Christophe Foulon, founder and cybersecurity coach at CPF Coaching LLC, brings over 15 years of experience as a vCISO, information security manager, adjunct professor, author, and cybersecurity strategist, and a passion for customer service, process improvement, and information security. He has also spent over ten years leading, coaching, and mentoring people. As a security practitioner, Christophe is focused on helping businesses tackle their cybersecurity risks while minimizing friction, resulting in increased resiliency, and helping to secure people and processes with a solid understanding of the technology involved.
Christophe holds a Master of Science in Information Technology, Information Assurance, and Cybersecurity, a graduate certificate in Information Systems, and a bachelor’s degree in business administration/information systems from Walden University. He has also earned several industry certifications, such as the CISSP and GSLC.
Recently, in an exclusive interview with Digital First Magazine, Christophe shared his professional trajectory, insights on the most demanding challenges faced by CISOs today, the key takeaways from his latest book, future plans, words of wisdom, and much more. The following excerpts are taken from the interview.
Hi Christophe. How did you get your start in cybersecurity/tech?
I started my career in Tech Support, helping businesses use technology efficiently, and I began to see ways to help do so in a safer manner. I used that to help grow my career from the tech support side of things to supporting organizational cybersecurity and risk posture.
What’s one question related to cybersecurity that you are frequently asked in your role?
“How do you keep up with all the changes in technology, products, and solutions in trying to keep the business safe?” ~ The response is going to be different for each business, and it will be centered around understanding what drives the company in producing value and understanding what are the potential risks around that.
In your opinion, what are the most demanding challenges that CISOs are currently facing in their roles?
CISOs most demanding challenges are that they need to have both the ability to be technical in understanding the business risks in the technology which they use, and they need to be able to translate that into a conversation about how that affects the way in which the business generates value.
What was the inspiration behind co-writing your book, ‘Develop Your Cybersecurity Career Path’. Please brief us about the main takeaways from your book.
The inspiration behind the book was that there are many ways into the cybersecurity industry, and we (Gary, Renee, and myself) wanted to share those perspectives from a senior leader, a recruiter, and a practitioner. This helps the candidate understand the journey and how to develop their cybersecurity path.
Tell us about your podcast, “Breaking into Cybersecurity” and its main purpose and vision.
The podcast is focused on sharing the individual journeys of our guests as they broke into the cybersecurity field from sales, medicine, military, teaching, and so many others. It highlights the transferable skills they took from their former careers into their cyber career. We also bring on cyber leaders to share how they are developing the next generation of professionals and what they are looking for as they hire candidates to give our listeners a blended perspective of recommendations.
What does working in cybersecurity mean on a practical level, and what kinds of skills/personality traits are an asset in the field?
Practically, practitioners need to be problem solvers in understanding the business needs and how technology can be used to achieve them safely. We must be continuously curious about how things work, how to break them, and how to mitigate any risk in the process. We need to constantly learn about new technology and new ways to approach problems, as the threat actors are doing the same. This field is both a passion and a career, but you must have the passion to succeed.
In your academic or work career, were there any mentors who have helped you grow along the way? What’s the best piece of advice you have ever received?
I have had several great mentors along the way, and it is essential to have different ones from different backgrounds so that you can have diverse perspectives on how to help you grow. For me, the advice that stuck with me the most is, “If you are not enjoying what you are doing, and it’s starting to affect you, it might be time to find something else to do.” The cybersecurity field can be stressful, and career burnout is a common occurrence; sometimes, when that happens, you can reinvent yourself in a new way and still enjoy what you are doing.
What’s a major aha! moment you had related to cybersecurity, either personally or professionally?
Everyone is busy already and tasking them with one more thing to do to stay safe usually gains little results. Instead, focus on safety from the initial design and having multiple layers of safeguards or organizational guardrails to keep things on track.
Where would you like to be in the next 5 years?
I love solving problems at scale, and I have been working on helping organizations better prepare for the evolution of AI solutions in their business and how to use them to enable them safely. I am working with a great group of partner companies supporting solutions from cloud services to managed security solutions to help them achieve their goals.
Which technology are you investing in now to prepare for the future?
I have been focused on how to safely use and enable businesses to use AI solutions to achieve their mission safely.
What advice would you offer others looking to build their career in cybersecurity?
Start with a fundamental understanding of technology and cybersecurity space, you don’t need to know it all, but you do need to understand how they all play a part in the overall solution. From there, you can begin to find a niche in the space in which you want to develop more expertise, and this would help you specialize there and combine that with the generalized knowledge from before, have a solid foundation to build on.