A journey through a cyber career

Allan Alford (CEO at Alford & Adams, Podcast Host at The Cyber Ranch) started out as a hacker – and from there, embarked on a tech career that has spanned coding, systems administration, and IT management. A pivot into engineering took him in the direction of product security; and today, he has extensive experience as a CISO in organisations across four industries.

Leveraging this experience, Alford founded Alford & Adams Consulting to offer strategic cybersecurity guidance to companies in a wide range of industries. And he also launched The Cyber Ranch: a podcast that explores the human perspective in cybersecurity.

He’s coming to speak at Black Hat MEA 2024. And we caught up with him ahead of the event for a quick glimpse into his perspective on security and being a CISO. 

What are you working on at the moment? 

 “I’m very keen on product/application security at the moment – finding ways to integrate lessons learned, input, outputs, tooling, processes into the greater enterprise security program.  

“For example: How do you justify having two separate risk registers? 

“I’m also working on a lot of random things like authoring AI/LLM policies, deepening the CISO relationship with Product, Log aggregation pre-SIEM and other weird stuff.” 

What motivated you to launch The Cyber Ranch - and what have you gained from hosting a cybersecurity podcast? 

“It’s my second podcast. I co-founded and co-hosted another one for two years prior. So I’ve produced a weekly show for nearly 5 years! I decided to go out on my own when I launched The Cyber Ranch, and decided to craft a show more to my tastes.  

“What do I get out of it? I learn. So much. My guests are brilliant and bring so many perspectives and so much knowledge. My job is to ask smart questions, and that often means I must do a lot of research to ensure that my questions are not stupid. As to what else I get out of it – professional connections, friendship and money when I have the time to bother with sponsors.” 

Do you think CISOs are facing new pressures that weren't part of the job a few years ago? 

“Only in the liability/accountability sense. We’ve seen some precedents of CISOs being targeted as individuals. Otherwise it’s the same old pressures – tackling the threats and risks with less resources than desired, selling the mission to the organisation, juggling business and technical skills, trying to stay current on technology.”

As a consultant, what are three of the most common security mistakes you see organisations making?

“The first is not recognising the need for security in the first place, and not having anything meaningful about it at all. ‘I’m too small to be a target!’ or ‘Didn’t we already buy antivirus?’

“The second is treating it like a technology challenge instead of a business challenge.  

“The third is thinking of security as an afterthought to be bolted on rather than integrated early. 

“Noting that most of these mistakes are cured by having a GOOD security professional engaged, but that companies are frequently lacking any security professional, or have a bad one engaged.”

Finally, why are events like Black Hat MEA valuable to you and your work?

“It’s an opportunity to network. To learn. To make new friends. To teach and share. To sniff out the newest and future trends in our craft and in our industry. To learn about different perspectives and cultures. I have more meaningful conversations at such events than nearly anywhere else.”

Thanks to Allan Alford at The Cyber Ranch. Join us at Black Hat MEA 2024 to learn directly from the world’s top cybersecurity leaders.