Name: David SmithCompany: NuixJob title: CISOTime in current role: 1 year (previously 24 years in U.S. Secret Service)Location: Washington, D.C. David Smith is chief information security officer (CISO) at Nuix, an Australian technology company that produces a software platform for indexing, searching, analyzing and extracting knowledge from unstructured data. His goal is to improve and maintain all facets of security from InfoSec to physical and personnel security. He focuses on educating and encouraging the active pursuit of security best practices. Before joining Nuix, David specialized in computer forensics and electronic crimes investigations for the FBI. Here he shares his views on the current cybersecurity trends, the battle against cybercriminals and how he keeps up with the everchanging cybersecurity landscape. What was your first job?\u00a0My first full time job was working as a computer operator and analyst for the FBI.\u00a0How did you get involved in cybersecurity? I was involved early in computer forensics and electronic crimes investigations, so when cybersecurity began as a dedicated field it was a natural fit for me.Tell us about your career path. After spending a few years as a computer analyst at the FBI, I started my career as a Special Agent for the U.S. Secret Service. During my time there I worked in computer forensics and electronic crimes investigations. From there I transitioned into the early days of cybersecurity management and information governance. I spent seven years designing and teaching cybercrime investigations and forensics training courses for law enforcement. Then I moved back into cybersecurity management and information governance.Was there anyone who has inspired or mentored you? I have been very fortunate to have had plenty of great mentors and leaders, both within the forensics\/cyber world but also in other areas of leadership. Chris Pogue has taught me a lot and has been a good influence. There are too many other people to mention by name, but all of them have definitely helped shape my career.What do you feel is the most important aspect of your job? The most important aspect of my job is to improve and maintain all facets of security for my company, not only information security, but also physical and personnel security. Part of that includes leading and encouraging everyone to be active in following security best practices.What metrics or KPIs do you use to measure security effectiveness? I use a variety of metrics depending on what particular security category is in question. Some aspects of security are easier to measure than others, of course. For many security categories, I borrow some of the ideas behind the U.S. Government\u2019s Federal Information Security Management Act (FISMA) and the associated Risk Management Framework (RMF).Is the security skills shortage affecting your organization? What roles or skills are you finding the most difficult to fill? I am fortunate that my organization takes security very seriously, at all levels of the company. Speaking in general terms of global cybersecurity, not just for my company, the greatest skill shortage tends to be in the newest areas of technology, such as cloud computing security. There is often a gap from when many organizations adopt a major new technology to when colleges and major training organizations are able to develop specific training to discuss the security of those new technologies.Cybersecurity is constantly changing \u2013 how do you keep learning?\u00a0I attend traditional training courses and conferences, I read a lot of newsletters and blogs, but most importantly I talk about cybersecurity issues with as many people as I can.\u00a0What is the best current trend in cybersecurity? The worst? The best trend is the rapid catch-up of law enforcement and judicial systems around the world. More and more police and law enforcement agencies are dedicating resources to cybercrime investigations, and more nations are trying to improve their cyber-related laws and judicial processes to keep up with the rapidly changing world of cybercrime. We have a long way to go, but the progress in the past year or so is very encouraging. The worst trend is the tendency of some people and companies to spread \u201ccyber hysteria\u201d rather than meaningful information.\u00a0What's the best career advice you ever received? Wow, I have received so much good advice in my professional career from so many great people. If I had to pick one, it would be from a friend of mine who is an executive leader in the U.S. Secret Service. He said, \u201cThe minute you think you are smarter than the next guy, you have lost.\u201dWhat advice would you give to aspiring security leaders? Organization and focus are critically important to being a successful security leader. It is so easy to spend every minute running around putting out security fires, real or imagined, and before you know it you are not really making progress on your information security goals. Devise a plan and specific processes to execute that plan and stick to those processes with everything you have.What has been your greatest career achievement? I am most proud of the fact that I provided cybersecurity training to thousands of law enforcement personnel from over 80 countries. There is no better feeling than having a detective who attended one of my classes from a distant country email me to say that my training led to the arrest of a major criminal.Looking back with 20:20 hindsight, what would you have done differently? Honestly, I would not change anything.BEYOND THE BASICSEducation: I have a Master of Science in Cyber Systems and Operations from the Naval Postgraduate School and a Master of Arts in History from the University of Michigan.Must-attend conferences: I try to attend different conferences each year, rather than sticking with the same ones. There are just so many conferences now compared to years past. [Given all the choices] cybersecurity professionals really need to think about what they want to get out of a conference: general knowledge, specialized information on a specific topic, networking with peers, etc. I will say that my top go-to conference is the Open Source Digital Forensics conference, which is usually in the autumn in the Washington, D.C. area.Favorite quote: My favorite quote is a verse from the New Testament, Romans 12:21: \u201cBe not overcome with evil, but overcome evil with good.\u201d That phrase is hopeful, kind, positive, strengthening, joyful and applies perfectly to all of us who practice cybersecurity.What I'm reading: I am currently reading Last Days of Socrates by Plato.Most people don't know that I\u2026 am an obsessive record collector with thousands of music CDs and vinyl records spanning all sorts of genres and eras.Ask me to do anything but\u2026 eat mushrooms. Because I won\u2019t.In my spare time, I like to\u2026 read and listen to music.This interview is part of CSO\u2019s regular Spotlight series, which focuses on the career paths of security leaders. If you know someone (or are someone) with a story worth telling, please contact email@example.com.