EMEA Recruitment Podcast podcast

EMEA Recruitment Podcast #173 - Chris Girling – A Pioneering Career in Cybersecurity

0:00
54:20
Manda indietro di 15 secondi
Manda avanti di 15 secondi

We were honored to welcome Chris Girling, Partner, Cyber Risk and Resilience at PwC Switzerland, onto the EMEA Recruitment podcast.

"Cybersecurity has become a question of when, not if." 

Paul Toms asks what ignited Chris' interest in Computer Science and Technology. Growing up in the UK, he describes himself as a "middle of the road" student at secondary school level and was advised not to be too ambitious with further education. Instead, he did the opposite, taking on more subjects than expected and excelling in Economics. 

For a time, people assumed Chris would head toward a career in Banking or Economics, but his real passion was always Computer Science. He spent evenings building games, coding his own version of Tetris, and teaching himself programming.

That passion led him to study Computer Science at the University of Warwick, which he describes as having a pioneering philosophy focused on adaptability, rather than specializing in a single technology. Students were expected to learn huge numbers of programming languages and quickly adapt to change, preparing them for an industry that would constantly evolve. That experience taught Chris how to approach unfamiliar technical challenges with confidence.

The conversation then focuses on Chris' career journey. During an internship at Credit Suisse, he combined his interests in Business and Technology by joining the Access Control team. Within days, he had bought textbooks to teach himself the programming languages the bank used and began automating large parts of the team's work. The tools he helped create became the foundation for systems that remained in use until the bank's collapse. He described that period as the moment he realized his career would be built around solving new technical problems and applying technology in practical ways.

He later joined Shell's Marine business, supporting around 70 IT applications operating across roughly 80 countries, with only a small team managing the environment. Over several years, he learned multiple programming languages, re-platformed systems, managed outsourcing and offshoring projects, and worked on some of Shell's first .NET deployments when the technology was still brand new. 

Chris admits that, during those early years, he occasionally had "run-ins" with Security teams because governance was far less mature than it is today, but those experiences ultimately helped shape his interest in Cybersecurity from both the technical and operational side.

As his career progressed, Chris moved into Program Management and quickly found himself leading major global initiatives. One of the defining examples was a large European regulatory compliance program at Shell, which was ultimately delivered at around 10% of the cost of competitors because the solution had been designed in a scalable and sustainable way. Chris explains that many organizations continuously add "carbuncles" or layers of complexity onto old systems, whereas he has always enjoyed stripping technology back to build cleaner, more elegant solutions.

That mindset naturally led him into Cybersecurity and IT Risk. Chris explains that Shell's internal security policies were among the early foundations that influenced what later became the ISO 27000 Cybersecurity standards. By the late 2000s, Credit Suisse approached him about moving into Cyber and IT Risk full-time, believing Cybersecurity was about to become one of the defining business issues of the next decade. They were looking for someone with both deep technical knowledge and the ability to deliver large-scale programs, which became a major turning point in his career.

Paul asks about other defining moments within Chris' career. Looking back on his 16 years in Cybersecurity roles, Chris describes himself as a "troubleshooter" who repeatedly moved into the most challenging areas of Security at the time. He explains that Security technology constantly evolves, with attackers adapting so quickly that solutions can become outdated within only a few years. That gave him opportunities to work across multiple technologies and disciplines, rather than remaining siloed in one specialism.

Chris also highlights several defining industry moments during his time at Credit Suisse. Around 2012, he worked with UK regulators to help shift industry thinking away from pure "Security" toward the concept of Cyber Resilience - preparing organizations for how they would respond when incidents inevitably happened, rather than assuming prevention alone was enough. Later, in 2018, he helped architect Quantum Dawn, the first ever global Cybersecurity exercise of all banks worldwide, testing how the industry would respond to a major cyberattack affecting global markets.

Chris delves into how Cybersecurity leadership has evolved over time and his recent board position. Earlier in his career, Security leaders often focused purely on technical delivery, whereas accountability increasingly sits at board level today. Since moving into consulting at PwC, he has enjoyed seeing Cybersecurity challenges from a different perspective, helping boards understand how to ask the right questions while still supporting Security teams operationally. He admits the move into consulting and advisory work brought a completely different learning curve, particularly around communication and commercial skills, but one he enjoys developing.

A major focus of the discussion centers on the growing speed and complexity of Cyber threats, particularly with the rise of AI. Chris highlights statistics showing phishing attacks increasing by 4,000% in recent years and describes how the time attackers remain undetected inside company networks has reduced from 120 days to 27 minutes. He also points to examples of AI systems escaping testing sandboxes and the growing sophistication of deepfake attacks, including cases where fake video calls have allegedly been used to authorize fraudulent financial transfers.

Chris believes one of the biggest challenges organizations now face is adapting to the pace of change. Traditional Security approaches that once allowed weeks or months for testing and deployment are no longer fast enough. Instead, companies increasingly need automated testing, continuous patching, and rapid response capabilities. Chris explains that many organizations still struggle culturally with allowing automation to take over processes that were historically manual, especially when leaders lack deep technical understanding of how those systems work.

Despite the growing complexity of Cyber threats, Chris remains optimistic about the future of careers in Technology and Cybersecurity. While AI will continue to transform the industry, he believes strong technical foundations remain essential. He encourages future professionals to understand technology deeply, even if AI increasingly assists with coding and automation, because human creativity and the ability to think beyond existing systems will remain critical for solving the next generation of challenges.

Chris shares that his Cybersecurity awareness has simply become part of daily life, rather than something that creates fear or friction. He often finds himself stepping in when friends or family are about to do something risky online, but he also stresses that modern scams and deepfakes have become so sophisticated that almost anyone could be caught out. Rather than blaming victims, he believes organizations and individuals should focus on collective learning and sharing information openly when incidents occur, helping remove the value attackers gain from using those methods again in the future.

Listen to the end of the episode to hear the advice Chirs would give his younger self and the advice that has followed him throughout his career.

To find a particular part of the episode, please use the timestamps below:

01:30: The last thing that made Chris smile
03:30: Why Chris chose the Computer Science route
08:15: The root of Chirs' passion
09:40: How Chris entered a career in Cyber and Risk
18:20: Defining moments from roles at Credit Suisse
23:05: How Chris' role has evolved to a board leader
26:25: The common blind spots in organizations
32:00: Cyber challenges and growing threats
37:00: Supporting SMEs vs. multinationals
40:45: The skills needed in the next decade
43:00: How Chris' awareness of Cybersecurity affects life outside of work
44:45: The danger of deepfakes and learnings for collective defense
47:55: Chris' advice for his younger self

We're proud to partner with Operation Smile, an international medical charity that provides life-changing surgery to children born with cleft lip and palate. We're proud to raise vital funds and awareness of the work they do through the EMEA Recruitment podcast. Find out more: https://www.emearecruitment.com/pages/operation-smile 

To share the topics you'd like to hear about on the podcast, please reach out: [email protected] 



#emearecruitment #emearecruitmentpodcast #chrisgirling #paultoms #cybersecurity #operationsmile  #operationsmileuk #recruitment

 

Altri episodi di "EMEA Recruitment Podcast"