On the lighter side of things, we Go Phishing with Stuart Jubb, Group Managing Director, Crossword Cybersecurity, about what makes him tick.
What would you describe as your most memorable achievement in the cybersecurity industry?
This would definitely be being part of the founding team at Crossword. It’s been such a hugely memorable experience growing the business from a blank sheet of paper to more than 65 employees, across four countries and working with some big global clients. I do think a lot of people underestimate just how hard that is and the challenges that you face in achieving that.
What first made you think of a career in cybersecurity?
I had always wanted to do something entrepreneurial after I left the army, and after a few years working at KPMG, I began to look for opportunities within industries that had a lot of high growth potential. I met Tom Ilube back in 2015 when he had just started Crossword as a technology transfer company – he really sold me on his vision around commercialising university research in cybersecurity. Since then, we’ve obviously grown and evolved across the business, but it was that initial vision from Tom that made me want to join the industry.
What style of management philosophy do you employ with your current position?
I try to let my teams be as autonomous as possible. I set the overall strategy and give people the support and resources they need to execute that strategy, but my teams have decision making capabilities and the autonomy to set and complete to work around the strategy. I also work collaboratively with my teams, as I do think it’s easy as a leader to forget that it’s ok to not know all the answers, so it’s important to ask for opinions from your colleagues while mulling over tricky problems. Seeking out those opinions from others is also a good way to get overall strategic buy-in and can help avoid making stupid mistakes.
What do you think is the current hot cybersecurity talking point?
This will not come as a surprise to anyone, but Artificial Intelligence, in particular the pace at which large companies are implementing Generative AI and LLMs. We have heard the phrase ‘this is the fastest adoption of new technology we have seen’ from a few CISOs and they are worried that their companies are not taking into account some of the cybersecurity risks associated with the adoption of GenAI and LLMs.
How do you deal with stress and unwind outside the office?
Reading and sport mainly, but also walking the dog and seeing friends. I try to be quite disciplined and to switch off after work and at the weekends, but that is not always easy. I used to play rugby, run and swim a lot, and I also took up Brazilian Jiu Jitsu in my 30’s, but my body is now telling me that it needs to do something less attritive. So, after not playing properly since I was a teen, I have taken up golf again, with limited success so far.
If you could go back and change one career decision, what would it be?
Possibly taking more entrepreneurial risks when I was younger. I think you have a lot of opportunities to take more risks in your early 20’s, and although I joined the army, I could have perhaps done something more entrepreneurial earlier in my career. I am making up for it now though.
What do you currently identify as the major areas of investment in the cybersecurity industry?
I’ve mentioned AI, but what we are looking into at Crossword is how AI can streamline, automate and improve some of our current products and services. Generative AI excels in cybersecurity use cases that automate mundane activities and use cases that seek to address the cyberskills gap by acting as a ‘co-pilot/intelligent assistant/teacher’ to augment staff skills, knowledge and experience enabling security teams to be more productive and efficient. Therefore, it’s those use cases where we’ll see the most investment moving forward.
Are there any differences in the way cybersecurity challenges need to be tackled in the different regions?
Yes, but a lot of doing cybersecurity well is getting the basic building blocks in place, so although some regions are more advanced than others, the principles remain the same. Doing the basics well should always be the first priority, and then as you bed in your teams, you begin to layer additional defences and improve training, culture and such. We also see a lot of companies, in many regions, spend money on technology that they do not fully understand and do not need, because they believe there is a silver bullet in addressing cybersecurity. This seems to be more prevalent in regions that are still developing capability.
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months?
Given the pace of technological change, having an approach to how you are able to innovate, systematically, is becoming increasingly important. It is very easy to get caught up in the hype, invest a lot of money and then find a large company makes your technology redundant quite quickly. Taking a pragmatic approach to innovation and then understanding the right time to invest capital will be an essential skill over the next 12 months and beyond. This is directly applicable to how we advise our clients, so we are all facing similar challenges.
What advice would you offer somebody aspiring to obtain a C-level position in the security industry?
Be useful. I think a lot of people assume you need to be superhuman to secure a C-Level position and although you do need to have developed a certain degree of experience and different skills, a lot of it is being known for getting things done. I think there is a famous Barack Obama quote where he more or less says, ‘be known for getting things done.’ Having a good mentor is important, as is networking and helping other people achieve their own career ambitions.