Patrick Coomans describes himself as a long time entrepreneur, turned intrapreneur, then extrapreneur. His commentary on the world of technology and especially cyber security are insightful and inspirational. We invited him to share some of them in our Stellar Labs podcast and the conversation ranged widely. If you're a startup in any field then you need to hear what he says about building your business with cyber security in mind from the start. And if you've been thinking cyber security is only for techies then think again - there's a bright career opportunity for you whatever your skills.
Patrick Coomans describes himself as a long time entrepreneur, turned intrapreneur, then extrapreneur. His commentary on the world of technology and especially cyber security are insightful and inspirational. We invited him to share some of them in our Stellar Labs podcast and the conversation ranged widely. If you're a startup in any field then you need to hear what he says about building your business with cyber security in mind from the start. And if you've been thinking cyber security is only for techies then think again - there's a bright career opportunity for you whatever your skills.
Welcome to the stellar labs podcast. Future learning today. At Stellar labs, our mission is to bust the technology skills crunch with effective, measurable engaging training. We consult on design and deliver the technical and people skills and competencies you need in business. In these podcasts, you'll hear from industry experts and practitioners from the worlds of technology and training. They'll share their experience, insights, and inspiration and their visions for the future with you. Keep listening to start your future learning here today. Hello and welcome back to the Stellar labs podcast. Today I'm talking to Patrick Coomans, cybersecurity entrepreneur. Welcome Patrick.
Patrick:Hi, thanks for having me Stella.
Stella:It's a real pleasure to have you. I've heard a lot about you and I'm very, very interested to know what a cybersecurity entrepreneur actually does or what you do.
Patrick:Well, I used to have my own company for quite a while, 20 years, something like that. And then I joined a large corporation where I was in a strategic role. But nowadays, last two, three years, I've been especially helping other entrepreneurs with their digital journey and giving them, of course, also more insights into the cybersecurity aspects of that.
Stella:Okay. And anybody in particular or types of organizations you can tell us about?
Patrick:Well, it's a different kinds of course, both on the consumer side. So especially with digital product companies who consume cyber security because of course, every digital product they want to sell to their customer, like SaaS companies, they need to be secure. But I'm also helping out a few cybersecurity companies, startups in fact as well.
Stella:Okay. And those product companies, is that sort of the internet of things? Is that the sort of things they're creating? Or are we talking something different?
Patrick:A digital product companies, in fact, a company that produces something that is consumed by someone else. And while one company may be producing benches or garden furniture, there is no digital component in it, so nobody cares if the bench or the garden furniture was created in a secure and cyber resilient way, it's a bench. But if you deliver something like a smart component or an app or an application or an algorithm or data to others, to companies or consumers, of course, it has to be secure.
Stella:And your role in this is giving them advise. Is it advising them about the cybersecurity itself or more about the business aspect?
Patrick:I'd say more about the business aspects and the strategic aspects and when it comes to the real cybersecurity bits and pieces, for me, this is well already a couple of years ago that I was in that kind of detail. So I know, of course a lot of cybersecurity practitioners and I'm always connecting the dots for them. So in making introductions and making sure people have access to the right kind of knowledge and expertise. But my point of view is mostly business and longterm business strategy.
Stella:Okay. And what do you think is the long term prospects for organizations working within the cybersecurity field?
Patrick:Organizations working in the cybersecurity field? Well, I think, it's only the start. We see today so many cybersecurity companies, probably there's going to be a whole consolidation maybe. But I think we need much, much, much more of it. I like to make the comparison for cybersecurity in the evolution of cyber security with how airport security evolved. I don't know if you remember in the sixties, seventies, how they were hijacking planes all the time in the U.S. They had like hundreds of planes that were hijacked in a decade and still airports were not secure. It took them more than I believe, 25 years to get airport security up to a minimum level in fact. And there is a whole industry around it now. So if you look at digital and how apps and SaaS and all these things have evolved and internet of things. Well, I think we're just starting the journey now. And there is no standardization, almost no certification, everyone is just trying to do their best. And well from an opportunity perspective, it's a great time to be in cybersecurity.
Stella:And, and I think for a lot of people, a lot of organizations who perhaps been in business for a long time, they're not really even thinking about cybersecurity or they're not really aware of what they need to do to be cybersecure.
Patrick:I'm not sure if it comes to awareness. In fact, it's like people driving too fast with the car, probably they're all aware, they drive too fast, but they just don't care because maybe they have other priorities like fun, whatever, I don't know. For especially startups, the first priority is getting an MVP out, getting funding, getting the first customers, trying to organize themselves, hiring that first sales person. I'm not sure if it is a matter of awareness. I think it's only having 24 hours and seven days in a week. So it comes to:"Okay, how much of the time and all of the resources: people, money, do I want to spend to cybersecurity? And how do I start with it?" It's a challenge for especially startups to find the right expertise. So it's easier to just say, let's just create a MVP, bring it out, bring it on the market and we'll see how it goes. And then later on we can try to close the gap, try to increase the c yber s ecurity maturity and let's hope for the best. Well maybe that works, but of course it's a bad habit. It's like pushing your debt forward. It creates a digital debt over time that becomes very hard to overcome. However, when I look at it, the more larger companies and enterprises, they have the awareness. Definitely because c yber s ecurity is usually one of the top three management priorities and board priorities since last one year, last two years. If you read the reports of a world economic forum and others, it's really a priority. Knowing how to make c ybersecurity effective is another s tudy of course, because you could look at cybersecurity as a spending well where you c an p our a lot of money in without it being really very effective.
Stella:So for smaller companies or for companies starting out, they really need to start out with cybersecurity right at the start because if they don't, what you're saying is, is that their systems, their apps, their software isn't designed with that in mind.
Patrick:Correct. And that's what we see. usually these startups, they bring their minimum viable product on the market or sign up the first customers and then at a certain point in time they start to talk with a larger customer and t he larger customer does a third party vendor assessment and well, it comes to the conclusion that: Hey, your application is absolutely not secure. We can't use it. Everyone has wasted a lot of time. The startup is probably in a stage where it's already burning quite some cash because they've already hired maybe salespeople. And then all of a sudden t hey're in a position, they have to redevelop their architecture, revise their architecture, d o a 2.0 that is much more secure and they lose six months, nine months, which could be killing them at that point in time. So having that attitude and the value of cybersecurity and privacy by design from day one is absolutely a must and i s a big differentiator we've seen between companies that make it or companies that f ail halfway.
Stella:I think that was really, really good advice for any startup at the moment to really put that in place right from the beginning. Thank you for that. So one of the conversations we've been having, and I read an article you'd written, was that we're obviously facing a lot of challenge with Corona virus at the moment and for a lot of organizations, again, that's causing them to suffer. There's all sorts of difficulties going on, but I know you've got perhaps a positive message to share or a more positive message to share.
Patrick:Yeah, absolutely. Of course everyone is stressed out now about this whole lockdown and the fact that the economy comes to almost halt. But if you have a company and you really take yourself serious, I think during and especially after this crisis, you will look back and you will do a due diligence and you'll have a look:"Okay, what went well, what went wrong? How did our processes perform?" For example, I was signing up for a new account to do online trading. And I did it at two different platforms at the same time. And at the one platform I really felt, okay, this is taking almost three weeks to get me a trading account, which was crazy in fact, and gave me the feeling: well, these organizations' processes are completely manual or probably ad hoc, they're not able to go with a demanding increase of five times or seven times and at the other one I immediately saw how they approached the new customer onboarding and KYC and it was much more streamlined and digitized. And they were able to cope and within five days I had my account. I thought, well, if they can do it, why can't others do it? And other organizations will do their due diligence and they'll see, they've missed quite an opportunity, they've had an opportunity to do it well where others have filled the gap. So maybe they were in a leader position and now all of a sudden they find themselves in a laggard position because they were not able to cope with the whole digitization of their processes. So well, they need to catch up now. And there were fit gap analysis; see where the gaps are, what they can improve and how they can make their processes completely digital, so accelerate their digital transformation. And I think if all those organizations are starting to do this, they'll need a massive amount of business architects, digital architects, people who are able to code, people who are fluent in designing, an architecture using APIs. But especially doing this in a secure way. So I really believe from a cyber perspective, this is a huge opportunity and I'm a little bit afraid now that the available talent is just not going to be able to cope with the demand.
Stella:Yeah, I think that's a significant challenge right now, isn't it? There's all this need for digital people, but I don't think universities and schools are supporting the growth of digital. I think some are beginning to, but I think there's a big gap there. It's still has a bit of a dark feel to it. People aren't so interested. Perhaps they see them as sort of cyber geeks or digital geeks.
Patrick:Maybe. I don't know why. I've never considered it something dark or geeky because, well, it's very interesting and always changing. Maybe that is one of the reasons, that it is so much subject to change. That you constantly have to keep up with the newest approaches, the newest threats and trends and maybe some other domains is a little bit less impacted by all these continuous change. Maybe that's the reason why. I don't know. I'm sorry, I have no answer for not choosing for cybersecurity and especially why we don't see more girls in cybersecurity. When I go to a cyber security conference, it's almost 100% masculine, it's crazy.
Stella:And I think unfortunately because of the perception and because of that reality that as a woman you go to a cybersecurity conference, you're one of very few, it doesn't feel like your space. So I think that is a constant challenge for women wanting to get into cybersecurity. That even if they're very keen, when they get into the culture, it's not quite feeling like a place where they are normal or where they belong.
Patrick:Yeah. Maybe because cybersecurity is introduced from a technical perspective, it would be really great if it could be introduced from other perspectives. Like from a business analysis perspective, there is a big need of people who are able to make the bridge between business and cybersecurity. So people that have the knowledge on how to do business analysis and having all the skills to really understand impact, the needs of cybersecurity. That is, I think, a golden future. and you don't have to be, as you say, geeky about that or have to be a nerd from a cyber perspective to do this. It's a business analysis thing with knowledge of cybersecurity. Same goes for developers and happily we're seeing more and more women who are coding, which is really great. But I think, especially for people who are used to code, it's a very natural step to add cybersecurity capabilities and knowledge to their coding knowledge. So that would be a nice entry point as well.
Stella:Yeah, certainly. That's a good one. I don't know whether, you know, but I used to be a coder, so I was a COBOL coder many, many years ago. So I have coding in my skills there. And funnily enough, I have two daughters, one of whom currently works in public relations but within the cybersecurity field, she's been there 10 years and absolutely loves the cybersecurity
Patrick:and they know what the data dictionary is.
Stella:Yup. My other daughter is about to set foot on her first course foundations of cybersecurity. so maybe we can get some more women in there, even if they're all related to me.
Patrick:Well, so hopefully this will be able to fill the gap a little bit more because I think there's gonna be a gap. Especially for startups, the impact will be negative because of course, just to give another example, when the Corona crisis started, I was just trying to find a good webcam and I couldn't find any almost, but the few places that had webcams, they had almost doubled their prices. Well, it's of course demand driven. So why would it be different with talent? So I believe cybersecurity specialists will become more expensive and if big banks are willing to pay top dollar for those experts, it will be very difficult for startups to get access to those experts as well.
Stella:Yeah. Because the big organizations will suck up the best talent. So if we look on this with a very positive outlook, for those people who are interested in cyber security or maybe they're not yet, but it would be a really interesting place for them to go and explore and to perhaps start getting some insights into how cyber security is going to be so important in the future.
Patrick:Absolutely. Golden era coming up.
Stella:Fantastic. Patrick it's been a real delight to meet you finally. Thank you very much for your insights and I look forward to talking to you again. Great
Patrick:Thanks for having me. Great, bye.
Stella:Thank you for listening to today's podcast. Please share it with your friends and colleagues and visit our website,[inaudible] dot EDU to learn more about what we do and how we do it. Tune into the next episode.