Ross McKerchar describes his 18-year journey from Sophos’s first internal security engineer to CISO, explaining how leadership, recruitment, and team management differ from technical training. He outlines key challenges including senior-level skills gaps, AI-driven attack evolution, burnout, legal limits around retaliation, and a growing trust problem in security products. #Sophos #PacificRim
Keypoints
- Ross McKerchar rose from Sophos’s first security engineer to CISO, learning leadership on the job.
- The cybersecurity skills gap is most acute at senior levels, requiring experience and emotional/business intelligence.
- AI is changing the threat landscape by enabling higher-volume phishing and faster vulnerability discovery, though it lacks organizational context today.
- Sustained on-call pressure and increasing attack volumes heighten burnout risk, so workload management and wellbeing measures are essential.
- Failures in security products undermine industry trust, prompting robust, legally vetted defensive measures like the Pacific Rim response.
Read More: https://www.securityweek.com/ciso-conversations-ross-mckerchar-ciso-at-sophos/