Greg van der Gaast

Greg van der Gaast: “You Need a Holistic and Business-Aligned Security Approach”

In this Q&A conducted by our sales executive Mark Matthews, Greg van der Gaast reveals what led him to become a cyber expert after formerly being named one of the World’s Most Infamous Hackers. The ethical hacking speaker is today a highly respected industry expert with decades of experience in cybersecurity. Hear Greg’s expertise first hand in this exciting interview.

Q: How did your experience as a hacker make you the cyber expert you are today?

Mark: “You were named one of the world’s most infamous hackers… how did this experience lead you to become an ethical hacker?”

Greg: “It’s interesting because I think in one way, it gave me attention to detail as to what causes breaches. Also, somewhat weirdly, I think what it influenced the most is my defensive mindset.

“Back then, you built a computer, you loaded your operating system and then you joined a chat room full of hackers. We didn’t have broadband; we didn’t have home routers. Your computer was directly connected to the Internet and there were no firewalls yet.

“If you hadn’t secured it, locked it down, tightened it, patched everything, updated everything… hard drives still made noise back then and if you hadn’t done that about 30 seconds after joining that chat room, it started making a lot of noise and everything just started shutting down. You would have to reinstall Windows.

“So weirdly, that’s probably what stuck with me the most, just making absolutely sure that things are locked down properly.”

Q: How would you define leadership in cyber security?

Mark: “In the complex and high-stakes world of cyber security, what does leadership look like?”

Greg: “I think leadership is leadership. It shouldn’t be related to cybersecurity at all.

“I see a lot of leadership courses in cybersecurity about tech and frameworks and compliance and this and that. I’m able to have a decent conversation with an executive and they find it hugely refreshing.

“You need to explain stuff in simple English and don’t be that really boring person no one wants to invite to dinner. You would be surprised at the amount of traction you get. I think in security, we’re somewhat protected because people have no idea what the hell we’re talking about because we’re the geeks, and when something goes wrong, no one wants to deal with us.

“I was actually at a conference a couple of years ago where they asked board members what the primary reason was for them funding their security organisations, giving their CISOs money. The most popular answer – 35% of the votes – was to make them go away.

“They hadn’t justified a strategy, an approach, an ROI or anything like that. They were just so annoying and unpleasant to be around; they just wanted to make those people go away.

“I don’t think security should be cost-centred and I mean that beyond the risk equation. I think you should provide businesses with value, where you’re actually generating more revenue than you’re consuming. Then, the fact that you’re reducing risk in the process, that’s just a bonus!”

Q: If you could give your younger self one piece of advice, what would it be?

Mark: “Time and experience can make the difference in any career. What advice would you give to your younger self to be better prepared for the future?”

Greg: “I’ve had a hugely transformational journey. I was a severe victim of Rockstar syndrome at an early age because I was technically very strong, quite arrogant, highly certified, and doing lots of stuff.

“I kind of got stuck at some point in my career where things got pretty dire. So, I thought, I may as well just give away everything I know, and that’s when that transformation happened.

“When I started just giving away everything I knew, trying to help others by sharing the knowledge without getting anything back for it, that’s when I started getting that recognition of, ‘oh, this person actually knows stuff’.

“It automatically makes you an authority, and that kind of elevated me. It led me to the wonderful leadership positions that I get to fill now, where I get to work at C-level and board level in the business and have my own teams. My teams to me, they’re my people. They’re like family – I love them to bits!”

Q: What is the most pressing cyber threat to UK businesses?

Mark: “Businesses in all sectors often find themselves exposed to cyber threats. What cyber threat is currently the greatest concern for UK businesses?”

Greg: “Everyone will say ransomware, but ransomware is basically a payload. It’s a way of monetising a breach. I think the really shocking thing is the way companies get breached, the way that people get in the door, really hasn’t fundamentally changed in the 25 years I’ve been doing this.

“People are still not building systems properly, they’re still not maintaining them properly, they’re still not doing asset inventory. They’re not patching properly, they have poor processes, they have a lack of consistency in processes. You’re basically living in a house with a thousand doors and a thousand windows, and some constantly being left open. That’s how people get in.

“For large businesses and organisations, you need a holistic and business-aligned security approach that’s truly proactive and in line with the business, in line with how things actually work, so that you come up with effective, sustainable ways of doing things rather than the security status quo, which is just ‘buy another tool’.”

Hire Greg van der Gaast for Your Cyber Security Conference or Event

To hire a cyber security speaker like Greg van der Gaast, get in touch with a booking agent by calling 0203 0070 318 or by completing our online contact form.

Social Share

Share on facebook
Share on twitter
Share on linkedin