Secret CSO: Gerald Beuchelt, LogMeIn

Secret CSO: Gerald Beuchelt, LogMeIn

Name: Gerald Beuchelt

Company: LogMeIn

Job title: Chief Information Security Officer

Date started current role: May 2017

Location: Burlington, Massachusetts

Gerald is the Chief Information Security Officer / Vice President for LogMeIn responsible for the security, compliance, and technical privacy of LogMeIn's products and corporate assets. 

What was your first job? The first job I held was at a commercial hospital laundry in Germany where my main task was to load up the laundry. Every day, I would be responsible for shoveling mountains of sullied laundry into a huge, industrial-sized washing machine. It was a mundane yet laborious job, but I always felt a sense of achievement at the end of each day.

How did you get involved in cybersecurity? One of my first jobs in the tech industry was as a Network and Systems Manager at the University of Cologne. The role introduced me to the various ins and outs of technologies.

Following this, I spent over 11 years at Sun Microsystems - during the peak of the dot-com era. My main focus was on resolving interoperability challenges, helping businesses overcome hurdles in exchanging and using information seamlessly across systems, such as Solaris and Microsoft. Many of the businesses that I worked with were in the cybersecurity space and were facing significant challenges on this front.

That really piqued my interest and I became more invested in investigating why security companies in particular were having such unique interoperability issues - which ultimately led me to working in cybersecurity.

My first "official" role in cybersecurity was when I served as a Principle Information Security Engineer at MITRE - helping government programmes incorporate advanced identity management and security technology within their operations.

What was your education? Do you hold any certifications? What are they? I hold a Master of Science Degree in Theoretical Physics.

Explain your career path. Did you take any detours? If so, discuss. For a brief period between 1994 and 1997, I dabbled in journalism. I worked as a freelance IT journalist and published several articles in various major German computer magazines, including "DOS" (DMV) and "PC Professionell" (Ziff-Davis).

Was there anyone who has inspired or mentored you in your career? Eve Maler who is currently the VP Innovation & Emerging Technology at ForgeRock. She is widely regarded as one of the the inventors of the Extensible Markup Language, better known as XML and the Security Assertion Markup Language (SAML).

Eve and I go a long way back, having worked together for several years when we were both at Sun Microsystems. She helped me understand the intricacies of the open standards community back in the day.

It's safe to say that Eve was one of the most important driving forces in my work life, moulding my career journey and my passion for cybersecurity.

What do you feel is the most important aspect of your job? Promoting better communication between team members, partners, customers, and other stakeholders.

I strongly believe that security is more about the people than it is the processes or technology. Customers and employees - no matter the seniority level - should always come first and ensuring they are equipped with the right skills and the right mindset is key to attaining good security practices.

What metrics or KPIs do you use to measure security effectiveness? There are several technical and operational KPIs that can be used to measure security effectiveness such as solution time, vulnerabilities per solution patching cycle, and audience metrics.

From a business perspective, however, it is more critical to be aware of how quick your organisation is at effectively adapting to events and whether your security measures are supporting the overall business.

Some ways to measure this include looking into what kind of revenue the business is supporting through compliance-related efforts, where your pitfalls are, what risk management strategies you have in place, what the overall efficiency run-rate is and how these translate to vulnerability.

I have found that it is only through keeping track of both operational and business-oriented KPIs, that you get a well-rounded outlook of how effective your organisation's security measures are.

Is the security skills shortage affecting your organisation? What roles or skills are you finding the most difficult to fill? We are always on the look-out for individuals with a security mindset - a skillset that is as hard to define as it is to find.

A security mindset goes further than just possessing the necessary knowledge or technical skills needed to thrive in a job role. Instead, it involves having a keen eye for potential threats, the willingness to dig deep to find out where the gaps lie and the ability to think outside the box. These individuals are able to think like an adversary, allowing them to always be one step ahead - which is a key skill to possess in today's cybersecurity landscape.

In addition to this, security is truly a team sport, so the ability to collaborate openly and thrive together in diverse community is critical. While knowledge and skills are vital to stay ahead of our adversaries, we can really only hope to address security issues in a concerted manner.

So the problem becomes how to find the right security genius who can play in a large team and influence stakeholders to make tough choices and investments without always having formal mandates.

Cybersecurity is constantly changing - how do you keep learning? One of the best ways to learn is by working with peers in your respective local community. Reading regularly of current news and listening to podcasts helps to contextualise current trends and events. I also follow several key thought leaders across various industries on social media platforms such as Twitter. I often find myself re-tweeting them and getting involved in the conversations myself, which is a fantastic way to learn about the different perspectives.

If you are lucky enough to work with global colleagues, you should embrace the opportunity to learn from them. I often find this to be the best way to gain an international outlook of security trends, which is incredibly helpful in building my knowledge base.    

What conferences are on your must-attend list? Large-scale events such as the Gartner Symposium, DEFCON and RSA Conference have always remained favourites for tech executives and enthusiasts alike.

While these conferences are without a doubt an exceptional platform for best practice sharing and knowledge exchanging, over the years, I have found that the bigger the conferences the harder it can be to get quality face-to-face time with fellow attendees.

My advice to fellow tech enthusiasts would be to expand and include the smaller events to their must-attend list as well. Smaller conferences offer equally good opportunities to meet like-minded people and share knowledge.

What is the best current trend in cybersecurity? The worst? My biggest concern is that nearly everyone in the security industry considers themselves to be an expert these days.

Cybersecurity has exploded in popularity in recent times. More and more businesses are realising the critical importance of keeping themselves safe and improving their cyber-readiness. Over the coming few months, it would be good to see more businesses jumping on the bandwagon and conducting risk-based assessments and employing threat-centric approaches to their cybersecurity practices.

One thing that concerns me would be the potential threats associated with deep machine-learning and emerging AIs. As automation becomes more advanced, so do the methods bad actors have up their sleeves. News of cyber threats and data hacks make the headlines far too often. These instances should remind us that there is a heightened need for the "good side" to be prepared to combat threats with similarly advanced solutions.

Ultimately, it is a matter of who innovates faster and who is quicker at leveraging machine-learning technologies and AI.

What's the best career advice you ever received? Always follow your passion.

As cliché as that sounds, this advice has always rung true for me and has been one that has guided me through several career decisions.

No matter your career path, I've found that the key to success lies in how much you're willing to do outside of the job. Your career should mean more to you than just a 5-days a week, 9am to 5pm routine and a job should always be more than just a job.

If you feel passionate towards what you do, you will find that you feel motivated enough to read about the relevant topics in your own time and build your knowledge base and skills outside of work.

What advice would you give to aspiring security leaders? My number one advice to anyone in the security industry would be to focus on people, processes and technology - in that order.

Many security leaders these days are armed with an abundance of technical knowledge and skills, but can be lacking in critical understanding of the factors that can make or break a good organisation.

Legal, finance, HR, sales - all these functions play equally critical roles in influencing the success of any good business and security leaders must understand that in order to succeed, these functions must work harmoniously, towards the same business goal.

Unlike technical skills, these soft skills are not ones that can be easily picked up through academics. These are the kind of skills that you hone carefully over the years as you move through your career journey.

It is only by focusing on building up these skills can aspiring security leaders make a mark in their field.  

What has been your greatest career achievement? My career journey has allowed me the incredible opportunity to help others in the industry go the extra mile in their own career journeys.

Mentoring people, answering questions where possible and spreading the knowledge and experience I have accumulated over the years - both good and bad - has always given me joy.

I take great pride in knowing that I have had a part to play, however small it may be, in helping others create successful experiences for themselves.

Looking back with 20:20 hindsight, what would you have done differently? I can honestly say, I wouldn't change a thing!

What is your favourite quote?"We should therefore claim, in the name of tolerance, the right not to tolerate the intolerant." (Karl Popper on the paradox of freedom)

What are you reading now? A couple of things: A book my wife gave to me titled "When Asia was the world" Defense Intelligence Agency's report on Chinese military power

In my spare time, I like to… Hang out with my lovely family, go on regular walks with our dog, go on little hikes and snowshoe.

Most people don't know that I… took about 20 years of piano lessons when at a younger age, making half-way decent amateur recitals of Liszt's Hungarian Dances and some easy Rachmaninoff pieces.

Ask me to do anything but… Eat bell peppers - I cannot pass on it hard enough!


« CIO Spotlight: Dustin Bolander, Clear Guidance Partners


Open source a silent killer? CAST talks about their new alliance with Software Heritage »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies


Do you think your smartphone is making you a workaholic?