Getting to Know: Jason Wild
Practice Head - Information Security, Origin
Jason has 29 years’ experience in the IT industry, with over 20 years in management and consulting roles. Originally from the UK, Jason has worked in magic circle law firms across Europe, the United States and Asia. Jason met his wife in Tokyo and, two children later, emigrated to New Zealand with his family to take on the role of Operations Director and CIO for one of New Zealand’s leading law firms. Jason started working at Origin in 2017 as an Information Security Consultant and now heads the Information Security Practice at Origin.
Hi Jason, you’ve recently moved into a new role at Origin. Tell us a bit about that?
Yes, I now head up the Origin Security Practice, and a key area of focus for me is on evolving our services to match the ever-changing threat landscape and keep our clients safe and secure. For me, that means thinking about what our clients need, what their problems are, and then working to help them meet those needs or fix those problems.
Origin has focused a lot on security in recent years, and our team has put a lot of effort into defining a set of services that have an intentional structure and rationale behind them. I think we have a very strong offering because of this.
You’ve worked in a few different countries, including Japan, the UK and Europe. What surprised you about working in New Zealand?
Kiwi’s have a great entrepreneurial attitude. People here are far more likely to just give a business idea a go than anywhere else I’ve worked. The other thing that I love about working out here is that it’s the only place I’ve worked where the work-life balance seems to actually be a balance. I love being able to get home in time to have dinner with my wife and kids and go to the beach at the weekend, whilst still feeling that I’ve done a good day’s work.
That said, I’ve found that there’s a real shortage of skills, resource and investment in New Zealand businesses compared to Japan and Europe. This is one of the biggest challenges we face when talking to clients, particularly when it comes to security.
Your background is quite broad, with experience including organisational design, international mergers and strategy development. What led you to IT, and specifically to cybersecurity?
I started my career in technical IT roles but was always more interested in how technology could be used to help solve business problems, rather than in the technology itself. Because of this I moved into management and consulting roles fairly early on before eventually moving out of IT into a central management position as Executive Manager to the Global COO. We were going through a period of transformational change at that time, so I was heavily involved in designing the organisational structures, shared services and business processes across all of the business support functions. When I moved to my first job in New Zealand my responsibilities covered those of a traditional CIO plus the operational business support departments.
My move into Information Security was really just a case of seeing an opportunity and seizing it. Security was becoming more and more a part of my job as a CIO so when Origin approached me, I thought it would be an interesting opportunity to help other ‘C’ level managers understand and navigate the issues I’d been dealing with. In some respects, I’d lived through a shift from security being something the Board only really paid lip service to, to something that they couldn’t ignore anymore and finally to something that they actually understood and wanted to address properly. I think it’s this experience of having lived it, that gives me a more business-focused perspective.
What’s one of the most common misconceptions you encounter about cybersecurity or cybercrime?
That’s a difficult question as there are so many misconceptions out there! I think probably that ‘I won’t be a victim because who’s going to target a small company at the bottom of the world?”. The reality is that cybercrime has become a volume game – the vast majority of attacks are high-volume, low chance of success campaigns. Basically, cybercriminals indiscriminately fire out as many attacks as possible and hope a small percentage are successful. Even if only 1% of their one million attempts are successful, that’s still 10,000 successful attacks. You may not be a target, but you’ll probably still be a victim.
Where should a business just starting out on their cybersecurity journey focus their attention and resources to get the biggest results?
Ultimately, information security is mostly about getting the basics right - good password discipline, two-factor authentication, proper patching regimes, staff education and awareness, that kind of thing. My advice is to focus on simple, pragmatic steps that can address these basic requirements, and then develop from there. If I were to pick three things that I would encourage people to start with, it would be to put two-factor authentication on all remote-access or cloud-based systems (e.g. Office 365), have a modern password policy that specifically restricts people from using their company credentials for personal online services, and to roll out some kind of anti-phishing training or awareness programme.
What are you most looking forward to achieving in your new role?
From a business perspective, building out the Information Security Practice to become the go-to team for our market. From a personal perspective, Mike’s entrusted me to help his baby grow, so as long as I don’t drop it, I’ll be happy!