Sam Curry, Chief Security Officer at Cybereason
What does ‘security’ mean to you?
Security is about managing the risks from conflict. Security is a second order risk with an intelligently adaptive opponent, as opposed to first order risks like a hurricane or COVID-19 which adapt but don’t demonstrate intelligence.
What made you want to work in the industry?
I didn’t! I wanted to go into the biotech industry in the early 90s, but I wound up working with an amazing group of people in a startup, and I was hooked. It took me nearly a decade to realise the reality: I basically am a “defender” by nature. Security became my home and is my passion.
If you could change anything in the industry, what would it be?
I wish we could bridge the divide between security as a department and a discipline and business in most organisations. To most businesspeople, security is an arcane, scary, minor function; and to most security people, the business is similarly intimidating and distant from daily activities. If I could wave a wand and change anything, it would be to bridge security and the business as universally as possible.
Describe a funny thing that happened to you recently?
While I was participating in a panel with 300 attendees, my five-year-old son wandered in and just started talking to me, then turned to the computer and waved. And it was funny and just fine, and I think people attending enjoyed the moment. He interrupted a couple more times, but that’s life in 2021!
What’s the most important trend you see today?
The most important general trend is the commercialisation and incentive to innovate on the dark side. Attackers are functioning like a mirror of legitimate industries. It’s the dark photo negative of Silicon Valley, and disincentivising this, getting more effective on defense, and making life as hard and expensive as possible for attackers should be our number one mission.
What three words define you?
Defender, Trustworthy, Do-er
If you didn’t work in security, what would you be doing?
I’d probably be involved in protecting people in some other way as it’s a huge part of me.
What’s the most interesting thing about you that we wouldn’t learn from your CV?
A few things come to mind: I am doing graduate studies in Counterterrorism, I used to play semi-pro Rugby, I speak 7 languages, and I was once struck by lightning.
What is one thing you would make compulsory in the office and one thing you would ban?
Compulsory? Shorter meetings. When they are done, they are done. They should also never exceed 90 minutes, and even that should be rare. For a ban, don’t look at your phone unless it’s an emergency.
Where do you see yourself in 5 years?
People might be surprised to know this, but I don’t plan that far ahead. Life is very stochastic and brownian, so I am in the business of doing what I care about and believe in and maximising my potential to do more of that.
Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 920