Greg van der Gaast is a pioneering cybersecurity speaker and thought chief recognized for his unconventional journey from notorious hacker to world safety government.
With a long time of expertise spanning technical operations, management, and technique, Greg challenges outdated safety norms and advocates for business-aligned, human-centric approaches to cyber defence.
We spoke with Greg to discover the teachings of his early hacking years, the persistent vulnerabilities nonetheless dealing with UK companies, and the way management in cybersecurity should evolve to drive significant, lasting impression.
Your early profession as a hacker is broadly recognized, and even labelled as notorious. How did these formative experiences form your perspective on cybersecurity, and in what methods did they in the end affect your transition into moral hacking and cyber defence?
It’s fascinating as a result of, in a method, it gave me an consideration to element round what causes breaches. However, considerably surprisingly, I believe what it influenced most was my defensive mindset.
Again then, you constructed a pc, put in your working system, after which joined a chat room stuffed with hackers. We didn’t have broadband or residence routers. Your laptop was instantly linked to the Web, and there have been no firewalls but.
Should you hadn’t secured it — locked it down, patched the whole lot, up to date the whole lot — laborious drives nonetheless made noise again then, and about 30 seconds after becoming a member of that chat room, your laborious drive would begin making a number of noise. Issues would begin shutting down, and also you’d should reinstall Home windows.
So, oddly sufficient, that’s most likely what caught with me probably the most — making completely positive that the whole lot is correctly locked down.
Companies throughout all sectors are more and more underneath risk from cyberattacks. In your view, what’s the most important and chronic cybersecurity risk dealing with UK organisations at the moment? And why does it stay so tough to deal with regardless of years of consciousness?
Everybody will say ransomware, however ransomware is actually only a payload — it’s a manner of monetising a breach. What’s really stunning is that the best way firms get breached, the best way attackers get in, hasn’t essentially modified within the 25 years I’ve been doing this.
Persons are nonetheless not constructing techniques correctly. They’re not sustaining them correctly. They’re nonetheless not doing asset inventories, they’re not patching successfully, their processes are poor, they usually lack consistency in how they function. It’s like residing in a home with a thousand doorways and home windows, with a number of of them consistently being left open.
That’s how attackers get in.
For big companies and organisations, you want a holistic, business-aligned safety method — one which’s genuinely proactive and built-in with how the enterprise operates. That’s the way you give you efficient, sustainable methods of doing issues, as a substitute of counting on the present safety established order, which is basically: ‘simply purchase one other software’.
Cybersecurity is commonly mentioned in extremely technical phrases, however efficient management within the area goes far past frameworks and compliance. In your expertise, what defines true management in cybersecurity? And what’s lacking from how the trade at the moment approaches it?
I believe management is management. It shouldn’t be outlined by cybersecurity particularly.
I see so many management programs in cybersecurity centered on tech, frameworks, compliance — issues like that. However I’ve discovered that with the ability to have a correct, human dialog with an government is extremely refreshing for them.
Communicate in plain English. Don’t be that actually boring individual nobody desires to ask to dinner. You’d be shocked how far more traction you get if you talk clearly and brazenly.
In safety, we’re usually shielded as a result of individuals don’t actually perceive what we’re speaking about — we’re the ‘geeks’. And when one thing goes incorrect, nobody desires to cope with us.
I used to be at a convention a number of years in the past the place boards have been requested why they fund their safety groups or give CISOs cash. The preferred reply — at 35% — was merely to make them go away. Not as a result of they’d justified a method, method, or ROI, however as a result of they have been seen as annoying or tough to be round.
I don’t consider safety ought to be handled purely as a value centre — and I imply that past simply threat. Safety ought to present worth to the enterprise — ideally, it ought to assist generate extra income than it consumes. And in case you’re lowering threat within the course of, that’s a bonus.
Reflecting in your journey, from technical experience to management on the board degree, what’s one piece of recommendation you’ll supply your youthful self — or to others simply beginning out — to assist them develop each professionally and personally within the cybersecurity house?
I’ve had a vastly transformational journey. I suffered from what I name “Rockstar Syndrome” at an early age — I used to be very technically robust, fairly boastful, extremely licensed, and doing plenty of issues.
Finally, I hit a degree in my profession the place issues turned fairly dire. I believed, “I could as effectively simply give away the whole lot I do know.” And that’s when the true transformation occurred — after I began sharing the whole lot I knew, serving to others with out anticipating something in return.
That’s when the popularity began. Folks started to see that I really knew what I used to be speaking about. It mechanically positioned me as an authority, and that modified the whole lot. It opened the door to the management roles I now maintain, working on the C-level and board degree, main my very own groups.
And my groups. They’re not simply colleagues. They’re my individuals. They’re like household. I really like them to bits.
Picture by Ayrus Hill on Unsplash
This interview with Greg van der Gaast was performed by Mark Matthews.
Wish to study extra about cybersecurity and the cloud from trade leaders? Take a look at Cyber Safety & Cloud Expo going down in Amsterdam, California, and London.
Discover different upcoming enterprise know-how occasions and webinars powered by TechForge right here.
