Graham Thomson

Graham Thomson

CISO at Irwin Mitchell

Irwin Mitchell
Share
Graham Thomson reveals the numerous challenges and opportunities keeping him up at night as CISO at UK-based legal powerhouse Irwin Mitchell

Considering Graham Thomson has forged a successful career in cybersecurity, it’s somewhat surprising to learn his education at the University of Glasgow was focused on genetics. 

However, over the ensuing years, that foundation in scientific research and analytical thinking has proved invaluable. 

After leaving university, Graham landed himself a role as a Military Intelligence Operator with the British Army, which gave him a solid grounding in the wider security field. 

Moving into the corporate world, he then worked in serious fraud and corporate crime investigations at a major supermarket.

“It was a really good transition and there were a lot of transferable skills,” he explains. 

“That got me thinking: ‘what does the future hold? Where are my skills and interests best placed?’ And so I pointed myself in the direction of information security, as it was then, which we now call cybersecurity.”

Intent on pursuing this new path, Graham obtained his CISSP certification and jumped head first into cybersecurity. Over the years he has worked across retail, financial services and, since 2017, in the legal sector with Irwin Mitchell as an award-winning CISO. 

Despite leaving university almost three decades ago, Graham chooses to live by an ethos of continuous professional education. 

He has completed numerous qualifications in areas like digital forensics, incident response, agile methodologies and project management, as well as a whole host of leadership and soft skills training. 

More recently, he completed an advanced course in AI for innovation and transformation at the University of Oxford.

Graham adds: “I’ve been able to use that – plus the other skills I've developed – to implement generative AI across our business and make sure it's secure, compliant and private.”

Collaborative teamwork advancing cybersecurity and innovation at Irwin Mitchell

Staying ahead of the curve

Setting and overseeing the information and cybersecurity strategy at Irwin Mitchell is certainly not without its challenges.

Chief among them is staying ahead of the constantly-evolving cyber threat landscape, although Graham admits the leading handful of threats, such as password stuffing, phishing and malware, have largely stayed the same for a number of years, while cloud configuration is becoming more of a risk as digital transformation takes place.

“Those threats are steady because they’re lucrative for the criminals behind them,” he continues. “It’s the way they are enabled and enacted that can change and you’ve got to keep up.

“If I think back to my genetics background and evolutionary biology, there's something called the Red Queen theory, which refers to the Red Queen from Alice in Wonderland running to stand still. In our industry, it’s an arms race and you have to run just to stand still and work hard to stay ahead.

“Technology itself also races ahead at break-neck speed, so keeping up is crucial. You don't want to wake up one morning and realise you haven’t modified your strategy to deal with that.”

The question of how to foster a security-aware culture is another issue keeping Graham up at night. 

He emphasises the importance of understanding how employees actually work and what matters to them. 

“They don't care about my security strategy,” Graham says, frankly. “They care about doing their job well and I need to help them do that securely, in a way that isn’t too onerous for them – otherwise, people just aren’t interested.”

Read the full report HERE

**************

Make sure you check out the latest edition of Technology Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

**************

Technology Magazine is a BizClik brand

Share

Featured Interviews

Featured

Mark Opitz

Group Head of ICT – ACCIONA Australia and New Zealand

ACCIONA Australia Head of ICT Mark Opitz on how the company’s digital transformation journey is revolutionising sustainable infrastructure development

Read More

Rachel Bence

CIO at Queen Mary University of London

Rachel Bence, CIO at Queen Mary University of London, blends her research and IT management expertise to drive digital transformation and inclusivity

Read More
We use a secure-by-design approach, integrating security measures from the inception of service design and rigorously assessing the cybersecurity practices of its supply chain
Rachel Bence
CIO at Queen Mary University of London

Kate Flanagan

Executive General Manager IM & Technology at Roy Hill

Kate Flanagan, Executive General Manager IM & Technology at Roy Hill, details her journey in the mining industry and explains what keeps her motivated

Read More

Theresa Campobasso

Senior Vice President of Strategic Accounts at Exiger

Supply chain risk specialist Theresa Campobasso cut her teeth in the US military

Read More

John Bailey

SVP of Technology & Innovation at AVI-SPL

SVP of Technology & Innovation at AVI-SPL, John Bailey, discusses a career driving innovation in communications and AV technology

Read More

Mark Opitz

Group Head of ICT – ACCIONA Australia and New Zealand

ACCIONA Australia Head of ICT Mark Opitz on how the company’s digital transformation journey is revolutionising sustainable infrastructure development

Read More