Secret CSO: Mike Beck, Darktrace

What metrics or KPIs do you use to measure security effectiveness? “I am obsessed with mean time to detect, to contain and to remediate.”


Name: Mike Beck

Organisation: Darktrace

Job title: Global CISO

Date started current role: Mike started at Darktrace in 2014 as the Global Head of Threat Analysis, and his title changed to Global CISO in July of 2020.

Location: London, England

Mike Beck is the Global CISO of Darktrace. He has 10 years’ experience as operational advisor and delivery lead for a range of national security programmes in the U.K. government. With vast experience in consulting on tactical cyber defense, he oversees the support and training of Darktrace clients post-implementation. Prior to joining Darktrace in 2014, Beck also served as a GovCERT U.K. practitioner, defending against a wide range of cyber threats. Beck was also deployed as a civilian advisor to a number of active operational commands within the U.K. military.

What was your first job? My very first job was at the House of Fraser, a fashion retailer in the U.K. I had the privilege of travelling around the country, to install POS systems and troubleshoot IT and networking issues, to all the different retail locations. It was a great experience – I was only 17 years old and I was lucky enough to be trusted with a company car. As you can imagine, it was a lot of fun driving around and having so much independence and responsibility at such a young age, not to mention I got to experience so much first-hand. I didn’t know much about the IT world when I first started out, but I ended up learning on the job. It really was a gateway into the rest of my career and inspired me to keep going towards a future in tech. 

How did you get involved in cybersecurity? From my perspective, cybersecurity was the answer to my future because it really combines my background in IT and networking, being a software developer, with my operational experience from the military and intelligence services. I understand the technical domain of cyber, combined with the larger national security picture and I understand managing intelligence resources in an operational theatre. Years ago, I served in Afghanistan, and after returning from my time there, cybersecurity felt like a natural progression. I saw where the threat landscape was headed and the direction threats targeting the U.K. were trending. I was eager to put this knowledge and experience to work.

What was your education? Do you hold any certifications? What are they? I have an undergraduate degree in computer science from Plymouth University in England. I hold a CISSP certification, which is useful to show that I have been around the industry for a long time and have a baseline breadth of knowledge. The rest of my knowledge all comes from experiences; each experience has been so invaluable to getting to where I am today.

Explain your career path. Did you take any detours? If so, discuss. My career grew from a very early interest in tech – I remember being in school thinking at a young age that I wanted to break into IT. It was the dotcom boom, so it was all very exciting, glitzy, and new. After school, I started working at the House of Fraser, in retail IT and networking. I also worked for a major drinks manufacturer, writing macros to automate jobs where they were pulling data from mainframes into Excel to do specific calculations. I learned a lot about how much software could automate tasks and work alongside humans to really drive productivity while I was in that role.

Afterwards, I did a sandwich placement with the Ministry of Defence, working on databases that supported the RAF fighter jet management. It was there that I received my first big break and managed to get into an undergraduate sponsorship program at GCHQ. Once that happened, I dove into a technical stream that gave me an amazing view of how technology supports the intelligence services.

Upon graduating from university, I started full-time in Government Communications Headquarters (GCHQ) as a software engineer – but I really wanted to break into the intelligence side. So, I persisted and managed to switch into the intelligence officer stream. That led me into a completely new side to my career and led me to Afghanistan, where I was supporting military objectives, rule of law, and key leader engagement.

Once I returned home, I realised I had come back to a new world in the U.K., different from the way I had left it in terms of how seriously cyber security was being taken. The U.K. government had launched the national cyber security strategy, and all eyes were turning to this new threat landscape. I found it fascinating. I served another four years with U.K. government, protecting critical national infrastructure from cyberattacks. Finally, I joined Darktrace in 2014 as the Global Head of Threat Analysis.

Was there anyone who has inspired or mentored you in your career? I had an amazing manager during my placement with the RAF named Chris McManus. He helped me navigate government red tape and find new opportunities. We remain good friends to this day.

I have found similar mentorship and inspiration from Dave Palmer, who is Director of Technology here at Darktrace, and has always been there to turn to. He is full of advice and guidance. Dave was also my mentor on the day I joined the undergraduate scheme in GCHQ back in 2002 and has been someone who’s advice I have deeply valued long before my time with Darktrace.

What do you feel is the most important aspect of your job? I would say that the most important part of my job is enabling the business to keep moving the needle forward. The level of innovation that the Darktrace team has been able to achieve is incredible to be part of — it feels like a true privilege. I am providing security for a company that is able to provide creative solutions to real-world problems. My team understands the risks we face while delivering this technology to market, we mitigate where we can, and then we manage the rest. If I’m not here to enable the business and drive the technology forward, as quickly and as passionately as possible, then I wouldn’t be doing my job.

What metrics or KPIs do you use to measure security effectiveness? I am obsessed with mean time to detect, to contain and to remediate. At a company that is delivering an AI decision-making capability that can respond at machine-speed to threats in real time, I find it essential to have metrics internally that I can report. These metrics showcase my own implementation of Darktrace.

KPIs that provide supporting evidence that we are executing the fundamentals are essential: patch levels, understanding device lifecycles, identity management, and metrics on how privileged users are working across the business are all integral to what I do.

Is the security skills shortage affecting your organisation? What roles or skills are you finding the most difficult to fill? I honestly don’t find the skills shortage a problem here at Darktrace. There is definitely experienced talent out there, at every age. At Darktrace, we realise that people of all backgrounds and educations may have the skills within themselves that would allow them to become cybersecurity professionals. Because of this mindset, we have taken a corporate decision to grow talent internally from graduate roles. We also have a SOC functionality that is leveraging AI and mixing that output with human domain knowledge. Our unique pairing of human talent with artificial intelligence allows us to scale up as a security team and hire new talent who may not have worked in security before.

Cybersecurity is constantly changing – how do you keep learning? The constant change is one of the reasons I love my job! It’s not a domain where you sit through exams with huge volumes of knowledge and then once you complete your training, you are done learning. Experience drives the industry with the overlay of the right knowledge at the right time. I’m a huge fan of security podcasts and listening to peers explain what threats they are dealing with themselves, at their own organisations. I keep up to date with the daily cyber news and with new technology advancements – I find this constant thirst for knowledge and industry awareness essential to maintain.  

What conferences are on your must-attend list? I love Blackhat and Defcon – both serve as a time to meet and mingle with practitioners and leaders in the industry. I know my strengths and I also know my weaknesses. Recognising my gaps in expertise and staying humble leads me to seek advice from my team and from my larger network. My advice to other future cybersecurity leaders is to look for more local events. One of the small upsides to the pandemic and remote work is that these events are all online and they are now cheaper to access. I would recommend taking advantage of this and soaking up as much knowledge as you can. There is plenty out there to support your own personal development and industry understanding.

What is the best current trend in cybersecurity? The worst? I think the best trend happening right now in the industry is that more organisations are looking to leverage artificial intelligence. I truly believe AI is the way of the future for cybersecurity, and so to see technology tools that utilise AI become more popular and necessary, is just incredible. AI brings me hope because it can answer the industry’s scaling challenge by pairing with human security teams and by creating better-equipped teams to uncover cyber-attacks across an ever-expanding digital estate.

I would say the worst trend is probably the number of attackers that manage to get through unpatched systems. It’s a real shame to see completely preventable, drive-by attacks. Knowing that the technology exists to stop these sorts of outdated attacks, yet also knowing that the same attack methods that have worked for years are still able to break into systems, is frustrating.

What's the best career advice you ever received? I was told to think about the long game and I never forget that. Your career will ebb and flow, with many ups and downs. I’ve learned that you cannot pile pressure on yourself to be perfect. Making mistakes is a necessary and inevitable part of the learning process. If you can learn from your mistakes, they can be the most helpful way to achieve things you may have never known were possible before.

What advice would you give to aspiring security leaders? Stop yourself from trying to be part of the race – the race to get promotions and excel and be “successful” (whatever that even means). Instead, look for genuine opportunities to gain experience. The cybersecurity industry has an extreme shortage of leaders who have actually been in the trenches themselves, seen threats in the wild, and worked with intrusions and incident response. You shouldn’t rush to become a manager without broader experience first. The industry needs the people willing to be in the trenches first, who are willing to wait to become leaders until after that experience is gained.

What has been your greatest career achievement? This is so difficult to answer. I’ve briefed multiple foreign secretaries, received a campaign medal for my work in Afghanistan from the Chief of the General Staff and helped to protect the London 2012 Olympic games from cyber-attacks. After that, however, I would say being part of the founding team at Darktrace is really my proudest achievement. Bringing our unique and game-changing technology to market, and seeing how it helps thousands of customers worldwide protect their operations from attackers has been the most outstanding thing I have witnessed and taken part in.

Looking back with 20:20 hindsight, what would you have done differently? Honestly, I’m not sure I would have done anything differently. Looking back, I love the split between public and private career opportunities I have been fortunate enough to have. This is not to say I have not had really low lows, but even the lows taught me something and made me appreciate the highs. Each and every experience I’ve had was incredibly important in shaping me and making me who I am today. I remember being in my 20s and placing a lot on myself to achieve at all costs. Of course, that kind of mounting pressure results in anxiety about how I was doing and how my performance was being perceived. For someone going through a similar experience, I would reiterate that you need to be thinking about the long game, not just what is directly in front of you.

1 2 Page 1
Page 1 of 2