2012 was an interesting year. In the UK it was all Olympic Games and Golden Jubilees, while in the US, Barack Obama was reelected for a second term. The Mayan calendar came to an abrupt end—but the world did not—and we saw the final flight of NASA’s Space Shuttle. Amid all this, someone found the time to start up a new tech venture—a company anticipating massive transformation in networks, cloud, and cyber security. That company was Netskope.
2012 was also the year I first took on a CISO position. That year, I found myself at a roundtable sitting opposite John Kindervag, a Forrester Analyst. The CISOs in the room were all preoccupied with the question of how best to support and secure a wave of new BYOD devices—Androids and iPhones—that were taking over from the fleet of corporate BlackBerry devices and being used for both personal and corporate purposes. John was sharing new research about a concept he had helped define: zero trust.
Fast forward to 2014 and we entered the year of the Big Data Breach. That year a long line of big brand names including Home Depot, JP Morgan Chase, and Sony all became victims to a growing barrage of sophisticated cyber threats. These attacks prompted a renewed focus on data protection among my peers, and data loss prevention (DLP) saw a resurgence in popularity among savvy organisations that realised they needed to detect and prevent data theft.
2014 also gave birth to the NIST Cybersecurity Framework (NIST CSF), a unified framework created by both private-sector and government experts. It became so successful in that first year that it was incorporated into legislation and quickly established itself around the world; built upon the principles of Identify, Protect, Detect, Respond, and Recover.
2016 was the year when audiophiles around the world demonstrated against the removal of the headphone jack from the latest iPhone. In the security world, we witnessed the weaponization of email breaches of political candidates by organisations such as WikiLeaks, being used to influence voters.
Also in 2016 we finally heard about a 2014 breach at Yahoo affecting 500 million accounts, which the company had failed to disclose sooner. And the Mirai botnet emerged, unleashing DDoS attacks so large they endangered the internet itself and hinted to us all about the security challenge that the Internet-of-Things (IoT) would become.
As an audiophile CISO, 2016 was a challenging year.
The GDPR steals the show in the collective memory banks of 2018, with the enforcement date of 25th May 2018 still etched into every CISOs memory, along with the trauma of fearing being the first organisation to get fined.
Earlier that same year I joined Netskope after hearing about an exciting startup that was taking on the goliaths of the industry with an almost prescient vision for what we now know to be secure access service edge (SASE), but for which Gartner would not define an acronym for another year. I was keen to be involved.
In 2020 there was the small matter of a global pandemic to navigate, and CISOs the world over were grappling with the requirement to keep business up and running during lockdowns, without leaving all the windows and doors wide open. Those who hadn’t yet started any sort of cloud security transformation felt the worst of the pain, with appliance orders in backlog and supply chains frozen. Consumers the world over took major leaps forward in their preparedness to trust all things digital—great for continuing the flow of mortgage applications and the delivery of healthcare, but also popular among malicious actors who suddenly stopped pretending to work for DHL and all decided to impersonate healthcare providers. Let’s not mention the endless Zoom meetings and family quizzes over video call…
And that brings us home to 2022. While we are all enjoying getting back out to events and in-person meetings, the workforce that walked out of the office in March 2020 has not fully returned and we CISOs find ourselves working to secure what looks likely to be a permanently hybrid working environment. This year Russia has given us a glimpse of what a cyber warfare battle plan looks like, and the resultant quest for cyber resilience has pushed tech conversations into boardrooms in a way we haven’t seen since the GDPR or millennium bug.
As we move into budgeting season for security teams, we are seeing huge budget pressures, with inflation and challenging market conditions requiring us to do ever more with less. Security and networking teams edge closer together, mutu