CyberWire Daily - Jack Chapman: Shielding against the bad guys. [Threat Intelligence] [Career Notes]
Episode Date: April 16, 2023Jack Chapman, VP of Threat Intelligence at Egress sits down to share his story on how he found his way into the cybersecurity field as well as his journey creating a cybersecurity company that was suc...cessfully acquired. Jack previously co-founded anti-phishing company Aquilai and served as its Chief Technology Officer, working closely with the UK’s intelligence and cyber agency GCHQ to develop cutting-edge product capabilities. Aquilai was acquired by Egress in 2021. Now he is working with Egress as what he calls their "chief bad guy," helping to shield his team from threats. He says "I'm probably what you call a servant leader, my mission is to enable and shield my teams from things that will prevent them from succeeding in their missions, whatever that might look like." Jack hopes to be remembered for making a meaningful impact to help drive the field forward. We thank Jack for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024. These traditional security tools expand your attack
surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security. Thank you. Learn more at zscaler.com slash security. I sort of made the quite conscious decision to go into technology from quite an early age,
and even cybersecurity always interested me back then, even.
I grew up with two parents who were police officers.
So as you'd imagine, in the physical world, I got away with absolutely nothing.
And then there was this cyberspace or technology space.
The internet was quite new then, and that was where I could get up to trouble, really.
So I remember having some second-hand computers from my dad's work at home
and always dismantling and building loads again.
And I remember I'm of the age where schools were just starting to get computers in
and starting to have the first sort of IT lessons.
And it's all quite a new world for everyone at the time.
As soon as I came out of university,
I sort of was looking around some of these cybersecurity conferences,
like you do, seeing the offerings there.
And I'd spent a couple of years researching the domain
as I already knew I wanted to go into cybersecurity.
So I went and worked for a couple of different startups
for six months here and six months there,
just to get a bit of background experience and
start my network and then I started the journey for my first startup which failed completely
funny enough. It was fantastic technically but the thing they don't teach you at university is
you need to have customers which was a bit of a shock to quite a young 20-year-old. Then after which, we sort of
sat down one day, myself and my co-founder, and we decided it's not going to work. Do we want to
sort of pack it all up and sort of go and get day jobs? Or do we want to do the mad thing of trying
again? And we decided actually, we've learned a lot on this journey from the first day when we didn't even know how to found a business,
all the way through to actually, we're starting to learn some things here.
That's interesting. And the pace we're learning is increasing.
So we looked at what technology we had and we said, OK, actually, we think we can do something in the fishing space with some of this
technology and we sort of got a lucky break where we got some of the interest from NCSC and GCHQ
which is the UK equivalent of the NSA and we sort of showed them our technology and they tore it
apart to bits they sort of went home very depressed going oh my
goodness i've not made anything good here and we get a phone call not too long later saying
they're actually quite impressed with what we've produced and whether we wanted to sort of apply
to go on their accelerator program which is a bit of an emotional roller coaster to be honest
it wasn't what I was expecting there.
So we went through all of the process.
It was sort of a competitive bid.
And we managed to get selected as the anti-phishing solution
for that particular accelerator program
that was sort of being pushed forward by UK government.
And it was a fantastic experience where we spent nine months working with these sort of
global experts on the sort of taking our baby and trying to grow it to something that can really
have an impact in sort of the global ecosystem even and overlap period we refined the product
and grew it and it had a really sort of positive impact where it was showing that it was essentially
outperforming even our initial expectations which is very satisfying from building something from
nothing. Through lucky coincidence we got put in touch with egress where I'm currently employed
and a fantastic
conversation with the founders.
We were very aligned on vision and ethos is things that really matter to us
all.
And it's been sort of a bit of a fantastic journey,
very sort of going from that small team where you're still trying to do your
initial sort of proving the market with your product to sort of do multi
million pound revenue a year business.
We did want the same mission for that product.
We can drive this faster and sort of better, for lack of better words, together,
rather than the speed I could have done it on my own or with my smaller business.
So it's been a really good experience.
And especially from a lot of my colleagues who have done a similar experience,
I was really thankful because I've heard so many times where it's gone wrong.
I was very nervous to begin with,
but it's all turned out incredibly well, to be honest.
So my formal title is VP of Threat Intelligence,
but in some ways, I'm egress's chief bad guy.
I'm the one who will think like the criminals do.
So most of my day-to-day is essentially enabling people
because they're all very driven
and we're trying to make sure everyone's enabled
as much as possible to own what they're doing.
And that's very important to me,
that sense of ownership with people. I'm probably what you call a servant leader.
My mission is to enable and shield my teams from things that will prevent them from succeeding in
their missions, whatever that might look like. I'm not there to micromanage or any of those things.
It's something I believe doesn't get the full results
and the full enablement on seeing people grow into this role.
And one thing we always talk about is what is the mission
of what we're doing on a daily basis?
Because that gives us that sense of fulfillment,
which I think is very important,
especially in a field like cyber
where it really does have a real world impact.
First of all, I'd say cyber is a fantastic career, both in a technical sense,
but there's also a lot of non-technical career paths into cyber.
What I would recommend is do your reading around the subject,
but also reach out to people in the
industry the mentors i've had no one i've ever reached out to has rejected me in a mean or
horrible way everyone is very welcoming as we've all been on similar paths on top of that i'd also
advise of try lots of different elements of cyber it's quite a broad church of different job roles and functions and missions.
Give it a go.
There's a lot of resources online where you can sort of try out different elements
without having to get a job and sort of commit to certification.
And it's more accessible today than it's ever been before.
than it's ever been before.
For me, it's the people around me which sort of help drive me.
For me, seeing them succeed,
seeing them overcome their challenges
and also just remembering that at the end of the day,
the work we're doing has real purpose.
With my background of having strayed onto the other side of it as a
young child um the thought of frustrating criminals gives me a great sense of satisfaction
so when whenever i'm having sort of a tough day i sort of always think back to
what is the mission here and how am i helping people and beating bad guys. I'd like to have had a meaningful impact to help drive our
whole field forward. We see a lot of modernization and a lot of things changing in cyber security at
the moment. I'm hoping to play my small part where I can help drive that forward. For me it's less
being remembered as an individual, It's more around ensuring that
I can leave the world slightly better than it is today. Thank you. with ThreatLocker, the cybersecurity solution trusted by businesses worldwide. ThreatLocker
is a full suite of solutions designed to give you total control, stopping unauthorized applications,
securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and compliant.