Jake Bernardes is a seasoned security leader with significant experience as both a technical consultant & CISO. Having worked, & lived, all over the world working as a consultant, vCISO, CISO & Advisor, he learnt a lot about a little or a little about a lot. Jake has significant experience and expertise in building & scaling security functions in both growth & enterprise companies. He is also a specialist in GTM motions for security-focused products with deep experience in supporting international companies in breaking into the US market.
Recently, in an exclusive interview with Digital First Magazine, Jake shared insights into the most significant challenges facing the cybersecurity industry today and how they can be addressed, personal hobbies and interests, future plans, words of wisdom, and much more. The following excerpts are taken from the interview.
Hi Jake. What inspired you to pursue a career in cybersecurity, and what motivates you to stay in this field?
I, like many people, fell into this career. I was working in a tech/finance role at KPMG when they opened a position in the pen testing team. I’d grown up playing with computers, building boxes, hacking games and had a inbuilt desire to find a way to break things. I took the entry text (a hack the box) passed it and have never looked back.
I stay because I do what I love, and I love what I do. I’m lucky that my field fascinates me, and I work with super smart people on problems that genuinely interest me. I’m fortunate to be involved in a lot of communities and enjoy speaking and interacting with my peers and presenting whenever given the chance. Cyber is constantly changing, so if like me, you like to be constantly learning and growing, it’s a great place to be right now!
What do you love the most about your current role?
My last few roles have all been in security vendors and I love the combined role of both managing our security and compliance posture but also having relevance, a voice and a role in our go to market and business strategy.
What do you believe are the most significant challenges facing the cybersecurity industry today, and how can they be addressed?
We are at a crossroads where we now have a seat at the table with the big boys but most CISOs don’t have the business acumen, experience or language to thrive there. We need to grow up! Learning how to speak exec doesn’t just mean saying our ROI is based on the breach value we are stopping happening. We need to demonstrate how, without potential scenarios, we align with and deliver on business outcomes. Then we need to learn how to effectively articulate that.
How do you see the field of cybersecurity evolving in the next 5-10 years, and what skills and qualities do you believe will be essential for success in this field?
Continuing my thread from above, security professionals need to get both broader and deeper. Depending on their background they need to learn the other sides, maybe technical or maybe risk and compliance. They need to develop better leadership skills and evolve into the facilitators not the blockers they are currently seen as. I’m not sure there are definable skills or experience you need but you do need to deal with pressure and stress and to be able to solve problems as we constantly face new challenges.
One key thing we need to get better at is becoming advisors, not owners. We should be like legal counsel to the businesses we work for advising on risks and remediation instead of currently taking responsibility for risk. That’s a mindset shift and key skillset to develop and I think it’s fundamental for those aspiring to be CISOs.
Is there a particular person you are grateful for who helped get you to where you are?
While at NCC Group Ben Jepson was my Director and he gave me opportunity after opportunity to get uncomfortable and to grow. I’ll be eternally grateful for the trust he placed in me and the guidance he gave me that enabled me to be where I am today.
What are some of your passions outside of work? What do you like to do in your time off?
I have two kids, 10 and 7 years old, who keep me pretty busy but otherwise I love to be outdoors. I’m a keen runner and road cyclist and have a deep love for my beloved Sheffield United soccer team where you’ll find me and my son every week.
How do you approach leadership and team management, and what qualities do you believe are essential for effective leadership?
I’m an advocate for intent-based leadership and recently did a podcast with Assaf Keren (CISO at Qualtrics) talking about this. You have to hire well and then trust who you hire. Set the vision of where you want to be with them and then leave your team to do the operationalisation of that plan. Trust is the key. It’s also fundamental that you care, a team should feel like a family.
Which technology are you investing in now to prepare for the future?
It would be easy to say AI right now but let’s dial that in a bit. We are focusing on areas where there is real potential for this to solve problems or enhance outcomes in a meaningful way. I also think this will drive a whole new approach to third party risk management, so we are spending some time thinking about that right now too.
What is your biggest goal? Where do you see yourself 5 years from now?
Professionally, I want to keynote at BlackHat or RSA at some point. Personally, I want to do Everest Basecamp or Kilimanjaro with my son and do a sub-3-hour marathon.
Five years from now I hope Anecdotes has gone crazy, we hit 1000+ employees and are heading to IPO, that’s the dream for every CISO in a tech company.
What advice would you give to individuals looking to break into the field of cybersecurity?
Don’t listen to what’s you’re being told about required certifications or education. Approach people like me with what you want to do and why. We’re more interested in the individual than the acronyms of security qualifications.
Find your superpower and improve it. Too many people focus on strengthening their weaknesses when the best focus on strengthening their strengths. That’s what makes you succeed, what makes you saleable, what makes you employable. Also don’t be afraid to reach out to people for advice as I, along with most of my peers, am always willing to talk and help.