“Security is a wide subject area and needs everyone from policy writers to exploit developers.”

Twitter: @digininja • Website: digi.ninja

Hacker, coder, climber, runner. Robin is the co-founder of the UK conference SteelCon, as well as a freelance security tester. He is the author of many tools and is always trying to learn new things.

If there is one myth that you could debunk in cybersecurity, what would it be?

That you have to be a hardcore techie to get into security. Security is a wide subject area and needs everyone from policy writers to exploit developers. Most people don’t know that much about their chosen area when they’re starting out, but as long as they’re prepared to learn on the job and put in the hours, they’ll soon develop the skills.

What is one of the biggest bang-for-the-buck actions that an organization can take to improve its cybersecurity posture?

Training their people—and not just the security team; teach all staff at least basic security skills. For example, if product QA knows that something really bad happens if they put a single quote in an input field and get a SQL error message, then you’ve got a whole department who can now pick up low-hanging fruit. Similarly, explain to normal office users what phishing is and why it’s bad, and then give them incentives to look out for it and report it. You now have your frontline acting as ...