Jacob Thampi on Cultivating Curiosity and Collaboration in Cyber Security
Date Posted:
Reading Time:
Cyber security is complex, and being 100% risk-free is unattainable — unless you plan to isolate yourself from the world.
To stay ahead of threats, organisations need more than just the latest technology. They must nurture a workforce that is curious, adaptable, and collaborative, saysJacob Thampi, VP, Head of Cyber Security Consulting at QBE North America.
He sat down with Chaleit’s CEO,Dan Haagman, to explore the importance of curiosity in cyber security and why complexity isn’t always as bad as it sounds.
Watch the chat and read the main takeaways below.
Curiosity as a fundamental trait in cyber security
Curiosity is critical in cyber security because it allows people to go beyond the superficial and approach tasks with a mindset of understanding the underlying reasons behind them.
Curiosity helps address inefficiencies in all domains. Jacob recounted his time at a chemical company that prioritised process excellence akin to Lean Six Sigma principles. When tasked with managing a system aimed at improving processes, thus minimising waste and enhancing efficiency, he learned the importance of understanding the problem before devising solutions.
Jacob has a lean mindset in his work, which leads to continuous improvement and drives value. As a cyber security leader, he also fosters a culture of curiosity and problem-solving in his team, encouraging people to identify issues, propose solutions, and collaborate to refine ideas.
Cyber security leaders must step back, challenge established scripts and routines, and consider problems from different perspectives.
Embracing change and diversity of thought
Jacob argues for a more inclusive approach to cyber security that values collaboration, diversity of thought, and change.
Cyber security leaders must step back, challenge established scripts and routines, and consider problems from different perspectives. They should also not avoid change. Proactive individuals are valued and sought after, Jacob believes, and improving processes should always be a goal, not something to be feared.
Collaboration is essential in this continuous improvement process. And while working together with different departments may add complexity, it also ensures all stakeholders are involved, leading to stronger partnerships and more meaningful outcomes.
All companies would benefit from having a point person for cyber security-related inquiries, someone who can provide guidance and facilitate discussions among different teams.
Cyber security as a shared responsibility
Cyber security is not solely the responsibility of the cyber team but is intertwined with broader risk management efforts, so it comes down again to how well various departments collaborate.
The evolving compliance landscape has significant implications. Jacob’s role involves educating stakeholders about cyber security regulations and risks and fostering a partnership based on transparency and honesty.
All companies would benefit from having a point person for cyber security-related inquiries, someone who can provide guidance and facilitate discussions among different teams.
Constructive debates and discussions, where diverse perspectives are considered, lead to the best solutions for the business and its customers, Jacob believes. Partnerships are key to ensuring that decisions are made in the best interest of the company and its stakeholders rather than simply adhering to regulations or pursuing superficial goals.
Organisations need to adopt a proactive approach to cyber security centered around defence in depth, ongoing education, and adaptation to emerging threats.
Realistic risk management
It’s impossible to achieve 100% closure on all risks — unless you choose to disconnect entirely from the internet and isolate yourself, which is, of course, not practical for most organisations.
Given that absolute security is unattainable, the emphasis should be on minimising risks, not eliminating them completely.
To achieve this, organisations need to adopt a proactive approach to cyber security centered arounddefence in depth, ongoing education, and adaptation to emerging threats. They must operate under the assumption of potential breaches and have robust processes in place to address them.
Effective communication that resonates with people fosters collaboration and understanding, ultimately leading to a more proactive cyber security culture.
Technology and people, a winning combination
Cyber security leaders must work efficiently with available resources, and that includes both technology and people. While automation is valuable, it cannot yet solve every problem, and there is still a need for human problem-solving skills.
However, human error occurs even with sophisticated controls in place. That’s why education and awareness are crucial, including providing tangible examples and data to illustrate the importance of security practices to employees.
To mitigate risks effectively, it’s also important to hold individuals accountable and reinforce clear policies and guidelines from the top down.
Communication is an essential skill for cyber security professionals. Jacob shared an example from a previous organisation where he successfully implemented single sign-on technology by clearly explaining its benefits to stakeholders.
Effective communication that resonates with people fosters collaboration and understanding, ultimately leading to a more proactive cyber security culture.
By empowering individuals to ask questions, challenge assumptions, and work together, organisations can build a strong defence against threats. That’s why we base all our client relationships on meaningful conversations to uncover problems and understand the underlying reasons behind processes, not just scratch the surface and tick compliance boxes.
If you’d like to discuss your cyber security challenges in depth, contact us. And if you want to continue to learn more from more top experts, check out ourblog andconnect with us on LinkedIn.
Need help cultivating curiosity and collaboration in cyber security?