I worry most about: losing my staff. They worry about the serious threats and I worry about losing them. Today, I think the challenge for those of us in security is building a good team and keeping them, especially as this industry offers some lucrative opportunities.”

Creating strong security teams is something he is well-versed in, having been the first security guy on the ground in Europe for Sabre and at JustEat as they grew from a startup to a public company. He relishes the pioneering challenge and has learnt a lot about identifying priorities, and the importance of creating a culture supportive of robust security.

“You train hard then fight easy,” he says, “and rule number one is always, ‘don’t panic’. That means no rash decisions. Preparation and planning are key. We run regular exercises so we know how to react when things happen, and even then it is with urgency and not panic. We respond in a measured and deliberate way.”

He is also a firm believer in the power of culture and the importance of people when it comes to security. “If people aren’t educated properly they can become a point of vulnerability, but if you train them carefully and promote awareness, people can be your best defence. I really strive to promote this at the organisation – we have an amazing security team and all the technical controls we need, but at the end of the day, people doing the right thing is what matters.”

This extends right up to the top of the business. “You have to have a completely integrated cyber security program,” says Shan. “It needs to be part of everything you do as a business, all the way through the lifecycle, or else you will always be playing catch-up. You’re never going to win.”

He recognises that there was a period when CISOs were “being thrown under the bus” and Boards would close ranks against the security team, “but I think those days are past. The industry is waking up to the inevitability of cyber attacks and recognising the benefit in having a CISO with experience of managing them. There is more understanding today.”

For a life-long computing aficionado, Shan embraces the changes that technology is bringing to the world. “We can’t sit still, but every advance has its own peculiar problems, so there will always be more to do. It keeps people like me in a job.”

And when he finally comes to hang up his boots, “many years from now”, Shan has a list of non-security related hobbies that he wants time to explore. “I’m a Land Rover fanatic,” he admits. “I have three different ones and I love overlanding in them when I have the time.” That said, even the thought of retirement makes him a little uncomfortable. “It’ll be hard to leave security completely,” he admits. “I might have to work part time as a consultant. I just love what I do too much.”

Hear more from Shan Lee in our Security Begins Here series or check out his security advice for FinTech.

The post Shan Lee: the CISO Old Guard appeared first on Nominet.

Continue reading...
 

The Rule #1

Do not insult any other member. Be polite and do business. Thank you!

Members online

☆ Premium Listings

Sedo - it.com Premiums

IT.com

Premium Members

Latest Comments

Acorn Domains Merch
MariaBuy Marketplace

New Threads

Domain Forum Friends

Other domain-related communities we can recommend.

Our Mods' Businesses

Perfect
Laskos
*the exceptional businesses of our esteemed moderators
General chit-chat
Help Users
  • No one is chatting at the moment.
  • Helmuts @ Helmuts:
    please
    brave_qptn86fptt-png.4616
  • D AcornBot:
    DLOE has left the room.
  • Helmuts @ Helmuts:
    also, please keep the restriction in regards to posting > posting permission should be available to members only
  • Daniel - Monetize.info @ Daniel - Monetize.info:
    Welcome everyone!
  • Helmuts @ Helmuts:
    @Daniel - Monetize.info
    chrome_8fedcfysiy-png.4617
    .. can you see this one?
  • Helmuts @ Helmuts:
    nice, isn't it? :)
  • alan AcornBot:
    alan has left the room.
    • Wow
    Reactions: Jam
  • alan AcornBot:
    alan has joined the room.
  • alan AcornBot:
    alan has left the room.
  • alan AcornBot:
    alan has joined the room.
  • Helmuts @ Helmuts:
    Hi Alan
  • Helmuts @ Helmuts:
    long time no see
  • Helmuts @ Helmuts:
    hows parachute doing?
  • Helmuts @ Helmuts:
    :) huhhh.. Joe Rogan has just published an interview with Donald Trump
    To view this content we will need your consent to set third party cookies.
    For more detailed information, see our cookies page.
  • Helmuts @ Helmuts:
    almost 3 hours..
  • Helmuts @ Helmuts:
    morning all :)
  • Helmuts @ Helmuts:
    .. is anyone going to domain day in Dubai or icann Turkey?
    • Like
    Reactions: gdomains
  • boxerdog AcornBot:
    boxerdog has left the room.
  • Helmuts @ Helmuts:
    Greetings from Istanbul, Turkey!
  • alan AcornBot:
    alan has left the room.
  • C AcornBot:
    cav has left the room.
  • BrandFlu AcornBot:
    BrandFlu has left the room.
      BrandFlu AcornBot: BrandFlu has left the room.
      Top Bottom