Please tell us a bit about yourself, your background, and your journey of becoming a co-founder and CTO at Whonome
I started consulting over 35 years ago to a local company. In the past 35 years, I have co-founded and sold multiple companies, mostly consulting-focused. I have also joined many other small technology companies and helped them grow. For Whonome, my business partner and I found that there is a lack of a cyber security platform to address gaps we identified while consulting. We have decided to address those gaps.
Tell us about your business, what are your organization’s vision and goals?
Whonome currently has two focus points. First is traditional consulting, this has helped us refine and define the requirements for the second aspect of our vision. Secondly, we believe there is an opportunity to change how development and IT organizations view security, and this will require a new platform to address the change. We are in the process of developing a new platform to change how mid-sized and larger organizations view cyber security.
How does your organization approach risk management and what steps are taken to identify and mitigate cyber risks?
There is no single answer to managing cyber risks. Different approaches are required for different risks. In broad strokes, we have found the NIST standard for third-party assessment is very useful when sharing information with third parties, while the DoD RMF is a better tool for internal server management.
When it comes to application development and SDLC in general, it tends to be more about hiring the right staff which aware of cyber security and approaches everything with this in mind. I have not found any process-based approach which works well for application development that overcomes organizations only giving lip service to security.
How do you see the relationship between cybersecurity and digital transformation evolving in the coming years, and what implications does this have for organizations?
Digital Transformation and cybersecurity are going to be competing for resources. It will depend on the market and business judgment which has the greater priority. In general, I predict cyber security will lose out. The result will be some significant breaches and failures of cybersecurity.
However, if the company has hit a certain size or critical mass, they are betting they can survive such an incident. The retrofit of cybersecurity will always cost more, but businesses will judge what features and time to market are more critical.
Whonome is fortunate to have the resources and time that we have not had to make such choices, and will continue to place the emphasis on cyber security first.
On a more personal note, what values are most important to you as a leader?
Honesty/Integrity lead the pack, empathy and personal growth/development follow along after. However, none of these matter if you do not have humility and respect for your co-workers.