As organizations grapple with emerging threats and transformative, new technologies, John Paul Cunningham, chief information security officer (CISO) at SIlverfort, says demand for skilled security practitioners shows no signs of slowing — despite concerns that artificial intelligence might diminish career prospects for newcomers.

In this latest Heard It From a CISO video series installment, Cunningham brings his perspective to these industry dynamics. With a background spanning military service, financial sector duty, and now his role in protecting Silverfort’s corporate infrastructure, Cunningham shares with us the multifaceted nature of modern security leadership.

The conversation around AI’s impact on cybersecurity jobs has reached a fever pitch, with junior analysts questioning whether automation will render their skills obsolete. Yet industry veterans like Cunningham argue that this technological shift represents evolution rather than elimination. While AI excels at parsing massive log files and identifying patterns, the human element remains irreplaceable in areas requiring strategic thinking, stakeholder engagement, and adaptive problem-solving.

Related:Zoom CISO: AI as a Security Enabler, Not Role-Replacer

Perhaps most striking is the field’s accessibility through multiple entry points. Unlike many professions that demand a singular educational path, cybersecurity welcomes talent from technical backgrounds — audit and compliance roles, project management, law enforcement, and more. This diversity of origins enriches the field, bringing varied perspectives to an industry that must defend against increasingly sophisticated adversaries operating across every attack vector.

This is part of Dark Reading’s ongoing Heard It From a CISO video series, which features frank, exclusive conversations with cybersecurity leaders in the trenches. Check out the entire series here.

Heard It From a CISO With John Paul Cunningham: Full Transcript

This transcript has been edited for clarity and length by Informa TechTarget’s internal AI assistant. For the full experience, please watch the video. 

Dark Reading’s Kristina Beek:  Hi, I’m Kristina Beek. I’m an associate editor with Dark Reading and I’m here for another episode of Heard It From a CISO. Today I’m joined with John Paul Cunningham, who is CISO at Silver Fort. Thank you so much for joining me today, John.

John Paul Cunningham: Absolutely, it’s great to be here and discussing this time with you, Kristina. I’m really happy to do it.

DR’s Kristina Beek: Yeah, awesome. So, a lot of what we talk about is how people can sort of join cybersecurity, how they enter this field, and what it’s like to be somebody working in this field, especially someone of your caliber and at your level. So, I’d love if you could just introduce yourself and tell us about your background and the work you do as a CISO.

Related:Anthropic’s Mythos Has Landed: Here’s What Comes Next for Cyber

John Paul Cunningham: Well, absolutely. You know, as I said, I’m John Paul Cunningham. I’m the current CISO of Silverfort We’re an identity security company. What’s nice about the role here at Silverfort is I get to do both the corporate security — how to protect Silverfort from all those cyber threats that are out there — as well as get to get involved in the identity and security strategy and the strategy of our product, and even evangelize within the industry around ideas around identity security and AI and those types of things, so it’s really a multifaceted role that really keeps me busy and gives me a lot of opportunity to engage, so yeah, that’s kind of what I do, you know, currently.

DR’s Kristina Beek: Yeah, awesome. How did you first get involved into cybersecurity?

John Paul Cunningham: Well, you know, I think like a lot of people, I started in technology, and this was quite a long time ago. I was working at actually JPMorgan Chase, which I think most people know, a very large bank. And one day, they just came to me and they said, “Hey, you know, we need somebody to really look at security and information risk management.” You know, privacy laws were becoming a big thing, and they’re even bigger now. And I said “Hey, I’d be glad to take the challenge.” And so, it really happened almost that way for me. I don’t want to say it wasn’t intentional, but it was an opportunity that presented itself, and I was able to step into that. And then from there, I just really went all in. I went and got my CISSP professional certification and just began to look for opportunities within the bank to just continue to expand and grow and develop the skills that you need in cybersecurity. And I think a lot of people think that cybersecurity maybe is this, you know, kind of homogeneous, “everybody’s the same,” but it’s really not. There are at least probably five disciplines that exist in the field, and you can get in through any of them. You know, you can get in through the technical background, you can get in through more of a risk management and audit background, but there are several ways to get into cybersecurity, but they all kind of lead to the same place.

Related:Helping Romance Scam Victims Requires a Proactive, Empathic Approach

DR’s Kristina Beek: I also saw that you, I think, have a military background. And I was curious as to if that influences how you approach cybersecurity as a whole, and especially your role as a CISO. Do you feel that way or no?

John Paul Cunningham: Well, I think it did. I think it does. You know, when we think about cybersecurity, we often talk about confidentiality, integrity, and availability. But often we also include ideas of physical security and business resilience and how to keep, you know, people working. And a lot of those themes came from the military, you know, because that’s always been a kind of a core theme of force protection, and when I was in the military, I wasn’t in a technology role, but I was in a law enforcement role, so I think that natural investigator kind of mentality and applying kind of the regulatory and legal kind of aspects to cybersecurity that come in influenced me a lot, as well as just looking at physical security, right? You know, like the security of an office or the security of a data center or how to keep our people safe in time of war. You know, Silverfort has a number of people in Israel. How do we keep them safe from possible physical threats that exist? And so, it had an influence. It definitely had an influence in me. And if nothing else, it gave me kind of the foundations of leadership that I think, you know, I was able to apply in my career.

DR’s Kristina Beek: What have you what would you say have been the most like rewarding aspects of working in cybersecurity or what have been the best parts of it for you?

John Paul Cunningham: Well, I’m smiling because I think one of the things that I think is really cool about the cybersecurity field in general is every day is a new day. There’s always a new challenge. There are always new opportunities. And it’s really so multifaceted that there are so many things that you can focus on. It doesn’t just have to be the technical cyber defense, but there’s the risk management side and working with boards and businesses, working with projects on how to be more secure. So, there’s a lot of avenues that can really tap the potential of a person and the strengths of a person. Maybe you’re not as strong in one area, but you’re stronger in the others. There’s room for you in cybersecurity because of that. So I think just the extensibility and constant change and evolution is fun because you’re in that constant learning [space], and you’re constantly, you know, trying to apply this.

You [know] the good patterns you learned in the past, these new things that are emerging, and AI is a perfect example, but before AI there was web and there was client-server, and you could go all the way back and there’s all these moments in time when technology changes and shifts and security still is applicable to that.

So, I think that’s what’s made it such a rewarding career in general, and I think the other side of it is just knowing that you’re making a difference, that you are protecting companies, that you are protecting those assets and the people that work at those companies. And I think that in the end of the day, you’ve made a difference.

DR’s Kristina Beek: Yeah, absolutely. So, you’ve touched on how there are different avenues that people can go into when it comes to working in cybersecurity. And you also touched on your own background of certifications. So, I was just wondering, how would you say is the best way for someone to enter this field today? Because there are a lot of different paths. Some people pursue, you know, a traditional four-year degree. Other people are pivoting from other fields and are looking for those certifications. What would you say is maybe a path for success for someone?

John Paul Cunningham: That’s a really great question. You know, as I mentioned, there’s all these ways to really bring value to the cybersecurity space because cybersecurity, again, is not just the technical protection of a company or the responding to an event, but there’s the entire side of risk management and managing the risk around technology risk and cybersecurity risk and policy and training. And you know, there’s a huge business aspect to it. So, I think that probably the most natural place that people come from cyber or get into cybersecurity is from the technical side. You know, how can I understand technology, networks, endpoints, cloud, and how can I understand how to, you know, secure them? But if you’re an auditor, you know, there’s a role in cybersecurity around governance and risk and compliance. Those are very adaptable to audit skills. I’d say it’s a little bit different, right, in that I think the biggest difference in risk management versus, say, audit is that we’re really trying to also help them get to the solution. So, we’re not just assessing them against a standard and saying, you either pass or fail, but we’re looking for the gaps, and we’re trying to [provide] security solutions to close those gaps to make the controls more effective. But it’s still very applicable to that kind of skill set. So, I think if somebody wants to get into cybersecurity, there’s a lot of ways to get there.

DR’s Kristina Beek: OK.

John Paul Cunningham: In fact, there’s even project management ways to get there, because, you know, larger, you know, security groups need project managers to help them implement. And if you learn the security projects as a project manager, you can do that. But I think the best advice I’d give is find what you’re really good at and try to see if there’s a way to adapt that to the needs of a security organization. You know, if you want to be the technical person, start to understand more than one technology. You know, learn networks, learn endpoints, learn cloud, get the breadth of experience, and start to really delve into how do we make them secure? Identity security is a really good one, because identity touches every piece of security, and it’s often the reason companies get breached.

It really comes down to a weakness of identity security. So, see, there’s like different ways you can do that. You can come in focused on identity security. You can focus on the technology security of endpoints and networks and cloud environments, you can come in as a project-focused person who helps get things done and implement security projects. You can come in as a compliance and audit person who helps establish the governance, assess the governance, and build solutions. You can come in as an architect of solutioning.

And so I just say find that strength that you’re really good at because it’s probably applicable to security somewhere. And look for those opportunities to just get in on the ground floor and start working toward it.

DR’s Kristina Beek: Yeah, absolutely. In your opinion, is cybersecurity a field that is growing? Is it a place where we can expect more jobs to be opening up? Because of course, there’s this big concern, as you touched on, you know, AI is the big thing right now.

I know a lot of junior level, entry level analysts, whatever it may be, are, you know, kind of concerned about, well, you know, they’re like, “Hey, all of my job responsibilities are being taken over by AI. Is there still a place for me here?” What would you say to those concerns?

John Paul Cunningham: I would say, absolutely, there’s a place for you, and it is a growing field. AI is going to displace some activities. AI can look through a log file, for instance, or a set of logs much quicker and much more efficiently and much more accurately, probably than a human can. So, there’s things that we’re going to use AI for, but the human never is out of the picture. And, you know, I mentioned the breadth of cybersecurity. AI can’t run a project. AI can’t interface with a project team and understand the requirements and adapt security to their needs. That still is a human thing. And even in the technical things that AI gets really good at, that there needs to be a human overseer, so to speak, that works with AI and knows how to use AI. So, I think it’s just a changing world. Like maybe some of the things that we had humans do, we don’t have humans do anymore, we have AI do. But there’s still going to be a need for humans.

If anything, AI just made security much more important because the explosion of AI has created, unfortunately, a lot of vulnerabilities and a lot of need to relook at [certain practices]. And you know how I said applying the old patterns? We have some really good patterns that we’ve learned how to keep organizations secure, but we haven’t got to the place where we can do that with AI yet. And so now, what’s the big challenge now? How do we take the good patterns and adopt some new ones and secure AI? And the explosion of AI is everywhere. But I will tell you, companies are probably less secure right now because of it.

And so, there’s a huge opportunity for security teams to lean in and be both the enablers to do things in a better, more secure way, but still enable the business and the developers and the people that want to use AI, but also to, as I said, secure the organization and to manage that risk, the risk of AI.

I mean, that that could be a whole other interview that we could go into about, you know, my own thoughts about AI, but I’m here for you if you want to go there, we can, so …

DR’s Kristina Beek: Well, you know, we only have a little bit of time, so maybe another day we’ll just dedicate an interview just for AI because there’s such a big topic. 

John Paul Cunningham: Let’s do it. I’ll tell you, I’ll tell you my analogy of Terminators versus Minions. We’ll do that next time.

DR’s Kristina Beek: Oh, OK. I’m interested in that! OK, perfect. Yeah. Well, my last question for you, and you can interpret this however you’d like: What does the future of cybersecurity look like to you?

John Paul Cunningham: Well, I think as long as there are people in technology, there’s going to be a need for security. And so, it is a field that will never go away and it’s never going to be completely, you know, replaced by technology. I mean, maybe how we protect people will be autonomous in many ways, how we protect systems. But again, you know, there’s so much more to security than that. And it’s really the human connection, the human interaction with the business, the boards, the leadership, the projects and things that companies are wanting to do. And so, I think cybersecurity has a very bright future. It’s a very great career to be in. The biggest thing for people is to just be extensible. Extensible or flexible, right? I think the most successful people and the people that I always look for are the people that can adapt, because you may be really good at one thing, but technology is going to evolve and you’re going to need to evolve with it.

DR’s Kristina Beek: Yeah.

John Paul Cunningham: But there’s so many opportunities to do that. And if you have a desire to learn and grow as technology grows, then I think the sky’s the limit as far as security goes. And it’s going to be a really strong field. And as I’ve kind of mentioned, AI is just another frontier, right, you know, for us to explore. 

But you know, a lot of the same things here at Silverfort — when we talk about identity security, well, identities have been around as long as you had to log in. Maybe there was a day when you didn’t have to log into a computer, but ever since you’ve had to log in to a computer, identity has been around and identity is even more important than ever with AI. How do we segregate AI? Because it’s effectively a synthetic human. How do we establish these same lessons and security principles to AI? And so, yeah, there’s a very bright future, let’s just say, for security, so …

DR’s Kristina Beek: Yeah. Awesome. Well, I know people will be reassured by that, considering everything that’s going on in this field. There’s a lot. So, thank you so much for taking the time to speak with me today. I so appreciate it.

John Paul Cunningham: Kristina, it was awesome. And I look forward to another conversation sometime in the future. So, thank you so much for pulling me in and giving me a chance to talk to your audience today. I really appreciate it.





Source link

#

No responses yet

Leave a Reply

Your email address will not be published. Required fields are marked *