ith decades of experience in cybersecurity, former hacker and ethical hacking speaker, Greg van der Gaast, is a leading voice on the topic. In this exciting interview, he reveals what led him to become a cyber expert and the advice he would give his younger self.
How did your experience as a hacker make you the cyber expert you are today?
“It’s interesting because I think in one way, it gave me an attention to detail as to what causes breaches. Also, somewhat weirdly, I think what it influenced the most is my defensive mindset.
“Back then, you built a computer, you loaded your operating system and then you joined a chat room full of hackers. We didn’t have broadband; we didn’t have home routers. Your computer was directly connected to the Internet and there were no firewalls yet.
“If you hadn’t secured it, locked it down, tightened it, patched everything, updated everything… hard drives still made noise back then and if you hadn’t done that about 30 seconds after joining that chat room, it started making a lot of noise and everything just started shutting down and you would have to reinstall Windows.
“So weirdly, that’s probably what stuck with me the most, just making absolutely sure that things are locked down properly.”
How would you define leadership in cyber security?
“I think leadership is leadership… it shouldn’t be related to cybersecurity at all. I see a lot of leadership courses in cybersecurity about tech and frameworks and compliance and this and that.
“I’m able to have a decent conversation with an executive and they find it hugely refreshing. If you explain stuff in simple English and don’t be that really boring person no one wants to invite to dinner, you would be surprised at the amount of traction you get.
“I think in security, we’re somewhat protected because people have no idea what the hell we’re talking about, because we’re the geeks, and when something goes wrong, no one wants to deal with us.
“I was actually at a conference a couple of years ago where they asked boards what the primary reason was for them funding their security organisations, giving their CISOs money. The most popular answer – 35% of the votes – was to make them go away. They hadn’t justified a strategy, an approach, an ROI or anything like that, they were just so annoying and unpleasant to be around; they just wanted to make those people go away.
“I don’t think security should be cost-centred and I mean that beyond the risk equation. I think you should provide businesses value, where you’re actually generating more revenue than you’re consuming. Then the fact that you’re reducing risk in the process, that’s just a bonus!”
If you could give your younger self one piece of advice, what would it be?
“I’ve had a hugely transformational journey. I was a severe victim of Rockstar syndrome at an early age, because I was technically very strong, quite arrogant, highly certified, doing lots of stuff.
“I kind of got stuck at some point in my career where things got pretty dire. So, I thought, I may as well just give away everything I know, and that’s when that transformation happened – when I started just giving away everything I knew, trying to help others by sharing the knowledge without getting anything back for it.
“That’s when I started getting that recognition of, ‘oh, this person actually knows stuff’. It automatically makes you an authority, and that kind of elevated me. It led me to the wonderful leadership positions that I get to fill now, where I get to work at C-level and board level in the business and have my own teams. My teams to me, they’re my people. They’re like family. I love them to bits!”