Judges on Fire: Michael Hill, Editor, Infosecurity Magazine Judges on Fire Podcasts Posted by Jon Howell | 03/07/2020 In our Judges on Fire series of podcasts, we aim to let you get to know our judges a little better. They also get the chance to share their wisdom and tips about entering the Tech Trailblazers Awards. For our second outing we are very lucky to have Michael Hill, the Editor of Infosecurity Magazine, who is joining us as a judge for the first time this year. Find out more about Infosecurity Magazine, how Michael got started in publishing, and what excites him about cybersecurity, which is the award category he will be primarily concentrating on (although he has an eye for IoT too). Plus find out which superhero he’d like to be. So, over to Rose Ross, Founder of the Tech Trailblazers Awards, as she interviews Michael Hill in our second Judges on Fire podcast. Spotify Also available on: Anchor FMYouTube Interview transcript RR: Welcome Michael Hill, Editor of Infosecurity Magazine, to Judges on Fire, the Tech Trailblazers Podcast that interviews our judges. So, welcome on board, new with us for our 9th edition, thanks for joining us Michael. MH: Thanks very much for having me, great to be here. RR: Brilliant. So, it would be great to understand, so that anybody who doesn’t know Infosecurity Magazine, and perhaps has not dealt with you, or come across you before, to give us an overview of the publication, and also yourself, and the stuff that interests you. MH: Sure, I’m Michael Hill, I’m the editor Infosecurity Magazine. I’ve been with the magazine now 4½ years, it will be 5 years in December, so I actually came on board as the deputy editor, in that role for a couple of years, back when Eleanor Dallaway was the editor and she had been for several years. Then she went away to have her second child, and I stepped up into the role of editor for that maternity leave. Then when she came back into the business there was a bit of a restructuring with her moving into a kind of director-editorial role. So, I actually then took on the editor role on a full-time basis, and that’s what I’ve been doing for the last 2½ years really. So, Information Security, we’re very much focused on cybersecurity, so the security of people’s data, data privacy. We cover a lot of things within that topic, so things like the big breaches that companies are having, again data privacy implications, data privacy rights, and we try to have a real mix of content in our magazine, which is obviously daily news that we try to have a lot of interviews with industry figures. We do weekly webinars as well, sometimes two webinars a week where we explore various topics really within the sector. So, we’re mostly online and that’s where the majority of our topic lives obviously, but we do actually still print as well, so we print a magazine quarterly. Several years ago it was more regularly than quarterly, it was once a month I believe, but obviously print media is what it is now, but it’s nice to still have a physical print issue, that like I say goes out four times a year, and we’re quite proud of that. Yeah, we put a lot of work into that every few months. So, that’s us in a nutshell really. RR: Brilliant. Do you want to give us little bit of how did Michael end up being a journalist, how did you get involved with cybersecurity, a little bit of your background perhaps? MH: At university I studied English Lit with Creative Writing, and even though that was oh, that was quite a long time ago now, I always wanted to be working editorially, or to be writing, or to be involved in publishing, it was something I always found quite interesting, quite enjoyable. I had a great time at uni, came out of uni as a lot of people do wanting to get into the journalism field and stuff, but I think a lot of people do come out of university hoping to become a journalist. It seems like a cool, fun career to have, jetting all over the world. You grew up watching films like Superman, Clarke Kent was a journalist and stuff. But the reality was, I found it difficult to get any kind of paid work, internship, out of uni just because there were so many people looking to do it. So, I looked at that for a few months and ended up taking just an admin job in insurance, just a local one for something to do, thinking I’d do it for a year or so and then try to have another go at writing. A couple of years down the line, the best part of two and a half years, I was still in that same job, so I then made the decision that I wanted to give the writing another go, and had a look around for internships and entry level jobs. I was really lucky to get one at a media company that was actually called, This is our Town. So, it was more of a lifestyle media brand, but they covered everything from sports, to food and drink, theatre, general lifestyle, and fashion. I got an internship there where I managed to stay for six months, obviosuly it was expenses paid only, so it was an interesting time moving from a reasonably well paid full-time job into that, but it was something I wanted to give a go to. Luckily, it went really well, and from there I moved quite quickly around the publishing sector. I moved to work at University of Law in Surrey in the publishing department for about six months. I then moved again to work for a medical publication, which was actually orthopaedic surgery. so that wasn’t so much writing, that was more editing, proofing, getting things into house style, and working quite heavily on the publication process of the different journals. So, I was there for a year and then was looking to move again, and this is where cybersecurity came up I guess. I saw an advert for a deputy editor, I thought I’d like to have that step up and move into a more senior role. I liked the idea that it was going to involve more writing than I had been doing for the last year or so. But in terms of my tech background with cybersecurity interest, it wasn’t something that I was particularly passionate about previously. I’d always liked technology and stuff and found it interesting, but I think it was one of those things where I wanted to be a journalist, I wanted to write and tell stories. The cybersecurity topic was just something that just seemed to find me really, and my knowledge of it when I first came into the magazine was very little. I knew who John McAfee was, because he was I guess a bit of a playboy guy you see in the newspapers a bit, and I knew what antivirus was, but it was all quite new to me, so it was quite a steep challenge to come into the industry. But what I would say is in the last four and a half years, the industry is entirely different than any vague perceptions that I had years ago of what information security is, and what IT security is. Luckily, for me anyway, I found it not overly technical, it’s actually more rooted in human behaviours and human psychology, which I actually find is really, really interesting, with a layer of tech I guess beneath it. So, yeah, no background in tech or cybersecurity, but here I am I guess. RR: There we go! Well obviously things have changed a little bit in the years since you’ve taken on that initial role, and I think certainly from my exposure to cybersecurity professionals, surprisingly they’re very open. A lot of them who are very high-profile use things like Twitter, and so you do get exposure quite quickly to a lot of the ins and outs of the whole thing. There are a lot of very well-rounded, very experienced cybersecurity professionals, who I’m sure are more than happy to give you their opinions. So, obviously you’re joining us to be one of the judges, and you’ll be looking primarily at the cybersecurity startups. I know obviously Infosecurity Magazine is targeted quite aggressively by the cybersecurity startups, as well as obviously other cybersecurity vendors. How have you found the kind of things that are interesting, because I think there’s something like – according to Crunchbase, 15,000 cybersecurity, God forbid, startups, which is a phenomenal amount of organisations who are coming up with potentially new, or ‘me too’ stuff, which is potentially better, cheaper, faster, more comprehensive. What kind of things have you seen say over the last few years that you think you think have been particularly interesting, or initiatives from the cybersecurity world? MH: You’re obviously right in the number of startups that are in the field. I think cybersecurity sector is a field that’s evolved a lot dramatically in the last 10 years, if you compare it with other industries which have had a lot longer I would guess to progress maybe a bit slower. But, one particular thing, particularly from my perspective, when it comes to startups and new companies is, because cybersecurity is a sector that does change and evolve so quickly, that actually it relies heavily on new companies who come into the market with new ideas. They see new niches, they have new approaches to things, and I think that’s actually key, I think it’s more key in an industry like cybersecurity and IT tech, because of how quickly it’s moving. So, when you come across new companies that are, for me personally, and this is something I’ve been seeing the last few years, whose initial focus is really kind of on the user; so I’m looking at authentication I guess, but with the user in mind. So, I think there’s been a tendency in the past where the authentication has not put the user at front-of-mind, and it’s been too focused on cumbersome processes just to ensure security, and leaving the user in a bit of a limbo where they try to work round it, or they just avoid it altogether. So, I do like to see companies that are really coming forward with these ideas about putting the user at the forefront of the technology they’re putting together, to give a more streamline user-friendly experience. Which I think if you can master that, your result is better security, and if you don’t then you’re going to have issues with, like I say, users finding work arounds, or just avoiding the technology altogether because they find it slow, it slows them down. So, yeah, that’s been something that’s been particularly interesting to me the last couple of years, around the authentication piece, but with the user front-of-mind. RR: And certainly from looking at what will be happening over the coming months as we’ve opened up for entries now, and then obviously in September we’ll be closing off, and then you’ll be getting a chance to have a look at it. What’s new for this year is that we’re actually going to give the shortlisted companies an opportunity to do a Lightening Talk on something like Zoom, or Teams, or whatever. So, hopefully that’s something you may be able to join us for, for the cybersecurity shortlist as well, just so you can get a bit of an insight from them. Moving forward, I think one of the things that would be good to see is, is there anything in particular that will be of interest to you? Are you going to get particularly excited if you see certain challenges being addressed, certain obstacles being overcome from a cybersecurity? Because obviously, you talk to a lot of end users as well, you talk to CISOs, you talk to IT, security professionals, on a very regular basis you interview them, you talk to them with regards to what they’re doing; what kind of things do you think will be resonating for you, where you’ll go, ‘Yes, a few people have said this is an issue, and this is something that addresses that’? MH: Yeah sure, well there’s a few areas that stand out to me, and if you’d have asked me six months or eight months ago they would have stood out to me then as well. So, that’s very much looking at the cloud for example. A lot of people we speak to, they bring up the cloud as a real area of challenge; its growing again at such a pace, but a security angle there particularly with outsourcing to cloud services and stuff, ensuring the security balance is right, that’s quite a challenge for companies I think. So, certainly in the cloud and I would actually kind of tie-in with that a bit of IoT as well. That’s always been interesting to me, and again is another thing which is growing and getting bigger all the time. We’re getting more and more devices which were built with connectivity as standard, but there does seem to be this issue with, on the manufacturing side, security just not being up to the standard that it needs to be, inbuilt. So, something that takes into particular consideration the cloud and IoT, I’d find very interesting. But obviously given this year and the way that things have turned out and have happened, and the place we find ourselves in now, something that’s also particularly interesting is what is the norm now, and what’s going to be normal for the next couple of years, which is a far more agile, remote workforce, and with that, new approaches to security. So, I think now is a great time for startups and younger companies looking at the key challenges that organisations are facing all over the world, and that really is, how can we improve security, so how can we adapt and flourish in what’s considered the new normal, with the understanding that workforces are going to be far more agile than they ever were, far more remote. And to the technology piece, you’ve got all of these apps growing now, Zoom, like we talk about that, how can we use these new forms of communication securely, but also companies are going to have to reassess their security approaches, security strategies, how do they deal with responding to events that occur, who handles that process? So, it’s definitely going to be an interesting time, I would say, the rest of this year and for me probably the next couple of years going forward, in terms of how companies adapt. RR: It’s interesting, because IoT is one of our categories as well, so there might be some interesting companies coming forward with regards to that, cloud also; cybersecurity and cloud have been our most popular categories for entries, and also the male and female Tech Trailblazers which is something we introduced a couple of years ago. But I’m curious because AI has been seen as being a bit of a, ‘Ooh this is going to make cybersecurity, this is really going to drive things forward’, are you seeing that as being an interesting area that you think might be where a lot of the startups will be playing into? MH: Yeah, again so AI is one of those topics that does come up a lot in conversations, well back obviously when we could all go to physical events and stuff, you used to see a lot of conversations around it, and used to see a lot of reference to it. It is an interesting one, I think for quite a few years now that’s been the buzzword, and I do think it’s slowly maturing to the point where I think companies are starting to get a bit of a grip on what does it actually mean? What does AI mean? What does machine learning mean? What does automation mean? So, one thing I would say with that is, there needs to be I think greater understanding on the different facets of AI, because it isn’t just robots that learn, and I think it’s helping companies understand what level of AI, artificial intelligence, they can use within their company that works for them. So is it more deep learning, is it just the machine learning angle? So, that’s interesting, but I think it’s something that companies still need support on, because it is still evolving, and I think it needs a bit of, not standardisation, but I think companies need a bit of structure to fully understand it, and fully use it, and come away a bit from the buzzword thing of AI, and maybe drill down a bit into, ‘Okay, what does that actually mean?’ RR: Yes, because it is seen as a lot of automation within the process as well, isn’t it. We have a structure which gives points for certain elements. What would be your advice? I know you’ve been involved with awards previously; you obviously get to look at an awful lot of pitches from people talking about what they think your readers are going to be interested in. What do you think would be your advice to people who are submitting? What do you think you want them to focus on, and what do you want them to sort of prove to you, what evidence do they need? MH: Well, yes for me, and like I mentioned earlier, I think a big element of modern security, successful security, is the human side of things. It is fully understanding that no matter what technology you’re implementing, no matter what you’re trying to achieve, your need your humans to be effective and onboard with it. I think they need support with doing that. I do think in the past there’s been a tendency for security to forego the user human element. I think if you can find a way of securing things clearly, and are able to clearly show what you’re trying to achieve, without hampering the user’s experience; at the end of the day employees and users whether they’re at work or at home, they just want to get on and do what they want to do. But I think if you can come up with a way of keeping them at the front of what you are trying to achieve, and involving them in the process so that they don’t feel as though they’re having to jump through hoops just to try and do a simple thing. So, I guess it’s streamlining the authentication and identity management process really. But like I say, always having the human user at the heart of what you want to achieve from your security approaches, really. RR: Fantastic. Looking beyond that, we like to have a little bit of fun in these things, not just talk about the awards, not just talk about what you on a day-to-day basis, and you’ve almost answered this next question inadvertently. So just to give a bit of a personal spin on things, what superhero would you be if you were going to be a superhero? You’ve already mentioned one, so I think you might have already marked your card with regards to that! MH: Well, that’s a good point actually. There’s so many to choose from, and I’m a big superhero fan. I’ve always had a really soft spot for Spider-Man, even though I mentioned Superman earlier, I don’t think I’d quite look like a Clark Kent, but I think I could probably pass for a Peter Parker. So, I’m going to say Spider-Man, yeah, and stick with that. RR: Well, now you’re Spidey! MH: Surfing the web! RR: Indeed, indeed, both literally, well certainly literally. Beyond that, if we look at stuff to the future, obviously there will be startups that you’ll be seeing that are kind of in the reality of today, but if you look at the broader technology beyond cybersecurity, what do you think – what would be your predictions of what we’ll be seeing over the next decade or so, that will be big advances in technology. MH: A decade’s a long time for technology, that’s the thing. RR: A very long time. Well, you can rein it back a bit, if you need to. MH: Well, I do think eventually the AI piece will kind of all tie together. I think it’s getting there. But like I mentioned, I won’t dwell on it, but I think there’s a lot of confusion, it’s not entirely clear exactly how AI technology works, and how we can actually fully use it to its full potential. I also think that we’re going to see wider standardisation around technology. So, IoT for example; I’m not saying this is going to be an easy thing to ever achieve, but I do think there needs to be some kind of global standardisation around the manufacturing of IoT devices, particularly when you look at how much regulations are evolving and changing now, obviously GDPR a couple of years ago, this year we had the CCPA which is over in California. So I think you’re going to see a lot more countries, a lot more regions across the world, looking to implement stricter regulations. And again, they’re going to have to find a standardisation of how those regulations can work together, with regards to technology and data privacy. Again, yes IoT, vehicles and stuff, again it’s something that’s been discussed for quite a long time now, but it is slowly getting there. Industrial infrastructures as well, more and more of those are becoming smart facilities, but again that’s highly dangerous when you’re talking about critical infrastructure that’s a nation, a town, or a city is dependent on; how can you ensure they are secure as well? So, I think there’s going to be a lot. I do think that, yeah, a lot of good things are going to happen in the next 10 years, and I do think automation at its basic principle is going to be behind a lot of that. I also think that there’ll be more input and more focus put on recruiting into the security industry and tech industry, from kind of more diverse backgrounds, I think there has to be. I think some good work’s been done on that in the last few years. In terms of trying to address the gender imbalance, I think it’s getting better, but there’s many forms of diversity, and I think actually more and more companies now are seeing the benefits of diverse workforces. That’s something which could be helped along the way with far more remote workforces, where maybe people can work the large majority of the time remotely, and don’t need to come into the office at all, which maybe a year or so ago companies weren’t really on board with that. So, who knows, maybe that kind of remote move could actually help make the workforce more diverse. RR: Definitely. Certainly, we have our male and female Tech Trailblazers as categories, and I certainly think for having looked at it from the outside, I think one of the other things that perhaps has been the leveller is the ability for people to work remotely. Obviously hopefully kids will be going back to school, so returning-to-work mums, or returning-to-work dads, will be able to not have to come into an office. That will make childcare issues, the things around balancing work-life balance, it is going to be a bit more of a level playing field across for everybody. There’ll be less international travel, so there’ll be less pressure for people to be away from home. So, a lot of the things I think which have possibly been barriers, particularly for women, as new mums or existing mums having to make a compromise, we’re now not having to necessarily do that. We have shown that people can be just as effective doing what we’re doing here, not meeting for a coffee down at Soho, or in New York for an event, or wherever that may be, but you can actually get a job done in different ways. It doesn’t have to be the way that we’ve always done it, this has made us rethink about how we’re doing things. MH: Yeah, that’s right, it has. RR: Fantastic. Well, thank you very much, first of all for joining us as part of our esteemed judging panel for our 9th edition in 2020. It’s great to have you onboard Michael. And thanks for joining us for the podcast as well, being in Judges On Fire it will be great for people to understand a little bit more about what you are interested in, so thank you for taking the time for that. MH: No problem, thanks so much for having me.