Secret CSO: Greg Day, Palo Alto Networks

Secret CSO: Greg Day, Palo Alto Networks

Name: Greg Day

Organisation: Palo Alto Networks

Job title: Vice President and Chief Security Officer, EMEA

Date started current role: August 2015

Location: UK

Greg Day is Vice President and Chief Security Officer for Europe, Middle East and Africa (EMEA) at Palo Alto Networks. Day has extensive experience and insights from working in cybersecurity right from its earliest days in Europe. As part of Palo Alto Networks Office of the CSO team, Day is a regular writer and contributor of essays and blogs on cybersecurity issues, as well as a keynote speaker and expert panellist on industry forums across EMEA.

What was your first job? As a youth, I taught skiing part time. My first full time job was at Dr Solomon's software company, where I worked in technical support.

How did you get involved in cybersecurity? Working as a ‘temp' to fund my skiing career, but I had been interested in computers very early on (ZX81 and BBC Micros) - and I would spend more time re-programming than using them for playing games

What was your education? Do you hold any certifications? What are they? BSc Hons in Business Information Systems; UK CLAS consultant (now lapsed).

Explain your career path. Did you take any detours? If so, discuss. No, I was very lucky in that the founders of Dr Solomon's saw my potential whilst temping and challenged me regularly, which eventually helped me to change my mind about my future career. The company went on to sponsor me throughout my degree and also allowed me to work for them between ski seasons.

Was there anyone who has inspired or mentored you in your career? Yes, many along the way for different reasons:

Jacqueline de Rojas, for her leadership skills and mentorship.

Enrique Salem & Mark McLaughlin, for their ability to be such grounded business leaders.

My ski coaches, who showed me that you can achieve anything with hard work and commitment.

What do you feel is the most important aspect of your job? I love that every day is so diverse.  I wanted to be a car mechanic when I was young as I loved cars, but I found it very repetitive. I enjoy the moments when you help those outside the business to get their heads around cybersecurity. Also, being able to pass on knowledge to people is very rewarding.

What metrics or KPIs do you use to measure security effectiveness? I think most businesses rely on lagging metrics. At Palo Alto Networks, however, we try to balance leading and lagging metrics while continuing to test our own skills and capabilities. Most importantly, organisations must be capable of quantifying this across different levels of the business.

Regulatory metrics are increasingly impacting businesses, however its often their own scope as to whether these are a positive influencer or a distraction.

Is the security skills shortage affecting your organisation? What roles or skills are you finding the most difficult to fill? Thankfully, no. However, we tend to automate many of our capabilities and, because demands on cybersecurity are growing exponentially, even organisations relying on AI will soon find themselves struggling for staff. Being a leading brand with a compelling work culture, built around teamwork and collaboration, does mean that we still attract great talent.

Cybersecurity is constantly changing - how do you keep learning? You live and breathe it, there is no one single source. However, there is much more willingness to collaborate in the industry today - so much so that the main challenge has become the ability to digest the huge amount of information out there.

What conferences are on your must-attend list? My favourites are those where you meet your peers and have some very open and frank conversations about what's working and what's not. These aren't at the big expos; these are the smaller and more intimate events. Having said that, RSA USA is always great for seeing innovation, and offers a fantastic opportunity to catch-up with everyone in the industry.  The cyber security industry is a small and close-knit network.

What is the best current trend in cybersecurity? The worst? Worst - people that keep doing the same old things in cybersecurity because it worked before. Best - constant Innovations in technology provides: for example, the cloud is offering some amazing new opportunities in cybersecurity. As collaboration in the industry continues to evolve, cloud provides some great opportunities to leverage this collaboration with computer and storage capabilities. Just imagine 7.5Bn people working together to beat the adversaries.

What's the best career advice you ever received? Believe in your own abilities. The older you get, the more learn.

What advice would you give to aspiring security leaders? Be passionate about what you do. Always expand your horizons!

What has been your greatest career achievement? I have worked closely with law enforcement and have trained them on cyber forensics in years gone by. I'm currently supporting the NCA and Europol which is just one example. It's great to be able to give something back and help make the world a little safer. I recently did a training session in my daughter's school, leveraging content from Europol's stop online child abuse. See more here.

Looking back with 20:20 hindsight, what would you have done differently? Nothing, I've had a great life thus far. I would say the mistakes we make are some of the most valuable lessons learned. 

What is your favourite quote?Don't get caught up in the whirlwind of mediocrity "The real enemy of execution is your day job, we call it the whirlwind. It's the massive amounts of energy necessary to keep day to day operations functioning. Ironically, it's the thing that makes it hard to execute anything new. The whirlwind takes away the focus required to move forward strategically." (Paraphrased from the book the Four Disciplines of Execution: Get Strategy Done).

What are you reading now? I've recently read Exponential Organisations, and Homo Deus. I just recently also finished The Internet of Risky Things, with 5G coming, which is like fertiliser for IoT so expect to see lots more popping up soon. For great guidance on what to read as an aspiring cybersecurity expert, the Cybersecurity Canon offers a great reading list.

In my spare time, I like to… Do lots of sporty things and spend time with my family and friends.

Most people don't know that I… That's why they don't know! - Whilst I'm on social media and a huge technology fan, I keep my personal life personal. The point being, we should embrace new things but also consider our own personal boundaries.

Ask me to do anything but… Skydive - I would love to but, due to some previous back surgery, they won't let me!


« CIO Spotlight: Scott Laverty, Shane Company


Job losses versus freedom: where's the real RPA? »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail


Do you think your smartphone is making you a workaholic?