Cybersecurity Leader Ed Adams Warns CEOs: Evolve or Perish

This exclusive interview with Ed Adams was conducted by Mark Matthews of The Motivational Speakers Agency.

Ed Adams is the President and CEO of Security Innovation, a pioneering firm in software security, and has led the company since 2003. As a recognised voice in cybersecurity, he also serves as Treasurer of Cyversity and is a Distinguished Research Fellow at The Ponemon Institute.

A frequent keynote speaker at global industry events like RSA Conference, PCI Community Meetings, and InfoSec World, Ed hosts the respected panel series Ed TALKS and co-authored The Cyber Elephant in the Boardroom. His recent book, See Yourself in Cyber: Security Careers Beyond Hacking, was published in 2024.

In this exclusive interview with The Champions Speakers Agency, Ed Adams explains why in today’s fast-evolving digital landscape, cyber resilience starts with mastering the basics — and why staying ahead isn’t just technical, but vital for business survival.

Q1. Businesses are adopting emerging technologies at record speed. What do you see as the greatest cyber security risk in this rapid push for innovation?

Ed Adams: “Oh, that’s an easy one for me. Businesses today are adopting new technologies faster than they learn how to secure them. Whether it’s the cloud, IoT, blockchain, or presently artificial intelligence, there’s always a rush to adopt this new technology because of the promise of the features it can bring.

“Of course, that’s wonderful, and we should be doing that. However, rushing into adopting that technology before learning how to secure it is doing nothing more than expanding the attack surface and putting the businesses and their customers more at risk.”

Q2. With hybrid and remote work now a permanent feature for many organisations, how should leaders rethink their cyber security strategies to safeguard a more dispersed workforce?

Ed Adams: “That’s something where it’s all about returning to the basics. It’s back to basics. Organisations today, given the remote work environment, have got to be disciplined about cyber security fundamentals.

“It sounds funny, you know, in 2023 saying that you’ve got to go back to the basics, but a lot of organisations got relatively lax when it came to simple things like multi-factor authentication — basically relying on something other than just a username and a password to get access to a system.

“The global pandemic that hit in early 2020 forced organisations to realise that this single point of failure was insufficient protection. They started to adopt things like multi-factor authentication.

“In addition to a username and password, you might have a challenge question, or push a code to a mobile device, basically combining something that you know, something that you have, and something that you are — maybe a biometric fingerprint.

“Combining any two of the three dramatically reduces the chance of an attacker being able to guess your credentials and get access to that private information or system.

“So, what do organisations have to do to adapt to the new style — which is now three years old — of remote working? Go back to basics. And the one thing you can do more than anything else is multi-factor authentication.”

Q3. As companies integrate new tools and platforms into their operations, what essential steps must they take to ensure secure and effective adoption?

Ed Adams: “Thank you. One word: training.

“Education is vital when you are adopting new software, new technologies. Education, education, education. It’s just like any new tool you might use. If you are going to use a chainsaw to cut down a tree, or a tool in your woodworking shop, you need to understand how to use that tool properly. New software is no different.

“Whether it’s commercial off-the-shelf software, new open-source software, or a new technology stack that you’re using to develop software, you need to understand it and be trained on that technology in order to use it effectively.

“Otherwise, it’s equivalent to handing me a scalpel — I’m not a trained surgeon. I don’t know how to heal people with a scalpel, because I’m not trained.

“So, train folks on the new software and the new technology, particularly with security. Make sure that they think about security as an aspect of software quality.

“A business adopting new software is going to think about functionality, performance, and reliability — include security as an aspect of software quality, and you will be able to adopt that software in a much safer manner.”

Q4. From a business perspective, why is staying current with the latest software not just a technical choice, but a financial and competitive necessity?

Ed Adams: “In some instances, and in some environments, it is stay up to date or die. It’s evolve or perish. I don’t mean to sound dramatic, but it is true. If you’re not keeping up with the latest advances in technology, improving your processes, and using those technologies to improve your processes, you might lose a competitive advantage that you have.

“I know organisations are sometimes reluctant, because they take the philosophy of “if it isn’t broke, I don’t want to fix it” — and there’s a lot to be said about that. However, you always want to be analysing: what can we do better? What can we do faster? What can we do more efficiently or less expensively? If technology can enable that, you owe it to yourself to try to take advantage of it.

“I know organisations can be reluctant to disrupt processes. However, disruption leads to competitive advantage. Disruption leads to evolution. Disruption leads to the capture of new markets that you might presently be blind to.

“So, there are good business benefits and financial benefits. You also might open yourself up to new talent that you previously were not able to hire, because you’re adopting a new technology that can allow your business to grow and expand.

“So, open your mind to new technologies. They can be freeing. They can be liberating.”