In the ever-evolving landscape of cybersecurity, keeping abreast of the latest threats, vulnerabilities, and emerging trends is paramount. This becomes increasingly significant as malicious AI poses new challenges. How do Chief Product Security Officers (CPSOs) stay informed about these factors relevant to their organization’s products? More importantly, how do they integrate this vital threat intelligence into their security strategies?
As a part of this series, we had the pleasure of interviewing Mike Evans.
Mike is a leader in intelligence, risk, and security, leveraging significant experience and subject matter expertise spanning the private and public sectors, with unique insights into the world of protective services, to safeguard what matters most to organizations. With more than 15 years of professional experience in security, including in industry, in-house, consultancy, and the military, Mike has strategic and operational expertise across multiple protective disciplines, including all-source intelligence, corporate and physical security, cyber security, risk, resilience, and crisis management. Most recently in industry, as Director of the Securitas Risk Intelligence Center (RIC), Mike is responsible for the strategy and execution of Securitas’ Risk Intelligence services globally. Mike established the RIC in 2023, having led the Securitas Intelligence Unit (SIU) since 2020, evolving the business from an in-country operation into a global solution, providing intelligence for organizations, including industry-leading corporates, multinationals, and small to medium-sized enterprises.
Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?
I grew up wanting to make a difference. I did not know what that difference was, but I wanted to make things better. And when it came to ‘choosing a career path,’ I did not know what I wanted to do, and at the time I did not know that what I do today even existed. I am incredibly fortunate to have found a path in the world of security, where I CAN make a difference, and I can help to make the world a safer place.
Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.
I fell into the world of risk, security, and threats by accident. I started my journey in the military, focusing primarily on conventional and hybrid threats. My first true experience with cyber security was during the 2012 Olympics. During a crisis management exercise, we explored a scenario involving a ransomware attack on the London transport infrastructure. The idea that a cyber threat could have real world impacts (and not just the Hollywood version you see in the movies) genuinely blew me away. The notion of threat convergence, how a cyber threat can result in physical impacts, and vice versa, and the impacts on the day-to-day ‘real world’, (re)shaped my career.
Can you share the most interesting story that happened to you since you began this fascinating career?
I am lucky enough that every day is a ‘school day’. Every day is interesting in the world of Intelligence — especially in the context of current events. If I had to pick one thing in the cyber domain, it would be the NotPeyta ransomware attack in 2017. I was working in a global financial services organization at the time, in a role covering both corporate security intelligence and cyber threat intelligence. When the NotPetya attacks first began, we quickly identified the unfolding crisis using intelligence capabilities we had developed internally and assessed the impacts on our organization as businesses in multiple industries were impacted by the attack. Thanks to our proactive approach, we were able to implement security controls that helped mitigate the potential threat to our organization and turn uncertainty into certainty by translating general awareness into real-world action.
You are a successful leader. Which three-character traits do you think were most instrumental to your success? Can you please share a story or example for each?
Lead from the front — The role of the leader is to lead the way from the front, but that also means you should be prepared to be on the ‘front lines. In the Securitas Risk Intelligence Center (RIC), everyone is an 'analyst.' Whether you are a Director, Head of, Manager, or an entry-level ‘junior’, everyone is an analyst. Myself included. Which means that even though my primary focus is on driving the business, I will also be on the ‘front line’ of the operation, whether that’s managing the response to a crisis, analyzing an emerging threat, or engaging with a customer’s request for intelligence (RFI). It’s part leading by example, but it’s more about showing that ‘we are all in this together’.
Listen to those ‘at the back’ — I try to make time to engage with all parts of the organization, especially those roles that I am distant from on a day to day basis, to understand what’s working, what’s not, and what can we do better at. And it goes beyond roles — it’s about individuals, too. The quiet ones ‘at the back’ have a voice just as much as anyone else.
Learn from everyone — It’s impossible to know everything. That includes both subject matter expertise (SME), ways of working, and soft skills. Every day is a school day, and I do genuinely try to a) learn something new every day, and b) teach someone else something new every day. Learning is the key to growth. And I try to learn from everyone, as everybody has something they can share.
Are you working on any exciting new projects now? How do you think that will help people?
A big focus for me is the concept of intelligence-led security. In short, it is about integrating intelligence at the strategic, operational, and tactical levels of security, to provide decision making advantage and confidence, and maximizing the impact security can have to safeguard what matters most. Ultimately, this will help decision makers implement security strategies that align with their organization’s needs, in context of the threats and risks they face. It will help maximize return on investment in security, connecting security to strategic objectives or the organization, and provide peace of mind, allowing decision makers to focus on their priorities.
How do emerging technologies like AI and machine learning influence the risk of the cybersecurity landscape?
AI and machine learning force multipliers. If you use them, you are at an advantage, but if you do not use them, you are at a disadvantage. That being said, these technologies do NOT replace humans. In the RIC we have embraced the combination of human expertise AND cutting-edge technology. Emphasis on combination. Everything we do has a human in the loop.
Could you highlight the types of cyber-attacks that you find most concerning today, and why?
Deepfakes, whether that’s audio, imagery, or both — because society as a whole is NOT ready to respond to this threat, and it can impact you at work, and at home.
Can you share an example of a real-world incident or threat related to malicious AI that you’ve encountered, and how you responded to it? What lessons did you learn from that experience?
The RIC does a lot of work on the threat posed by misinformation (misleading information), disinformation (deliberately false information) and malinformation (malicious use of true information). Recently we have seen a number of cases of executives being targeted, whereby threats actors ‘pose’ as the executive to target unsuspecting members of staff to steal money, or information. While this threat is not new per se, the use of AI to clone an executive’s voice, or mockup a video that looks like them, is a highly sophisticated threat which is becoming increasingly easy to deploy thanks to widespread capability of advanced AI tools. And that is the lesson — you do not need to be a ‘nation state’ level threat actor to launch ‘advanced’ attacks, nor are these attacks targeting just ‘nation states’ anymore.
What advice do you have for organizations that are in the early stages of developing a security strategy for AI systems? What are the key or guiding principles they should follow? Could you walk us through the recommended steps to take immediately after a cyber-attack is detected?
Even though you are in the early stages, the work never ends. Technology is going to continue to develop, and you will need to continue to develop your strategies concurrently. In the event of a cyber-attack:
1) Follow your SOPs
2) Communication is key
3) Don’t just focus on the IT issue; focus on the business impact.
Ok, thank you. Here is the main question of our interview. What are the “5 Things You Need to Stay Informed And Agile About New Cyber Security Threats” and why? (Please share a story or example for each.)
1. A cyber threat targeting ‘you’ is not a question of ‘if’ — it’s when.
Example: When was the last time you checked if your email and password have been in a data breach?
2. Cyber threats will develop faster than security can keep up with them.
It’s why zero days are called what they are, because they are a vulnerability that even the developers were not aware of.
3. Cyber threats rely on finding the ‘weak link’ in the chain. Do not be the weak link.
Report the suspicious email. Don’t click on the suspicious link. Do not post things on social media that could be misused by someone else.
4. Cyber threats can have physical impacts.
Just look at recent cyber-attacks targeting airlines and airports, and critical national infrastructure.
5. Cyber threats are not just boolean 1’s and 0’s and lines of code — they are text in a social media post, a viral image, a deepfake video.
You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger.
Critical thinking — it’s key in today’s world of information overload. In short, critical thinking is ‘thinking about thinking’ and, in the long run, analyzing information in a structured way to develop an assessment which can be put into action. This is a fundamental skill that needs to be developed in society at large. We are being bombarded with information that is influencing our thoughts, feelings, beliefs, and decisions. Identifying and understanding this is key to retaining the ability to be who you are and act as you deem right. If something is too good to be true, or too bad to be true, it’s probably not. Whether that’s an intriguing investment opportunity, a promising job offer, or a politically charged post on social media, we need to develop people’s ability to ask, ‘so what?’ so that they can determine their own courses of action without external influence shaping their decisions for them.
