Skip to content



12:00 Wednesday, 02 February 2022

UK Cyber Security Council

Jon France is the CISO at (ISC)² serving as advocate for security and risk management activities, skills development and awareness amongst all users of technology across industry as well as within (ISC)².

Jon is a CISSP and has more than 25 years of experience building and leading diverse technology and security teams, setting and executing strategy and delivering programs that empower stakeholders and operations while effectively managing risk across media and telecommunications sectors.

We caught up with Jon recently for this Cyber Spotlight interview.

Describe your route into a cyber security career. Was it planned?

For me it started more broadly in technology. I suspect like many of the senior professionals in cyber security today, the path they find themselves on wasn’t planned per se. My background is in systems and enterprise technical architecture and hand-in-hand with that was the need to ensure that systems, and by proxy the business, is secure and resilient, so even if not planned, cyber security was in the DNA of my career. Latterly I took a conscious decision to focus on cyber security and moved into that full time, but carry the experiences (and bruises) of coming from a IT background!

Does working in cyber security meet the expectations you had for it before you started? How has it changed?

Sure – who doesn’t like working in this sector! There is always something new, whether it be on the attack side where you must figure how to defend against that evolving threat or on the defence side where you are focused on protecting the assets before an incident occurs. Of course, these skills are applicable in so many industries and sectors as everything now has a digital component. Cyber security has ‘grown up’ over time and now a conversation at senior levels at organisations, and as is welcome a business conversation.

Were there any particular challenges or obstacles that you’ve needed to overcome?

The biggest challenges in the past were to ensure that the need for good cyber security was recognised and was well represented in a business – i.e. that it has a voice at the top. This is not so much a problem these days as pretty much all business leaders are aware of cyber security risk and take it seriously. The biggest hurdle to overcome is thinking in business language and terms – in essence the art of being a translator of technology and threats to business considerations.

What's your career highlight to date?

Hard to answer, there are a few to pick from! Mentoring some people into the discipline and seeing them succeed has been great, helping move an industry along is another. The most ‘fun’, by which I mean a growth experience, is having gone through a crisis or two – dealing with it at the time and then closing the gaps after.

What advice would you give to somebody considering a career in cyber?

Don’t be afraid of the tech, get stuck in, talk to people. Remember, it is all about people and business at the end of the day. The art is finding what excites you – it could be the tech, it could be thinking outside the box like an attacker would and if you find yourself in an incident, don’t panic and always remember to learn from the experience, regardless of how it turns out.

Stay curious, don’t be afraid to get involved, you don’t have to jump all the way in to get started

How do you keep your skills up to date?

Great question – there are the obvious answers: read, study, consume content etc. but probably the most important is to listen and network. Go and have some conversations – most importantly business level conversations – to fully immerse yourself in what is going on in the business world and how cyber security fits in with current and future business aims and outcomes. As cyber security professionals, education has to be a continuous process to stay up-to-date with the latest challenges, tactics and technologies. It’s a concept that is core to what we do at (ISC)2, as education doesn’t stop at passing an exam, members are constantly challenged to keep learning and to demonstrate that commitment in the years after earning a certification.

What do you think is likely to be next phase of your career in cyber?

For me – continuing to be excited by this world, the obvious answer as I have recently joined (ISC)2 as its CISO. In that role I will be doing my part to help its work to close the skills gap. Addressing that challenge will involve a mixture of fostering interest at the grassroots level, ensuring continuing professional pathways for practitioners, but importantly getting more people interested and excited about a future career in cyber security. Whether it’s university graduates and school leavers, or people already in the workforce looking for a career change and a new challenge, its key that we not only expand the actual workforce, but the potential talent pool too.

What single thing you would change about the cyber sector?

Cyber security professionals and their teams in an organisation need to get involved in the business decision-making process earlier, to get people to think about the human element of cyber, not just the technology.

(ISC)² is an international, nonprofit membership association for information security leaders like you. We’re committed to helping our members learn, grow and thrive. More than 160,000 certified members strong, we empower professionals who touch every aspect of information security.