With little time to react, staying ahead of threats is top-of-mind for C-level execs

Many companies are caught in a 3-6 month event horizon that doesn’t leave them with much time to respond, let alone plan for the future, says Tyson Macaulay, VP of Security Services at Fortinet. Here’s how he’s helping his customers look ahead.

Tyson Macaulay 620x465

Tyson Macaulay joined network security vendor Fortinet in November 2015 as Chief Security Strategist and VP of Security Services. In the newly created role, Macaulay is charged with advising the company’s C-Level enterprise customers and helping them take a holistic approach to managing their data security environments.

In this email Q&A, we catch up with Macauley to learn about trends in the challenges his customers are facing, why he says he “would put IoT security up there with ‘keeping children and lunatics away from firearms,’” how he plans to help customer extend their event horizon, and what he has at the top of his to-do list for the next three months.

You've been at Fortinet for a few months now. Can you give us an idea of what a typical day looks like?

In my role a typical day does not really exist but most of my time is committed to being a trusted advisor to C-Level enterprise customers, helping them take a holistic approach to managing their data security environments in a threat landscape that is rapidly changing and evolving. Fortinet’s enterprise business is growing and I play a critical role in helping our customers future-proof their cyber security strategies to ensure they stay ahead of threats and protect their business. This is not easy and a consultative approach is important. I do this through a variety of methods: calls, presentations, travel to customer sites, email, solutions content development, etc. I also spend a lot of time with various teams within Fortinet to help them understand the outside world better so that we can build stronger relationships with our customers and partners.

Before joining Fortinet, you held positions as CTO of Telecommunications Security at Intel and Security Liaison Officer at Bell Canada. What attracted you to this opportunity?

The security market is a crowded space, there are a lot of confusing marketing messages, and there is urgency to change the trajectory of cybersecurity. Fortinet is a company that I believe is well positioned to deliver what the industry needs. Customers and partners want technology that will not just prevent possible attacks, but help defend their reputations, their valuable customer data, or their competitive edge. Working alongside security industry veterans such as Ken Xie and Michael Xie and our global customer and partner ecosystem is a great opportunity. Fortinet is driving the future of this industry with our security fabric platform.

What’s at the top of your to-do list for the next 3 months?

Development and presentation of key use-cases and security reference models for a couple major industry verticals (telecom, finance), and for the IoT generally. These models will be living documents, evolving as time passes and products advance. Clients and especially executives need context to understand a technical solution or product; I am trying to create that context to encourage better overall security and drive product adoption, but not just any product. Customers need to make smart decisions. A wrong security decision is costly and can dramatically affect the reputation of a business. In light of all of the evidence it’s clear some new ideas are needed. But enterprises today are still relying on the same old strategies. Complexity is the enemy of security, enterprises can have up to 20 different solutions across their network.

What are your customers telling you about the challenges they're facing? What is keeping them up at night?

The security threats facing organizations today are constantly changing and evolving. Staying ahead of these threats is top-of-mind for C-level executives across industries. The biggest problem that customers are facing is that their event horizon is limited to about 3 to 6 months. They don’t know what is coming from a solution or threat perspective, yet they are trying to plan and budget 1 or 2 years out – 3 to 5 years in the case of telecoms. Imagine driving at high speed, at night, and your headlights stop being useful 50" ahead: not much time to react. Stressful!

I am trying to extend their event horizon – not in a point product-centric manner but end-to-end, in an Enterprise Risk Management framework. In the course of this process, we also have to recognize that the vendor ecosystem is diverse, competitive and customers have a wide range of existing investments.

Are you seeing any trends emerging in the security needs of your clients?

There are trends in “interest" and trends in “needs” - we try and address both.

“Need” trends are: Data center/cloud and virtualization security, predictive analytics and threat management, “sandboxing,” security in the face of more and more encryption, 4G wireless security.

“Interest” trends are: Internet of Things security, 5G wireless security, software defined networking and network function virtualization. “Interest" trends reflect their event horizon – the limit of their awareness, if not planning - and a place we want to help guide them towards.

To continue reading this article register now

Make your voice heard. Share your experience in CSO's Security Priorities Study.