On the lighter side of things, we Go Phishing with Jasson Casey, Chief Technology Officer at Beyond Identity, about what makes him tick.
What would you describe as your most memorable achievement in the cybersecurity industry?
Moving into a role that looks at the root cause of security and prioritises prevention, rather than detection. Beyond Identity was the first company I worked with that focused on prevention of attacks like account takeover and ransomware, and this felt like a fundamental shift addressing a critical need for cybersecurity. I was proud to be a part of this movement.
What first made you think of a career in cybersecurity?
As a kid I was always curious about exploring new models of working things out and new ways of working with technology and computers. This evolved to interactive gaming and computer troubleshooting with my friends as a teenager. I guess I realised I could be interested in a career in networking and problem-solving using technology.
It was not until 2001 that I had my first interaction with cyber in my job at Netrake. I was involved in developing high performance firewalls for voice and multimedia solutions across Internet protocol (IP) networks to wireline, wireless, cable and fixed/mobile operators.
What style of management philosophy do you employ with your current position?
Trust is paramount. I work with people I trust and I have built trust over time. In my team currently I am working with ex team members from Netrake, SecurityScorecard and IronNet Cyber Security.
It is important to get to know your team, build trust and collaborate giving each team member the opportunity to thrive based on their core strengths. Trust happens when you respect your team members and lean on each other when needed.
In my team we understand that work can sometimes involve sacrifice and there is an unspoken rule that we will make sacrifices when needed to get the job done.
What do you think is the current hot cybersecurity talking point?
Zero Trust. Establishing trust outside of the corporate networks has never been more important. The rapid adjustment to more distributed workforces – and an associated explosion of devices – has dramatically increased cyberattack surface area. Furthermore, the threat environment has never been more active.
Another hot topic and buzz word I think is overrated is Artificial Intelligence (AI). It is given far too much credit, in my opinion, for the myriad of problems technologists and futurologists claim it can solve. And too many startups have jumped on the bandwagon to try and claim their part in AI transformation, which has led to misconceptions about what AI can do and has less exposed its limitations to give a balanced picture.
How do you deal with stress and unwind outside the office?
I am an exercise junky and always have been. I have to get my daily fix of exercise to be able to work well.
During the pandemic I purchased a Peloton bike, which I use to work out on daily. It gives me a hybrid balance of teamwork with individual goals and I get a real uplift from the motivational trainers and the music, especially the nostalgic tracks from my high school days.
If you could go back and change one career decision what would it be?
I don’t regret any decision I have made in my career but looking back at my education I wish I had diversified a bit more with what I studied, to be less tied to the conventional subjects.
I think I could have benefitted in studying a wider range of subjects, even if they were not directly related to my career.
What do you currently identify as the major areas of investment in the cybersecurity industry?
Identity & Access Infrastructure. Investment in identity and access management are fundamental to Zero Trust and will deliver the highest impact for security around users and devices.
Security incidents analysed in the Verizon Data Breach Report 2022 showed credentials were the most likely form of data to be compromised in both the US (66%) and EMEA (67%). By eliminating passwords and replacing weak MFA with strong, phishing-resistant authentication methods, CISOs can combat their largest vulnerability and build a robust Zero Trust architecture.
Are there any differences in the way cybersecurity challenges need to be tackled in the different regions?
No. Access is access and the same access Infrastructure Identity issues affect every country and every region with the only variants relating to the User Interface (UI) or User Experience (UX).
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months?
My role hasn’t changed but the team and structure of Beyond Identity has massively evolved. We began as a startup during the pandemic and in three years we have grown to nearly 200 employees with over 60% of the team in engineering roles.
With the most recent formal release of ‘Zero Trust Authentication’ (ZTA) as a subcategory of Zero Trust technology, my role will be working together with industry-leading security technologies and integrators to help enable organisations to move towards secure authentication and advance the Zero Trust strategies of global 5000 companies.
What advice would you offer somebody aspiring to obtain a C-level position in the security industry?
Don’t worry so much about reaching target goals, or a pathway model, but maintain your curiosity and hunger to learn more. At some point along the way people will stop telling you how to get to the next level and you will be on your own. There is no clear, obvious structure to becoming a C-level executive.
Being hungry, curious, with a thirst for knowledge and looking to others for inspiration will aid career progression.
Early on in my career I read two books that inspired me: The Supermen: The Story of Seymour Cray and the Technical Wizards Behind the Supercomputer, by Charles J. Murray and The New New Thing: A Silicon Valley Story, by Michael Lewis. I highly recommend both.