Proofpoint’s Senior Director, John Bakewell, explains the need for extensive cybersecurity as a consequence of the rise of hybrid working
Q. As one of the world’s leading cyber security companies can you tell us about some of the customers you work for?
Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyberattacks. Leading organisations of all sizes, including 75 per cent of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web.
Globally, we work with some of the world’s top banks, retailers, pharmaceutical companies, and research universities, as well as other sectors.
Q. As Senior Director of engineering can you tell us about your journey and what attracted you to Proofpoint?
I’ve been working in the software industry for more than 25 years and in various leadership roles for more than 15 years. Prior to joining Proofpoint much of my career was spent in start-ups with a particular focus on Fintech, which became particularly interesting in the mid-to-late 2000s.
I joined Proofpoint nine years ago, shortly after the acquisition of a Belfast-based start-up called Maildistiller. In addition to being interested in a move into cyber security, I was attracted by the opportunity to apply my experience in growing and integrating engineering organisations post-acquisition.
Due to the nature of the role, I had several interviews with Proofpoint and everyone I spoke to was amazingly friendly and extremely tech-savvy – probably my top two criteria for both my employers and employees.
Q. Over the last decade Proofpoint has expanded rapidly in NI. Can you tell us how has the nature of cyber threats has evolved over this time?
While cyber risks continue to evolve, one aspect remains constant: people play the biggest role in cybersecurity incidents and data breaches. The new daily routine of "working from anywhere" in the wake of the pandemic has increased companies' attack surfaces. With employees accessing business information and systems from multiple platforms, devices and locations, protecting sensitive and business-critical data has never been more difficult.
Additionally, data doesn't get lost on its own. For example, data is either stolen by an external attacker via compromised credentials, forwarded to an unauthorized third party by a careless user or stolen by a malicious employee who often passes it on to a competitor. It is now more important than ever to protect against all of these threats and to take technical measures to ensure that sensitive data is protected.
Q. What would you consider the major threat to a company’s cyber security is today and how can they best protect against ‘bad players’?
The modern threat landscape is rapidly evolving - with larger attack surfaces, more access points, and increasingly sophisticated cyberattacks. A robust cybersecurity posture must take into account people, process and technology – in that order!
Regardless of the type of attack, cybercriminals are exploiting the human factor. Whether it's imposters posing as trusted colleagues or increasingly convincing phishing emails with malicious links, it's end users who are on the front line of defence against cybercriminals.
That's why a people-centric strategy is a must. Organisations must start by identifying the most vulnerable users and ensure they are given the knowledge and tools they need to protect their business.
From a technical perspective, the old approach to data security simply doesn't work anymore. Organisations need to invest in solutions that protect their information, fight against insider risks, and protect the modern network perimeter - from the endpoint to cloud applications, email and the Internet.
Q. The implications of a cyber attack on an organisation can be enormous – can you give our readers a sense of just how serious these can be?
A successful cyberattack can cause major damage to organisations no matter their size or industry. From lack of access to critical data, to shutting down fuel supplies and disrupting critical healthcare services – there is a range of potential fallouts.
For example, just earlier this year, the Conti group brought Ireland’s health service to its knees and shut down hospitals with a ransomware attack. That attack had a ripple effect, compromising other managed service providers that used the company’s remote management software.
These high-profile breaches had profound economic and security implications. They once again showed the world just how vulnerable critical infrastructure and supply chains can be when targeted by cybercriminals. The exorbitant ransom demands in some incidents also led governments to weigh regulations banning payments to cybercrime groups
Q. From an individual’s point of view, what advice do you give to friends and colleagues to protect their own personal security online?
Always think before you click – attacks are not always immediately obvious, and emails and messages that appear from friends and colleagues should not be assumed to be safe. With this in mind, be highly suspicious of free gifts or wording that makes you feel like you should act urgently.
Q. What essential skills are required for anyone wishing to consider a career in Cyber Security?
The modern cybersecurity team is as much about its people as it is about technology. To stay ahead of increasingly varied and complex threats, teams must be robust, flexible, highly skilled, and perhaps most importantly, diverse.
Speaking from the perspective of someone who interviews engineers on a regular basis, the first thing I look for in a candidate is that they are passionate and curious about technology – these characteristics will take you a long way regardless of the specific domain you’re focusing on. The next characteristic I look for is a problem solving mindset, as that is key part of what we do, we solve challenging problems for customers.
Ultimately, the cyber threats we face are instigated by those from all walks of life. Deployed by those with varying skill levels, from different cultural, class and economic backgrounds. To ensure our industry can continue to stand up to these threats, we need to make sure the teams we put in place to fight them are just as diverse.
Q. What advice would you give to anyone who would like to change careers and re-skill to develop a career in Cyber security?
Fundamental to success in any career is doing something that you find interesting and rewarding, so if technology fascinates you and you like the idea of building products that protect people and businesses from fraud, don’t let having a non-technology background put you off!
Some of the best technologists I’ve worked with over the years re-skilled from non-technology degrees such as mathematics, music and geology. Conversion courses and internships allowed them to rapidly move into full time roles as Software Developers and QA Engineers, from where they went on to build highly successful careers in cybersecurity, Fintech, Telecoms and a wide range of other domains.
If you don’t want to take the plunge into a conversion course right away, there are countless online tutorials that will allow you to dip your toe in the water – I’d recommend trying out Python, Javascript or Go.