“If you don’t work for a company that supports a good work-life balance, find another company to work for.”

Twitter: @davidrook • Website: securityleadership.ninja

David Rook is the European security lead at Riot Games. He has worked in technology for 18 years and in the information security space full-time since 2006. Before moving into the computer games industry, David held various application security roles in the financial services industry. He has presented at leading information security conferences, including DEF CON and RSA.

If there is one myth that you could debunk in cybersecurity, what would it be?

The perception that cybersecurity is an incredibly difficult technical problem. Most of the issues we want to prevent often require very low-tech solutions, or the control needed is simple. The hard part comes in changing the behavior of people and the company culture.

What is one of the biggest bang-for-the-buck actions that an organization can take to improve its cybersecurity posture?

Based on what I’ve seen work in my time in cybersecurity, I’d say my top four would be:

• Reduce the access employees have to the minimum needed, and implement multifactor authentication everywhere you can.
• Implement solid patch management.
• Provide a password manager license (and training!) for your employees.
• Speak to people and teams. Make yourself and your team approachable ...