Considering Graham Thomson has forged a successful career in cybersecurity, it’s somewhat surprising to learn his education at the University of Glasgow was focused on genetics.
However, over the ensuing years, that foundation in scientific research and analytical thinking has proved invaluable.
After leaving university, Graham landed himself a role as a Military Intelligence Operator with the British Army, which gave him a solid grounding in the wider security field.
Moving into the corporate world, he then worked in serious fraud and corporate crime investigations at a major supermarket.
“It was a really good transition and there were a lot of transferable skills,” he explains.
“That got me thinking: ‘what does the future hold? Where are my skills and interests best placed?’ And so I pointed myself in the direction of information security, as it was then, which we now call cybersecurity.”
Intent on pursuing this new path, Graham obtained his CISSP certification and jumped head first into cybersecurity. Over the years he has worked across retail, financial services and, since 2017, in the legal sector with Irwin Mitchell as an award-winning CISO.
Despite leaving university almost three decades ago, Graham chooses to live by an ethos of continuous professional education.
He has completed numerous qualifications in areas like digital forensics, incident response, agile methodologies and project management, as well as a whole host of leadership and soft skills training.
More recently, he completed an advanced course in AI for innovation and transformation at the University of Oxford.
Graham adds: “I’ve been able to use that – plus the other skills I've developed – to implement generative AI across our business and make sure it's secure, compliant and private.”
Staying ahead of the curve
Setting and overseeing the information and cybersecurity strategy at Irwin Mitchell is certainly not without its challenges.
Chief among them is staying ahead of the constantly-evolving cyber threat landscape, although Graham admits the leading handful of threats, such as password stuffing, phishing and malware, have largely stayed the same for a number of years, while cloud configuration is becoming more of a risk as digital transformation takes place.
“Those threats are steady because they’re lucrative for the criminals behind them,” he continues. “It’s the way they are enabled and enacted that can change and you’ve got to keep up.
“If I think back to my genetics background and evolutionary biology, there's something called the Red Queen theory, which refers to the Red Queen from Alice in Wonderland running to stand still. In our industry, it’s an arms race and you have to run just to stand still and work hard to stay ahead.
“Technology itself also races ahead at break-neck speed, so keeping up is crucial. You don't want to wake up one morning and realise you haven’t modified your strategy to deal with that.”
The question of how to foster a security-aware culture is another issue keeping Graham up at night.
He emphasises the importance of understanding how employees actually work and what matters to them.
“They don't care about my security strategy,” Graham says, frankly. “They care about doing their job well and I need to help them do that securely, in a way that isn’t too onerous for them – otherwise, people just aren’t interested.”
Read the full report HERE
**************
Make sure you check out the latest edition of Technology Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
**************
Technology Magazine is a BizClik brand
Featured Interviews
We use a secure-by-design approach, integrating security measures from the inception of service design and rigorously assessing the cybersecurity practices of its supply chain