Why did you choose your profession?
Cybersecurity chose me. I always loved to help people do things safely with technology as a child, and as I grew into a business, it continued, and I loved it. I love the challenge of finding a safe way to get something done and an easy way to communicate this practice to the customer so they would take on it. With the safest way becoming easy, people will always look for the easiest way by themselves, which is only sometimes the safest.
Who are your main influences?
My primary influence when it comes to technology, in general, was my mom; as the owner of a marine hardware business in the Caribbean, she used computers to track inventory and sales, and when it came to monitoring thousands of nuts and bolts, it came in handy. Another included a family friend called "Nik," a natural tinker who worked on computers. Still, he constantly experimented with various things, from gardening, raising chickens, and running a tugboat company, where he was also captain and mechanic. Lastly, he was the instructor at my first tech school, showing us how to accomplish the same outcomes; some were the "better" and others not so much. Harry taught us that it was about finding the optimal way to do things and including compensating controls to help cover any gaps we had.
What is your greatest accomplishment?
I am not a fan of your most significant accomplishment questions because it is always the greatest until there is another. When I was ten, I was building my first Windows XP machine by myself, and then all my neighbors started asking me for help with theirs. After graduating high school, I finished community college in three semesters with two associate degrees. After that, I decided to pick up and move to Belgium to do school Internationally for a year. While I spoke French as a child, moving to Belgium, I mentioned taking a crash course in catching up in French, trying to learn Dutch, the other official language, and getting by with as little English as possible.
The accomplishment continued when I moved back to the US to move out of my parent's house, car up my car, and move to Miami, which happened in the middle of the 2008 market crash. Selling vehicles at this time was challenging, but I ultimately wanted something else. I quit my job with about three months' savings in the back and joined a local computer school to get the certifications that would help formalize my informal experience and get my first formal computer role. From there, I was helpdesk in retail at a mall, then tech support for the information system that ran commissary banking and shopping at the local Miami County Jail, being on call 24/7 and then working in one of the largest data centers at the time, racking and stacking servers for companies that were the backbone of the internet and helping to troubleshoot connection issues. I had some other exciting roles while studying full-time online for my bachelor's and then my master's degree as my family began to grow. Everything at the time felt the greatest until I was on to my following, Breaking into Cybersecurity. I ended up authoring several books to help others and have been running a podcast sharing the same things.
My current adventure is helping companies find an easy way to do things in a secure form. I optimally translate people and processes into technical requirements and challenges to achieve the desired business outcome. Depending on the company's size, scale, and scope, the approach differs, but then it's back to tinkering and hacking to find the best way.
What are you working on right now?
I am learning different ways to achieve business outcomes using cloud services to enable business transformation. I am taking advantage of ways to scale, improve reach, use machine learning to augment people and processes and address the ever-changing cyber threat landscape. Looking at tools like threat modeling at the process and company levels, using threat intelligence to inform on the changing environment, and when to make that business move before the competitor does and gain first mover advantage. Understanding that there are both positive and negative risks in every action in business and ensuring that the decision makers are adequately informed of both so that they can make the best decision.
What are your long-term goals?
My longer-term goal is to find a role in which I am a strategic decision-maker and trusted business advisor to company leaders. I am developing that cyber talent pipeline and growth path for those coming behind me and sharing my model example with the community for them to adopt. I am helping my organization tackle those tough challenges and sharing the lessons learned with the community so that we can all grow together.
Which recent projects are you proud of?
A couple of the research projects/initiatives that I have been a part of include the development of a Threat Profile for a line of business that included the external threats and environment, but also understanding the risks from partners and vendors and how their threat surface can have an upstream impact on the organization. Secondly, a research paper on understanding your digital supply chain risk is an often-overlooked risk component for many companies, as they often assume that their process or data is appropriately protected when they outsource to another company. Additionally, when it comes to ingesting software, products, or even open-source code, there is often a laissez-faire approach to working with these components of their SDLC. They trust that it works to achieve the intended outcome but only look a little under the hood to see what's happening or what risks might be involved.
Do you live by any piece of advice or motto?
While a crude piece of advice from one of my childhood mentors, "You don't take shit from computers, they take shit from you," can be used in many different situations, some with a positive outcome which you can claim, others with a negative effect which you must claim. Granted, this advice was from a time in computing where being able to dive into the code and see what was happening was reasonably trivial; you be able to see that if you have the computer's incorrect or garbage instructions, it will produce similar results.
This leads to this wise sage's advice: "If you didn't learn anything from your mistakes, you are not learning." This is something that I have taken too stiff in my life, and there is always a lesson to learn, whether this is one way to produce positive results or one way not to get positive results. Sometimes, we are more stubborn than we like to admit, and it takes us a couple of failures before finding the lesson in it, but hopefully, we all find that lesson to learn. This comes with a follow-up piece of advice: learn from the failures and mistakes of others so that you might not have to experience them yourself.
What are you passionate about?
I love my family, and I love to travel. Traveling allows me to escape my daily environment and go somewhere different, learn something new, and meet interesting people. You don't have to travel far to enjoy these benefits, but you do have to have your eye and heart open to the experience.
If you attempt to enjoy the trappings of modern conveniences, stay in the same hotel chains and don't leave the property, eat at the same chain restaurants, and not enjoy the local cuisine, you might have moved locations, but you didn't travel.
What behavior or personality trait do you most attribute to your success, and why?
My drive to continuously learn has been at the heart of my success. This could be everything from learning how a new or old piece of technology works, how people are processing things and looking forward to optimizing them, or working with new people and finding ways to help them achieve their results, sometimes needing to collaborate and influence them.
What is the one thing you need to know about your co-workers?
I love to learn about what motivates or drives them to be the best person they can be! I can help them achieve that while achieving business outcomes in the process. If they want to learn about new technologies and how to help process inventory faster and accurately, let us get them to implement that solution once complete and concreting the knowledge and their experiences into them.
Do you have a favorite season?
When I lived in the Caribbean, I loved all the seasons, as it was always a good time to run in the sand or jump in the crystal blue waters. As I have grown up, I have loved the transition between the cold of winter and the warming up of spring, when things are just starting to get moving again, and new life is springing from the earth. There is still a cold, brisk wind in the air, but the rays of the sun and bright greener keep you warm and happy as you walk that nature trail by your house. Rather than setting the alarm, you hear baby birds chirp as the sun rises, and you know it's time to start your day.
Who inspires you and why?
My mom still inspires me today, from running a business in the Caribbean to supporting her family instead of being the nurse she went to school to be. Then, I returned to that dream 20 years later, starting to work in the Emergency Room, the Oncology ward, and then on to Palliative care. She has shown me that it is always too early to learn to get her Nurse Practitioner degree, approaching 60, and continuously adjusting and adapting to her changing environment. One of the most important things I learned from her is that there are things in life you can control and things you can't. Focus on working with the variables you can and not stressing about the ones you can't change.
If you were an action figure, what accessories would you be sold with?
I am a Yoda, continuously learning about the forces that surround me and learning to control them. I'd only travel with my stick, which is both a tool for walking and tackling challenging terrain, but also a tool that can be used in various situations and defending myself in battle if it came to that.
Christophe (Chris) Foulon brings tremendous value and leadership to the cybersecurity field. With great expertise and knowledge, he constantly gives back to the community and opens opportunities for many.
He's accessible and knows how to translate cyber security challenges into real-life wording and business language as well.
He's been opening the door for me to tremendous connections and opportunities that allowed me to start my growth in the cybersecurity community as well.
Chris has strong business expertise and years of cyber security challenges under their belt, and yet, he is sparing time to support the ones who wish to enter the field.
If you want to get real insight from real experience in our field, Chris is the go-to person.
Christophe is a hard-working, ambitious, lifetime learner. There are few people I know that drive themselves as hard and learn as much as they can about a topic through independent study and research. That topic and area of expertise for Christophe are Information Security & Privacy. Take a look at his profile. See what he has posted. Look at how he mentors others and consider his involvement with industry-focused groups, consortiums, and organizations dedicated to solving big problems around cybersecurity and talent in this field, where we are going throughout the global economy. Christophe is quick to learn and would be an amazing asset to any information security, privacy, compliance, or risk group.
I worked with Christophe at GRIMM. We supported different sides of the organization but worked closely on several projects. Chris is always a pleasure to work with. He works hard, is always positive, and is very professional. He is definitely a value add to any team he is on. I very much look forward to working with Chris again someday.