Adam Drabik CISO: ‘We are never going to win the arms race’

24th September 2019


Sarah Rees headshot

Sarah Rees
Editor

Adam DrabikAdam Drabik, CISO for Opel Vauxhall Finance group, is a realist. As much as he loves his role – and relishes his place in an industry he joined as a teenager – he admits “security can be a grim job and a largely thankless task. It’s like being a policeman. They almost never come knocking on your door with good news.”

The metaphor and the mindset are both products of his upbringing. His father was a high-ranking criminal investigation police officer and Adam grew up as an only child in communist-era Poland, behind the Iron Curtain until the Cold War ended when he was thirteen.

“If you haven’t lived through it, it can be hard to explain what Poland was like then,” he says. “And I’m sure that is why I have the mindset to always expect the worst. Then I work to find a positive in it to stop me going insane.” He talks of three-hour queues for limited provisions and the scarcity of resources; “if you wanted something, you had to make it for yourself. I made my own radio receiver when I was eight because I was fascinated by the technology and it was so difficult to buy something like that.”

Computers were similarly elusive and enchanting. “Eventually my parents managed to get one for me to have at home, and that truly inspired my interest,” he says. He attended a community class to learn programming and rapidly started to design and build software programs of his own. “I sold my first one at the age of 14,” he recalls. “The company paid me more money for it than my parents monthly salaries combined. I couldn’t believe it.”

It was the start of what has now been three decades in the technology industry, with Adam working full time by the age of 16, alongside his studies. “There weren’t many people with a high-level tech knowledge and good English-speaking skills back then,” he says, admitting he had been fortunate to attend a bilingual primary school, then extra-curricular classes. “It was a case of being in the right place at the right time.”

By the time he entered his twenties he was taking on management roles, but it was joining Shell that was truly transformational. “I spent 12 years with Shell,” he says, “working in different countries and continents, across various technologies and roles, with a diverse group of people in a truly global way. I joined as an engineer, developed as a competent IT manager, but I actually left as a leader.” The experience also showed him that, despite his lifelong love of computers, he is a people person at heart.

“I like technology, but I prefer to solve people problems – I like human to human contact. And I think it’s the soft skills that truly make a leader: you have to convince, influence and translate. You have to be able to talk to both engineers and business people, and you need to genuinely be a nice person. Kindness and openness make a difference when you’re leading a team.”

Humility goes a long way too. Despite his precocious start, the journey from boy programmer to top CISO was not a smooth ride. Adam left Shell with three job offers, but all were retracted when the global financial crash coincided with his availability. “Everyone had put a block on hiring and I suddenly found myself without an old job, and with no prospects to get a new one,” Adam says. “Suddenly I had nothing. It makes you resourceful, and grateful.”

He set himself up as a consultant for a few years, working with FTSE100 and Fortune500 organizations, before taking on his first true CISO role with Reckitt Benckiser – first for both employer and employee. It’s a situation which Adam admits is both challenging and incredibly appealing.

“Being the first ever CISO in a company is a difficult journey,” says Adam. “It’s a bit like trying to explain why seatbelts are important to someone who doesn’t know what a car is. But I find the process very rewarding because you can really quickly see the fruits of your labor. That’s rare in any top job, as often the changes you make take years to be visible and make an impact. I now specialize in leading organizations through major changes, raising maturity and efficiency levels of security, compliance, risk management and resilience.”

Change matters for Adam, because change in his life has always been positive: “I left my home country 20 years ago and I have moved between countries and roles so many times that change isn’t threatening to me. It’s an opportunity.” Does this mindset extend to managing the changeable environment of cyber security?

“It’s very easy to panic because there are so many complex moving parts in security provision and lots of risks,” he admits. “You simply have to prioritize and prepare as best as you can, with the people, budget and time you have. No job is worth prolonged high levels of stress, so you learn to manage that, be resilient. It’s the art of balance.”

His realistic attitude serves him well too. He says: “Cyber attacks and security breaches are inevitable, so you just have to get used to them.” When asked more generally about the global war on cyber, his inner realist strikes again: “In honesty, we are never going to truly win the arms race against the cyber criminals because there is no joined-up defense. We need to fight together as an industry to make a true impact. It’s a challenging ask, and I don’t have an ultimate solution, but have tried to take some first steps in that area by establishing few CISO communities and self-help forums.”

Despite his tendency to expect the worst, Adam finds great satisfaction in his work. “I am making the world a safer place for my children,” he says, “and that means a lot. It’s important to me to know that every job I have held, the work I have done, has made an organization and the public better off, and more secure. Having children makes you think about your legacy, and that seems to be a pretty good legacy to leave.”