This interview is part of GovInsider’s inaugural Cybersecurity Champions report featuring public sector cybersecurity officials around the world.
Please give a brief description of your job function as a cybersecurity professional, as well as what your organisation does.
I am the Chief Information Security Officer at Elastic, and I lead the charge in fortifying the company’s security posture, leveraging nearly three decades of cybersecurity expertise to safeguard the organisation’s information, technology, and people.
I share my learnings with other organisations so that we can balance risks and innovation, helping companies grow safely and sustainably.
Elastic is the Search AI company and provides enterprise solutions for search, observability, and security. We are a globally distributed workforce of more than 3,000 employees across 35 countries with a cloud-first approach to infrastructure.
The Elastic Information Security team is organised to address customer trust and enablement, security assurance, threat detection and response, and product security.
What kind of cyber threats does your organisation face on a regular basis?
At Elastic, we monitor vast amounts of security data (over 150 TB per day), including over 600 GB of security data from more than 450 thousand Elastic endpoints, to identify threats.
Like other large enterprise organisations, we face increasingly sophisticated phishing and social engineering attacks, amplified by AI, and monitor malware trends, particularly in Linux environments, relevant for companies expanding use of cloud environments that run on Linux.
Our security strategy relies on gaining comprehensive visibility of our data landscape, using tools and practices that provide deeper control and actionable insights to strengthen our security posture.
In your view, what are the biggest threats and challenges (be it in the network layer, and/or in areas such as scams, phishing and identity theft) in the public sector cybersecurity scene globally?
The biggest threats facing the public sector include ransomware, identity theft, and data breaches.
Today, public sector organisations are expected to be data-driven, citizen-focused, compliant, and efficient—all while securing critical infrastructure, meeting complex regulatory demands, and navigating the risks posed by emerging technologies like generative AI and machine learning.
Reducing the time to detection and validation of such threats is critical. Elastic provides search analytics capabilities that allow organisations to gain an advantage over cybercriminals by detecting potential fraud across vast volumes of data and keeping evidence searchable for the long term.
At the end of the day, fraud and cyber threats are a data problem. An organisation will need to have full visibility over real-time events and access to data that, in some cases, extends over multiple years to gain the insights as well as evidence to combat threats as and when they appear.
Speed is critical, and with real time data, detection rates can be improved and false positives reduced. Security teams can effectively identify abnormal behaviour and combat fraud by integrating the right information and logs into detection algorithms.
To subscribe to the GovInsider bulletin, click here.
Many say that we are entering an age of AI-driven cyberwarfare where both hackers and cybersecurity professionals use AI tools for attack and defence. What is your view?
Cybersecurity is an ongoing battle that’s intensified with AI.
Generative AI is a powerful tool, like a ‘queen’ in chess, capable of shifting the advantage. While bad actors use AI to create sophisticated, error-free phishing attacks highly targeted to their victims, AI also empowers cybersecurity professionals.
A GPT tool deployed responsibly can serve up helpful resources, providing the context needed to help evade potential attacks and facilitate a more effective response to any threats.
Generative AI doesn’t just help security professionals make better decisions, it also helps them make faster decisions — with less manual effort. Generative AI can very quickly pull relevant information, best practices, and recommended actions from the collective intelligence of the security field.
Having this comprehensive context allows practitioners to quickly understand the nature of the attack, as well as what respective actions they should take.
Cybersecurity is often described as a team sport whereby a network’s vulnerability is often defined by its weakest link. In this context, how important is having a whole-of-government or whole-of-country cybersecurity posture?
It is critically important for governments to establish a consistent and enforceable cybersecurity framework across all ministries. Interconnectivity is the cornerstone, aligning individual and agency priorities towards common security goals.
Singapore, for example, can consolidate security services under the leadership of a single CISO.
Such a strategy would enable local government agencies, school districts, state agencies, public colleges and universities, and even the private sector to leverage the same security tools, systems, team, and strategy.
Benefits of whole-of-state security include the centralised budgeting and resources, reduction of duplicative work and tools, and ultimately stronger security and incident response.
Rather than operating in siloes, a unified approach across a country’s government will enable cross-agency data sharing.
With shared data, every agency will be equally equipped with the same threat data across the board, to empower cybersecurity protection measures and fraud detection.
An often-repeated point in the cybersecurity sector is what your Plan B is after your network is breached. Can you share your point of view on this aspect?
Proactively anticipate and prepare for breaches. Assume an incident will occur and avoid complacency. Develop playbooks and conduct practice scenarios. During any incident, understanding impact and communication are crucial.
If your organisation gave you an unlimited budget for cyber defence, what would you spend it on?
I would prioritise resources for Identity and Access Management (IAM).
Given the digital nature of modern business, robust IAM solutions are critical to ensuring secure and efficient user access across all applications, devices, and technologies.
What brought you to this profession and what do you love the most in your job and what would you like to improve?
I love that every day is different and brings new challenges. It’s never boring! I’m really focused on bringing fresh perspectives to cybersecurity, especially by encouraging individuals from underrepresented backgrounds to join the profession.
The lack of qualified cybersecurity professionals is a global problem, how do you think this can be overcome?
Cybersecurity professionals should follow the same line of thinking on diversity in general.
In my view, and from my day-to-day experience as a CISO, a more diverse cybersecurity team is definitely a better cybersecurity team.
To address the lack of qualified cybersecurity professionals, we must broaden our candidate criteria beyond traditional backgrounds, valuing diverse skills and mindsets like curiosity and a passion for learning, not just data science expertise.
Additionally, we need to actively encourage more women to join the field by adjusting our recruitment methods to reach wider audiences, such as partnering with community colleges and specialised recruiters for diverse candidates.
If you had a chance to restart your career from scratch, would you still want to be cybersecurity professional and why?
Absolutely. My passion lies in the intersection of technology and business.
I find it fascinating to learn about business operations, technological advancements, and how organisations adopt new technologies.
Security is the unifying element, essential for every company’s success, regardless of industry. That first computer my father brought home sparked a lifelong journey in technology for me.
