Alex Laurie, SVP, Global Sales Engineering and Go-To-Market Programs, Ping Identity: “The need to stay ahead of emerging trends and potential vulnerabilities makes cybersecurity not just a career but a lifelong educational journey”

Alex Laurie, Senior VP for Global Sales Engineering and go-to-market programmes at Ping Identity, describes himself as an “avid sailor”, so it’s tempting to throw in some clichés to describe his 25-year cybersecurity. Think stormy weather, waves of attacks and oceans of experience. But we’re better than that, so we will instead merely point out that he’s in charge of sales, has astonishing depths of experience and that he shores up his knowledge by staying curious.

Feeble nautical jokes aside, Alex is a man worth listening to when it comes to cybersecurity. His experience covers government, military, law enforcement and the banking sector, with an emphasis on digital transformation, systems integration and comms.

Alex’s government experience particularly shines through in his belief that it’s time to “enact laws that address the creation and distribution of deepfake content,” complete with penalties for “malicious use”. But we must also educate the public “to verify sources and be sceptical of implausible content” can significantly reduce the impact of these technologies.

In this year of huge elections, where deepfakes will surely play a role, it’s hard to disagree.

Could you please introduce yourself to our audience and share how you ended up working in cybersecurity?

I’m the SVP for Global Sales Engineering and go-to-market programmes at Ping Identity. I’ve been in cybersecurity for 25 years across various roles from secure communications, data encryption, government services, system integration and more recently, positions on the vendor side with ForgeRock, now Ping Identity.

My tenure in cyber security started when I was involved in the development of early mobile applications, which demanded rigorous data encryption. These applications not only required robust user governance but also had to adhere to evidential quality data standards to ensure compliance and security. The field of cybersecurity fascinated me because of its dynamic nature – there is always something new to learn and different challenges to tackle.

The opportunity to continuously evolve and adapt to new technologies and threats has kept me engaged in this field. Every day presents a new learning opportunity, whether it’s understanding the latest advancements in digital identity technologies or developing strategies to protect against increasingly sophisticated cyber threats. The need to stay ahead of emerging trends and potential vulnerabilities makes cybersecurity not just a career but a lifelong educational journey. This constant evolution is what makes me passionate about the field.

What do you think are the best approaches to combating deepfakes?

Combatting deepfakes, especially in the context of increasing AI-enabled scams, requires a multifaceted strategy that combines advanced technology and enhanced public awareness. Deepfakes convincingly mimic audio and video of individuals and so require AI-powered detection systems to differentiate between genuine and manipulated content. These systems analyse subtle visual and auditory inconsistencies that may not be perceptible by humans, thus identifying deepfakes more effectively.

Additionally, digital platforms and regulators must collaborate to implement robust authentication protocols, including digital watermarking technologies, to verify the authenticity of digital media.

Legislatively, governments should enact laws that address the creation and distribution of deepfake content, imposing penalties for malicious use while setting clear guidelines for ethical AI applications in media. This includes compelling companies to prevent misuse of their AI technologies in creating deceptive content.

Public education is also critical. Raising awareness about the risks of deepfakes can empower individuals to critically assess the media they consume, especially on social media platforms. Educating the public to verify sources and be sceptical of implausible content can significantly reduce the impact of these technologies.

Worth a read: Tech you need to know: Privacy Enhancing Technologies

What are the biggest cybersecurity challenges those in leadership roles are facing?

In the fast-paced world of cybersecurity, leadership faces a gamut of evolving challenges. One pressing issue is the scarcity of skilled resources necessary for the development, implementation, and testing of cybersecurity tools, alongside the seamless integration with adjacent technologies that we use in our daily lives both as consumers and employees.

Digital identity remains a critical cog in securing these systems effectively. It’s not just about protecting data; it’s about ensuring that the right entities have access to the right resources at the right times, making systems both secure and functional. However, the pace of technological change, combined with the sophistication of nefarious actions, diverse attack vectors, and ever-changing regulations makes maintaining robust cybersecurity measures extremely challenging.

Leaders must navigate these waters with strategies that encompass not only technological advancement but also a proactive stance on cyber resilience. This involves continuous updates to cybersecurity practices, a deep understanding of threat landscapes, and a commitment to protecting organisational assets and stakeholder interests.

What is your take on ethical hackers and their role in cybersecurity?

Ethical hackers play an indispensable role in the cybersecurity ecosystem. They are critical to our ongoing efforts to test and strengthen our defences against malicious activities. Through industry-wide programmes, like Bug Bounty schemes, we actively support and encourage ethical hackers to assist in enhancing our security postures. These programmes are crucial because they not only help identify vulnerabilities but also aid in improving them before they can be exploited maliciously.

It’s essential to recognise the value of having external penetration testers and ethical hackers who operate with an objective lens, often summarised by the axiom, “don’t mark your own homework”. Their independent assessments provide an unbiased view of our cybersecurity measures’ effectiveness, making their role not just beneficial but necessary for maintaining robust cybersecurity practices. Their continuous engagement helps simulate potential attack scenarios, allowing us to test and refine our systems under controlled conditions.

This proactive approach is key to staying one step ahead in the dynamic landscape of cybersecurity threats.

Worth a read: IBM expands Watsonx capabilities with open source

What are some prevention strategies you believe every business should adopt?

Effective cybersecurity prevention strategies are multifaceted and must address both technical and human elements. It’s crucial for businesses to understand their systems, data, and applications thoroughly and govern access based on nuanced criteria such as who, why, where, when and how. Monitoring the context of access is vital, changes in an employee’s role, location, or unusual activity patterns should trigger risk assessments.

Additionally, as fraud and scams are increasingly prevalent, enhancing access and authorisation systems with robust AI capabilities to understand the context of each access attempt is essential. This enables more precise detection and prevention of unauthorised or malicious activities.

Educational initiatives are also fundamental. It is imperative that all stakeholders, including employees, customers and the wider community, are informed about the risks associated with digital interactions and the best practices for safeguarding personal and corporate data. This collective awareness and vigilance form the first line of defence against cybersecurity threats.

What advice do you have for aspiring professionals wanting to work in cybersecurity?

Cybersecurity is an exciting field, rich with opportunities for personal and professional growth due to its ever-evolving nature. For those aspiring to join this vibrant industry, my primary piece of advice is to maintain a clear focus on the outcomes you are trying to achieve and be adept at communicating these in simple, human-friendly terms. The ability to demystify complex concepts and articulate them clearly to a non-technical audience is invaluable.

This skill not only enhances understanding and collaboration across different functions within an organisation but also reduces the likelihood of miscommunication and subsequent errors. Being able to explain complex systems in straightforward terms is a crucial skill that will distinguish you in a field where clarity and precision are paramount.

Furthermore, engage continuously in learning and professional development. Cybersecurity is a field that demands a proactive approach to learning and adaptation, as the threat landscape and technologies are constantly changing. Be curious, stay informed, and be ready to adapt to new challenges – those are key traits that will contribute to a successful career in cybersecurity.