Can you tell us a bit about what Forescout does and what you’re building in Cork?
Forescout is a cybersecurity company that has been around since 2000, so it’s not exactly a start-up. While the majority of our revenue has historically come from the USA, we decided to focus on expanding and scaling our international business. As part of this strategic growth, we set up Operations Centres in Cork and Pune, India. In Cork, we specifically established a Customer Support Centre.
Our decision to choose Cork was influenced by several factors. Many of our executives, and others within the company, had prior experience with Operations Centres in Cork. This familiarity, combined with the availability of skilled talent in the region, made Cork an ideal location for our expansion.
What challenges and opportunities do you see in the cybersecurity industry in the near to medium term?
The biggest challenges and opportunities in cybersecurity revolve around compliance and the increasing number of connected devices. Compliance is becoming critical, with new regulations like NIS2 and DORA imposing significant fines for non-compliance. Companies must ensure visibility and proper governance around their cyber activities to avoid these penalties, which can be high.
Another major area of concern is the protection of critical infrastructure from cyber terrorism. As more devices become interconnected, the potential attack surface expands significantly. Devices now range from traditional laptops to heart monitors, pacemakers, and even everyday items like lawnmowers and baby monitors. This proliferation of connected devices increases the number of vulnerabilities, making industries like healthcare particularly concerned.
Moreover, political cyberterrorism is a growing threat. Hackers who were once non-political have begun taking sides in conflicts, increasing the risk of cyber-attacks on national infrastructure. The challenge is determining who is responsible for securing these devices—the manufacturer or the consumer. Often, hacks occur through the supply chain/third parties, complicating the security landscape further.
What technologies do you think have been or will be really impactful, both positively and negatively?
AI is the big one everyone’s talking about. On the positive side, AI can significantly support companies in managing their security. With IT security teams typically being small, AI can help handle the increasing volume of alerts and prioritise tasks without a corresponding increase in department size or investment.
However, the negative side of AI is also significant. AI can be used to create vulnerabilities faster, and it becomes harder to distinguish between interactions with real people and AI. This adds to the paranoia that security professionals often feel.
Another impactful technology is in healthcare. The ability to have connected devices monitor the health of elderly or ill family members can be incredibly beneficial. It enables remote monitoring and immediate access to medical data, which can improve care and peace of mind. This could lead to a whole new industry of outsourced hospital care in homes.
Yet, these advancements also come with risks. For example, the use of digital keys for hotel rooms raises concerns about security and who else might have access. Even doorbells with facial recognition technology can be hacked, posing significant security risks. The balance between the benefits of these technologies and their potential vulnerabilities is a constant challenge.
How do you stay ahead in cybersecurity, given the rapid evolution of threats and the constant need to anticipate new ways to penetrate networks and systems?
The key is having a strong research team; individuals who are intellectually brilliant and deeply passionate about cybersecurity. They’re not focused on selling products; they are obsessed with understanding and anticipating vulnerabilities and threats.
To stay ahead, companies must invest in these researchers. They need to support and nurture the curiosity that drives innovation and understanding in cybersecurity. This includes funding research, fostering an environment that encourages breaking and fixing technology, and running hackathons to generate ideas and solutions. It’s about creating a culture that values research, innovation, and continuous learning. Bringing together like-minded individuals in an environment where their skills and interests are the norm is crucial. This is not just about ethical hacking; it’s about having people who live and breathe technology and cybersecurity. Their analytical skills and curiosity drive them to figure out how major hacks happen and how to prevent them. Forescout is proud to have a world-class renowned research team (Verdere Labs), who focus on non-traditional IT and unmanageable operational technologies (OT) and IoT (Internet of Things) assets and vulnerabilities.
What should be discussed by the board of directors regarding cybersecurity?
From my experience on various boards, ensuring every member understands their cybersecurity responsibilities is crucial. Often, there’s an assumption that only tech-savvy members handle IT issues, but board governance trends indicate that every board member must be educated and informed about cybersecurity.
Key discussion points for boards should include:
- Board Competency and Training: Ensure all members receive adequate training to understand cybersecurity issues and their implications.
- Governance and Compliance: Stay updated on regulations like NIST 2, DORA, and GDPR, and understand the severe consequences of non-compliance.
- Accountability: Recognise that executives can face personal liability for breaches, highlighting the need for diligent cybersecurity practices.
- Technology Strategy and Risk: Integrate cybersecurity into the company’s overall technology strategy, ensuring risks are effectively managed.
- Crisis Management: Develop and regularly review an incident response plan with clear protocols for reporting and handling breaches within the required timeframe.
By addressing these areas, boards can better prepare their organisations to face the evolving cybersecurity landscape.
What challenges have you faced in attracting and retaining talent and how have you addressed them?
One of the main challenges was the competition from other tech companies. We were only hiring a small number of people, so we couldn’t make a big splash in the market. Instead, we worked with the Barden team, who helped us rewrite job specifications and position our roles attractively. Barden had access to candidates we couldn’t have reached on our own, most of whom were already employed elsewhere, making their network crucial to our recruitment success.
Our value proposition for candidates focuses on the opportunity to be part of creating and setting up something new in Cork. We offer a really cool office space in Penrose Quay, transparency about growth opportunities, and potential career development. We provide a chance to build something from the ground up and gain valuable experience. Transparency is vital in our recruitment process. We are clear with candidates about what we can offer and the reality of our situation. People appreciate honesty, and it helps build trust and manage expectations effectively.