On the lighter side of things, we ask James Maude, Field CTO, BeyondTrust, what makes him tick.
What would you describe as your most memorable achievement?
I think my most memorable achievement was a proactive endpoint security control I designed after analysing thousands of malware samples, called Trusted Application Protection. The reason it is memorable to me is I was talking with a customer who worked in IT at a large hospital, and they explained how the control had prevented them from getting hit with ransomware by blocking a phishing document from launching its malicious payload. It was one of those times that the human impact of the work we do really hit home, and that interaction has shaped a lot of my thinking ever since.
What first made you think of a career in technology?
I had a slightly unusual route into technology; I was always fascinated by technology and would regularly take things apart to understand how they worked. As a teenager, I discovered the early Internet and things quickly spiralled as I discovered the world of hackers who shared my interests in taking things apart and making them work differently. This later caused me to be thrown out of school for hacking all the school systems.
I spent the next decade working in various jobs and studying in my spare time – I was still learning about technology and how to bend and break it, but I knew I didn’t want to be a developer or IT admin. Then a new degree programme in Digital Forensics came out, and after reading the course description, I decided this was where I wanted to be, peeking under the hood of technology. The degree got me interested in technical research and I was offered a research and teaching role at the university which later led to my roles in industry doing security research and engineering.
What style of management philosophy do you employ in your current position?
Don’t hire smart people to tell them what to do. Hire smart people who can help tell you what to do (I think I stole that from Steve Jobs). When working with talented technical people I find the best approach is to focus on clearing a path for your team, unblocking issues and ensuring they can succeed.
A few years ago, I read employees feeling their time is being wasted is a bigger issue than compensation, company culture or anything else. This aligns with my management philosophy of clearing a path and giving people the opportunity to do the things they are passionate about.
While it is important to take your work seriously you should not take each other too seriously; having fun and being as transparent as possible really goes a long way in building a high-performance team. It also helps build a culture where you celebrate wins and losses together as long as you keep learning along the way.
What do you think has emerged as the technology trend of this year and why
AI, AI and AI. It is hard to read the news, watch a webinar or look at a new product without the mention of AI. It feels like it is impossible to launch anything in 2024 without talking about AI. Now as a technical practitioner, I struggle with this a bit because a lot of the AI hyped capabilities aren’t actually AI – at best they are Machine Learning or even basic statistical analysis and at worst some hard-coded chatbot that only has five predefined responses.
Despite all the smoke and mirrors, there is a great deal of value we can get out of AI if we focus it on the right business problems and stop thinking about it as a panacea.
What do you currently identify as the major areas of investment in your industry?
Identity security is a big area for investment currently as attackers have learned it is easier to log in than hack in. With the migration to cloud and SaaS solutions, identities have become a key target – if you can compromise a user’s identity, you can log into cloud systems, access cloud apps and exploit the privileges and access they have within the environment.
With major names like Microsoft getting compromised by identity centric threats, the industry is waking up to how pervasive and powerful these identity attacks are.
How do you deal with stress and unwind outside of the office?
I am fortunate to work remotely in a rural area where I can get outdoors to hike, run or mountain bike. In my role, I rarely have a typical 9-5 day so having an area of natural beauty on my doorstep means I can get outdoors when I can and unwind. If all else fails, I also have a small cold plunge pool which is a great way to force you to focus on staying alive and put all other worries to the back of your mind.
If you could go back and change one career decision, what would it be?
I am a big believer in fate, and I wouldn’t want to change any decisions in my career as I have learned from every opportunity I have taken along the way. Things haven’t always been easy; I have had roles that were certainly not enjoyable, but they have allowed me to learn what matters to me and what I care about most.
What are the region-specific challenges when implementing new technologies in Europe?
There are a few challenges facing new technologies in Europe, due to the geopolitical turmoil in the region; both threats and inflation have been rising. This puts pressure on businesses that need to do more with less in many cases. This gets further compounded by skills shortages in the region as global markets compete for cybersecurity talent. Some of the European regulations such as GDPR or the German Works Council can introduce challenges when working with more US-centric technology deployments, but this aspect seems to be improving.
Despite all the challenges, there is a wealth of opportunities in the region as well. We have seen the EU strengthening regulations around cybersecurity and the introduction of the European Union Agency for Cybersecurity to promote awareness and support member state and businesses in dealing with cyberattacks.
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months?
In the past 12 months, my role has shifted significantly as I have moved from being Director of Research, where I managed and rapidly grew a global technical research team, into Field CTO, providing technical leadership and strategy, as well as engaging with clients and partners in the field.
Over the next 12 months I think this role will continue to develop as I transition into a more strategic initiatives, in response to the growing identity security challenges we face as an industry.
What advice would you offer somebody aspiring to obtain C-level position in your industry?
Have a solution mindset and be willing to take on challenges that push you out of your comfort zone. There are lots of people out there who can see something is going wrong but if you want to lead, you need to be the person that has a solution or wants to help fix things. It is also important to think about the business as a whole, so having a wider appreciation of all aspects of the business is valuable. This not only helps you understand other teams’ perspectives but allows you to be far more effective in your own projects, especially at C-level.
Finally, I think it is important to have a reason and a passion; find a problem that you care about solving. Do you want to be CTO at a large enterprise that manufactures paper clips or CTO of a start-up that focused on improving healthcare? Chase your passion, not a job title, because no one ever dies thinking ‘I wish I had worked more’, so make sure what you do matters to you.