Graham Thomson

Graham Thomson

CISO at Irwin Mitchell

Irwin Mitchell
Share
Graham Thomson reveals the numerous challenges and opportunities keeping him up at night as CISO at UK-based legal powerhouse Irwin Mitchell

Considering Graham Thomson has forged a successful career in cybersecurity, it’s somewhat surprising to learn his education at the University of Glasgow was focused on genetics. 

However, over the ensuing years, that foundation in scientific research and analytical thinking has proved invaluable. 

After leaving university, Graham landed himself a role as a Military Intelligence Operator with the British Army, which gave him a solid grounding in the wider security field. 

Moving into the corporate world, he then worked in serious fraud and corporate crime investigations at a major supermarket.

“It was a really good transition and there were a lot of transferable skills,” he explains. 

“That got me thinking: ‘what does the future hold? Where are my skills and interests best placed?’ And so I pointed myself in the direction of information security, as it was then, which we now call cybersecurity.”

Intent on pursuing this new path, Graham obtained his CISSP certification and jumped head first into cybersecurity. Over the years he has worked across retail, financial services and, since 2017, in the legal sector with Irwin Mitchell as an award-winning CISO. 

Despite leaving university almost three decades ago, Graham chooses to live by an ethos of continuous professional education. 

He has completed numerous qualifications in areas like digital forensics, incident response, agile methodologies and project management, as well as a whole host of leadership and soft skills training. 

More recently, he completed an advanced course in AI for innovation and transformation at the University of Oxford.

Graham adds: “I’ve been able to use that – plus the other skills I've developed – to implement generative AI across our business and make sure it's secure, compliant and private.”

Collaborative teamwork advancing cybersecurity and innovation at Irwin Mitchell

Staying ahead of the curve

Setting and overseeing the information and cybersecurity strategy at Irwin Mitchell is certainly not without its challenges.

Chief among them is staying ahead of the constantly-evolving cyber threat landscape, although Graham admits the leading handful of threats, such as password stuffing, phishing and malware, have largely stayed the same for a number of years, while cloud configuration is becoming more of a risk as digital transformation takes place.

“Those threats are steady because they’re lucrative for the criminals behind them,” he continues. “It’s the way they are enabled and enacted that can change and you’ve got to keep up.

“If I think back to my genetics background and evolutionary biology, there's something called the Red Queen theory, which refers to the Red Queen from Alice in Wonderland running to stand still. In our industry, it’s an arms race and you have to run just to stand still and work hard to stay ahead.

“Technology itself also races ahead at break-neck speed, so keeping up is crucial. You don't want to wake up one morning and realise you haven’t modified your strategy to deal with that.”

The question of how to foster a security-aware culture is another issue keeping Graham up at night. 

He emphasises the importance of understanding how employees actually work and what matters to them. 

“They don't care about my security strategy,” Graham says, frankly. “They care about doing their job well and I need to help them do that securely, in a way that isn’t too onerous for them – otherwise, people just aren’t interested.”

Read the full report HERE

**************

Make sure you check out the latest edition of Technology Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

**************

Technology Magazine is a BizClik brand

Share

Featured Interviews

Featured

Waleed Al Saeedi

Director of Capital Projects at the Department of Culture and Tourism

Waleed Al Saeedi, Director of Capital Projects at the Department of Culture and Tourism, explores the evolving procurement landscape in the GCC

Read More

Michael Zetser

CEO of Flyfish

Flyfish has developed a unified platform for SMEs to access banking services, as traditional infrastructure struggles to meet increasing cross-border needs

Read More
While there are many financial services available, SMEs often have to manage multiple platforms for different but basic financial tasks such as payroll, international payments, and expense tracking.
Michael Zetser
CEO of Flyfish

Rujul Zaparde

CEO and Co-Founder of Zip

Believing the procurement process could be better, Rujul Zaparde and Lu Cheng created Zip, to create one front door for procurement

Read More

Deepika Rayala

Chief Digital and Information Officer at Cornerstone

Deepika Rayala is Cornerstone’s Chief Digital and Information Officer.

Read More

Andre Oosthuisen

Group Integration and IT Executive at Westfalia Fruit

Westfalia Fruit’ Andre Oosthuisen explains how the farmer and distributor has totally evolved operations through the use of technology and data

Read More

Waleed Al Saeedi

Director of Capital Projects at the Department of Culture and Tourism

Waleed Al Saeedi, Director of Capital Projects at the Department of Culture and Tourism, explores the evolving procurement landscape in the GCC

Read More