Andy Piper
CISO - Investment Bank & Markets
Barclays
Andy Piper is an insightful and results-driven executive with 20+ years’ experience in defining and guiding information security vision, strategy, and execution in global organisations to transform, scale and improve infosec risk landscapes, safeguarding continuity and the firm’s assets.
Andy's current role is CISO for the Investment Bank and Markets division of Barclays Bank. Here he acts as a strategic advisor to the Executive Board and is accountable for developing security strategy, fostering an environment of security and risk awareness, creating a shared ownership of cyber risk and for implementing and enforcing cyber security policies.
A fun fact about Andy, he used to be a DJ.
Learn more about the UK & Ireland CISO community here.
Give us a brief overview of the path that led to your current role.
I spent the early part of my career at Deloitte where I gained a broad understanding of IT Risk, governance and the commercial impacts of decisions taken in these areas. After joining Barclays, I have held a number of roles linked to the design and implementation of controls, frameworks for monitoring effectiveness and engagement with regulators. Over the years, I have increased my focus and have specialised in Cyber and Information Security, eventually becoming CISO for a major division of the bank.
What is one of your guiding leadership principles?
I think authenticity is really important. A leader who is authentic can build an environment based on trust and on open and honest relationships. I find teams are at their most innovative and collaborative when people have the psychological safety to offer up opinions without fear or being wrong.
What is the greatest challenge security leaders face today, and how are you addressing it?
Recent research suggests that 95% of cyber incidents are caused by human error, or to put that another way, 19 out of 20 incidents could be avoided if human error could somehow be eliminated entirely. The biggest security risk to any organisation is therefore its people.
To address this, I spend a lot of my time working with the Front Office, helping them to understand their responsibility for secure practices, educating them on how to avoid common errors and supporting them to find pragmatic yet effective solutions to reduce risk.
What is the key to success for someone just starting out as a CISO?
You might think that when you reach the C-level, you've made it. That you've reached the top and you know how to be successful – after all someone gave you the big job.
My advice is to view the new role like you're starting again. The skills you've shown thus far in your career may not be the skills that you need to be effective around the board table. Focus on communication, a key skill for a CISO is to be able to explain complex Cyber Security topics in ways that can be easily understood and digested by people who are not tech experts.
How do you measure success as a leader?
If I can leave a team, or a process, or a business in a better place than I found it, then I count that as success.
Evanta Governing Body members share their insights and leadership perspectives to shape the agendas and topics that address the top priorities impacting business leaders today.
by CISOs, for CISOs
Join the conversation with peers in your local CISO community.