A journey towards leadership in cybersecurity

Stuart Seymour (CISO at Virgin Media) was ranked #1 CISO at the 2023 CSO 30UK awards, and has also been recognised for his work on neurodiversity in the cybersecurity industry. In 2024, he was honoured with the Outstanding CISO of the Year award at the cyber OSPAS. 

With broad-ranging experience and a profound focus on developing inclusive workplaces and ecosystems within the field of cybersecurity, we were curious about how Seymour has navigated his career path so far. 

So we asked him – and here’s what he told us. 

You're CISO at a major corporation, and you've recently received recognition from a number of different organisations for being someone who is exceptional in their work. But what were your first steps into cybersecurity? 

“Firstly, the recognition is not mine but the team I am privileged to serve – as leaders we are nothing without our teams. My first steps in cybersecurity started by having a proactive plan. While I was a CSO (Chief Security Officer focused on Physical Security and Resilience) having transformed the function and brought in resilience by merging Business Continuity, Crisis Management and Disaster Recovery I started to proactively think, what next?

“I was very blessed that my CEO at the time bought into my development and supported me as I said I wanted to move to cyber. I was sent on a pen testing course and learned how to hack. Then, this was followed by 3 SANS courses going from basic to intermediate and then finally advanced. 

“Once I had that strong foundation, I deliberately went into incident response and every Friday would spend time in the SOC and crunch low level incidents to understand what they were going through and what the job really entailed. This not only helped me see events from an attacker’s point of view, but also allowed me to see where controls might have failed and thus what could be improved. That was followed by Global Cyber Defence leadership roles and then Group CISO role at Virgin Media O2.” 

What (if any) role did mentorship play in shaping your career? 

“Mentorship played a very important role in my career. It helped me gain different perspectives and also helped me benefit from other’s experiences. I have tried to play that forward by mentoring women in technology – specifically in cybersecurity.”

How has your perspective on cybersecurity changed over the course of your career? 

“It has changed significantly, as the threats are continually evolving and you need to evolve with them. 

“You need only to look at ransomware – originally it was, ‘I will encrypt your data and hold you to ransom for the keys’. That evolved to ‘I will encrypt and exfiltrate’, and then ‘I will encrypt, exfiltrate and put pressure (publicly) for you to comply with my demands’. 

“And that is only just one example. Also early on in my career I think the focus was on security, now it has moved to risk and resilience and having those types of conversations with boards and executive committees.” 

Do you think there are specific personality traits or professional characteristics that enable someone to be a (really good) CISO? 

“People focus on the HOW and not exclusively on the WHAT. It doesn’t matter if I delivered a project on time and budget, if I’ve left a trail of bodies behind me. 

“In the triumvirate of people/process/technology, there tends not to be enough focus on the people aspect. Clearly you also need to understand your business intimately and risks to it. You need to understand the risk appetite of your business too, and be able to communicate this clearly to your board.”

If you could go back to the beginning of your career and tell yourself one thing you wish you'd known then, what would it be? 

“Take intelligent risks and go for it.” 

Thanks to Stuart Seymour at Virgin Media. If you want to learn directly from the leading experts across every segment of cybersecurity, register now to attend Black Hat MEA 2024.