‘The old paradigm of the castle-and-moat approach to security is dead’

Thycotic provides cloud privileged access management solutions to businesses to help them better control and secure their data. The cybersecurity firm works with companies such as Honda, BAE Systems and BP.
Terence Jackson is the chief information security and privacy officer at Thycotic, with more than 17 years of IT and security experience in the public and private sectors. He spoke to Siliconrepublic.com about his role and what major trends he sees coming down the line for the cybersecurity industry.

‘This new normal will help to accelerate the already growing trend for transitioning over to cloud services’ – TERENCE JACKSON

Describe your role and your responsibilities in driving tech strategy.
My primary role involves protecting Thycotic’s information assets as well as managing the risk and information technology programmes without hampering productivity to enable us to achieve our business goals.
I am responsible for providing enterprise-wide leadership to establish and maintain comprehensive information security across the organisation, which involves keeping the business informed about the latest threats and regulations that might impact us. Another element of my remit is providing cyber innovation, data privacy, and managing organisational risks.
Achieving all of this requires policy creation, education, training, security incident response, risk assessment, incident prevention, detection and forensics.
Are you spearheading any major product or IT initiatives you can tell us about?
Thycotic is renowned for providing solutions that help to ensure clients have as robust an information security programme as possible. It is my job to make sure the same happens internally at Thycotic and I’m always looking at ways in which we can improve our own information security.
Last year, we basically rebuilt our internal network from the ground up to provide better confidentiality, availability and integrity of our enterprise. We did a fair amount of enhancement around endpoint detection and response, which has paid dividends during the pandemic. My current initiatives are focused on data privacy and third-party risk management.
How big is your team? Do you outsource where possible?
We have the capacity and resources to deal with all critical tasks internally. This includes focusing on actionable alerts, refining our detection capabilities and prompt response and remediation of events.
To ensure my teams are able to deal with this as a priority, anything that is not critical is outsourced. This means that our in-house team, whose expertise is second to none, do not have the pressure or distraction of dealing with lower-level tasks and can focus their skills and experience on more complex issues.
What are your thoughts on digital transformation and how are you addressing it?
Personally, I love digital transformation....