Check Point CISO: AI ‘will play a key part in preventing breaches’


20 Jan 2023

Deryck Mitchelson. Image: Check Point

Deryck Mitchelson explains why companies shouldn’t be reserving new technology solely for customer-facing processes.

Deryck Mitchelson is the chief information security officer of cybersecurity company Check Point Software Technologies.

Prior to his role at Check Point, Mitchelson gained experience in both the private and public sectors, including working for Brightsolid Consulting, Wood Mackenzie and NHS Scotland.

In his current role at Check Point, he acts as a security evangelist, advising C-Suite leaders on digital transformation underpinned by security resilience and strategy.

“A big part of this is ensuring that what we implement is agile enough to grow with them as the needs of the business change, whether that’s a result of growth or a decision to migrate to the Cloud for example,” he told SiliconRepublic.com.

“This is very different to my previous role as director of national digital and chief information security officer for NHS Scotland, where I was responsible for driving a specific digital healthcare journey. Now my work is much more varied, and I help others take ownership of their own.”

‘With the right infrastructure and governance in place, AI is what I’m excited about’
– DERYCK MITCHELSON

What are some of the biggest challenges you’re facing in the current IT landscape?

The biggest challenge we’re currently facing in the IT landscape all comes down to secure digital transformation. Many organisations are still grappling with how they can deliver the rapid level of transformation that the business is demanding but in a way that is secure, sustainable and efficient.

A common query I hear from the companies I speak with is that they have a vision of what they want to be doing, but at times feel shackled either by lack of investment, capability or governance. Without a doubt that is the biggest challenge everyone is currently dealing with, not only in security but digital as well.

The best way to address this challenge and something that I advocate for, is the importance of having an executive sponsor that can take responsibility for building a cohesive and concise strategy that the business is backing you to deliver.

This means you’ll have someone owning that journey and providing visibility on how to measure what you’re delivering, that’s the critical piece.

What are your thoughts on digital transformation?

Digital transformation is critical for every organisation to survive in the current landscape. But, where many organisations are going wrong is that they are reserving this new technology for their customer-facing processes only, that needs to change.

Transformation offers two key things. The first is delivering services faster, with an added level of agility and the second is an opportunity for cost savings. The businesses that I speak to that are further along in their journey are those that have realised the possibilities of the latter.

This means proactively looking at lean principles that remove wasteful or manual internal processes and implementing automation to make the backend of the business run more efficiently as a result.

As we head into 2023, a time where many more budgets will be tightened, there is an urgency to transform operations and maximise resources. Holistic transformation is the key to this.

How can sustainability be addressed from an IT perspective?

IT is all about sustainability and has been for many years. As an industry, we’re constantly looking at how to make things greener and the migration to the cloud has been a big part of that.

But, as with anything, there are still areas that we could improve. That’s why I would say we’re at a tipping point, with some organisations such as those that offer digital services being able to implement sustainable policies easier than those reliant on traditional large infrastructures.

For example, businesses that operate within the healthcare sector, where there is an element of tactility to the job, will take longer to unpick legacy policies and introduce greener strategies.

From a consumer perspective, we all have so much old hardware, whether that’s previous phones, hard drives or TVs, but there isn’t a massive conversation around the recycling of that tech.

Some big vendors need to be pushing harder on that as I feel that there is too much onus placed on the consumer to find ways to be responsible, it has to work both ways.

What big tech trends do you believe are changing the world?

AI is driving everything. It underpins nearly all security solutions that you want to procure and from a cyber perspective, it will play a key part in preventing breaches by maximising the data and intelligence already available to organisations.

This is especially true for businesses that are moving towards a consolidated security portfolio because the AI technology will benefit from mutual threat sharing.

If implemented correctly, AI means better service and a more accurate roadmap as it is all informed by what has happened before.

In today’s world, companies are born digitally and we want to be in a place where AI can benefit them. With the right infrastructure and governance in place, AI is what I’m excited about.

How can we address the security challenges currently facing your industry?

Strategy, governance and consolidation. Those are the three major challenges that are leaving us wide open to a security threat.

Strategy because without that you can’t make products that are secure by design, which is essential in this current threat landscape, where anything is fair game to cybercriminals.

The capabilities of new developments will be minimised unless you have that security strategy correct, and it should be a priority to ensure responsible innovation.

Governance because there needs to be a framework to inform and support businesses as we adapt to an industry that changes daily, with new threats being developed constantly.

Then thirdly, consolidation because that is the key to minimising the attack surface and giving companies a complete view of their technical estate.

We’re currently in a place of single-point product overload and a lack of staff to manage those infrastructures – this is concerning. If you can’t see the problem, you’re not going to be able to fix it, until after it has already been spotted by a hacker and it’s too late.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.