Cyber Heard Special: The Fantastic 12 with Ian

Every so often a conversation runs long because it's too good to cut short. This is one of them.

Ian has spent over 30 years in Cyber Security, from the early days in defence through to two decades working for himself as a consultant and enterprise security architect. He's a keynote speaker and a working stand-up comedian. A former mechanic from Liverpool who, by his own cheerful admission, is "unemployable". Twelve questions. No corporate answers.

1. What does your day-to-day actually involve?

Most of it as a CISO or enterprise security architect is strategy, documents, designs, dealing with whatever incident lands that day. But one day I'll do that, and the next I might be in Amsterdam doing a keynote on how humour works within cyber, or why it matters to treat your staff with respect. I know we all know that stuff, but sometimes you have to spell it out.

2. What tools or platforms do you work with most?

I'm at a stage of life where I try not to be on the tools anymore. It's a younger person's game and I turned 55 on Sunday. The one thing I'll admit to is the AI platforms. They help me focus my thoughts. But the important bit is I've got the experience to look at the readout and tell whether it's blowing smoke up my backside, which it generally tends to do. It also helps with my terrible report writing of Scouse English.

3. What's the biggest challenge organisations face today?

Not respecting their colleagues as well as they should. We use terms like "human firewall", which is a horrible term. Would you call someone a human shield? We talk about people as if they're a piece of technology. And we lack real leaders. Simon Sinek has a lovely line in Leaders Eat Last. When you lead, people aren't in your charge to command, they're in your charge to look after. Too few people get that.

4. How is AI impacting Cyber Security teams?

People hear AI and they think Terminator. I need your boots, your jacket and your bike. We look at the end of the world instead of a tool that can help. It's like social media, or telling your kids not to smoke. Ban it and they'll find a way round it. That's how you get shadow AI, people quietly uploading work documents to a chatbot. It's just another tool. Let's work out how to use it well.

5. AI is attacking and defending at the same time. How do you stay ahead?

We've always been behind. Doesn't matter if it's an AI world or a caveman world, someone has always wanted to steal your stuff, whether that's nuts and berries off the savannah or your product blueprints. I once had a chat with someone senior at Interpol about the gangs operating across Europe. They're set up as proper organisations. A CEO, a CFO, a chief marketing officer, all on the dark web, the top people on serious money. What separates us from them is right and wrong. And on defence you accept you'll always be a step slower, because you have to be right every time. They only need one chink in the armour.

6. Some organisations are cutting budgets, assuming AI can replace specialists. What's the reality check?

When I use AI, I vet everything that comes out of it. If I just fired its first draft at a customer, they'd think "what a load of rubbish" and I'd be found out fast. Replacing a human with a bot is the same. Will it happen to a degree? Yes, it's inevitable, it's evolution. But where we evolve as practitioners is the sense-checking on the other side. AI is the steam engine. We need to work out what our role is as we move forward with it.

7. Where does AI genuinely help your work?

Report output, and reviewing documents. If I've got 4,000 documents to get through, that's a month of Sundays. But I can skim them, then ask AI to look deeper for consistency, for gaps I might have missed. Desensitised first, of course. My actual trade is a mechanic. I was an apprentice for four years. Back then I'd have been the AI bot, the lad they sent to fetch the spanners and the nuts and bolts. That's all it is. A tool, a process. We'll just evolve.

8. What's the one job you'd never hand to AI?

CISO. There's no feeling in AI, no emotion, no understanding of the business and the people the way a person has. You could probably automate a lot of traditional analyst work, copying an alert into an email and sending it on. But here's the catch. Automate too many junior jobs and you lose the people who become your senior people of the future. AI should complement us, not replace us.

9. What's the misconception that frustrates you most?

That we're here to secure the business and say no. We're not. We're here to help the business make better decisions based on risk and impact. A CFO doesn't lock the cash in the bank, they manage cash flow so the business runs properly. That's our job too. But we're too opinionated, too vocal, we want to say no to everything. You've met enough of us to know we love the sound of our own voices. Which is probably why I ended up in stand-up.

10. When the business wants speed and security wants caution, how do you decide where the line sits?

Security are the brakes. But brakes aren't there to stop you travelling. They're there to help you stop safely when you're going really fast, to stop when you need to without smashing into the wall. So show the business the risks and the upsides, here's the downside, here's the benefit, and then you make the call, Mr or Mrs CEO. It's their decision.

11. What advice would you give organisations trying to improve their posture?

Start with the basics. Don't try to boil the ocean and don't go hiring really expensive consultancy firms. I'm a very cheap date. Good policies, good education, a sensible patching regime. You might have 10,000 vulnerabilities, but which ones actually threaten your business? Apply business context. And the stuff you genuinely can't control, like a nation-state walking in, honestly, forget about it. Worry about what you can control.

12. Do you feel like you're actually winning, or just trying not to lose?

I feel like a 55 year old mechanic waiting for someone to tap him on the shoulder and say, you've had a decent 30 year career, now put your overalls back on and get back under the bus. I grew up working class in Liverpool in the 80s. This career didn't exist when I left school, there was no internet, nothing. Cyber has given me a huge amount of enjoyment and friendship. So yes, I'm always looking over my shoulder. But that's the bit that pushes me forward and stops me taking any of it for granted.

This was a Cyber Heard Special. New interviews published regularly, with real perspectives from the front line.

Work with invitise →