“The next world war will be fought with bits, not bullets.” This sobering phase isn’t from a sci-fi novel—it’s the reality that drives May Brooks, a visionary leader in the cybersecurity landscape.
May, a trailblazer in digital defense, has ascended from the technical depths of code to the heights of industry leadership. As the Founder and Chairwoman of Helena and an elected Board Member of ISC2, she’s not merely combating cyber threats; she’s reshaping how we understand and protect our digital assets.
Through all the work she does, her mission remains clear: to create a digital world where security is not an afterthought, but a fundamental right accessible to all.
Inspired by this, we at IMPAAKT got into a conversation with May to dive deep into her journey and gain some insights on the evolving cybersecurity landscape.
Below are the excerpts from the interview:
May, can you share some insights from your early career that significantly shaped your professional journey?
In the early 1990s, I was a geek playing computer games like Mario Bros., Pushover, and Commander Keen. I was always exploring “cheats” and “hacks” through IRC chats, not realizing at the time that I was building my hacker mindset. A few years later, when the opportunity to work in information security presented itself, I immediately jumped at the opportunity. I started with hands-on roles in penetration, which provided me with a solid technical foundation and understanding. This background allowed me to later transition smoothly into more strategic roles such as a security architect, and eventually into governance, risk, and compliance (GRC) consulting and Chief Information Security Officer (CISO) positions.
What has been a defining moment in your career as an information security consultant?
Obtaining my Certified Information Systems Security Professional (CISSP) certification was a defining moment. The rigorous preparation and subsequent validation of my knowledge and skills significantly boosted my confidence. It was a turning point that helped me overcome imposter syndrome, and allowed me to fully embrace my expertise and capabilities, ultimately propelling me forward in my career. This certification not only solidified my technical and methodological acumen but also opened doors to new opportunities and professional growth, I couldn’t have possibly imagined. Since getting the certification I became involved with ISC2. I volunteered on various taskforces and committees, became an authorized CISSP instructor, participated and spoke in global Secure Summit conferences, founded the Israeli ISC2 Chapter, co-authored the CISSP, and in 2023 was elected to join the ISC2 Board of Directors where I got the opportunity to help shape the future of the profession.
Your transition from managing security groups to focusing on the human factor is intriguing. What sparked this shift, and how has it changed your perspective on cybersecurity?
We all know that even with the most sophisticated technology, an organization will not be protected if we neglect the human factor. As a busy CISO, I always knew security awareness was important, but never found a tool that really helped me manage it. That was the cornerstone that led to the foundation of my company, Helena.
A few years down the line, my parents-in-law fell victim to an online scam.
That was a wake-up call. I realized that while I was building and delivering security awareness content to organizations, I never took the time to talk to my friends and family about security awareness. I felt terrible!
“Be the change you want to see in the world,” said Gandhi. I started sharing awareness content with others, founded the Think Safe Cyber community, was honored to talk about it on the iconic red carpet of TEDx, and published my book Think Safe Cyber – The Ultimate Guide to Online Safety (coming soon in English).
Working with the general public had a massive impact on my perception of cybersecurity. I realized that the general public perceives cybersecurity and privacy, don’t always correlate with our assumptions as security professionals. For example, a few years ago I closely followed a massive data breach in an insurance company. My assumption was that the aftereffects of this breach would be massive customer abandonment. That did not happen, meaning that as security professionals we need to re-evaluate how people perceive cybersecurity and privacy and adjust our risk assessments accordingly.
As a seasoned Information Security consultant, what do you see as the most critical cybersecurity challenges facing businesses in 2024?
One of the most critical cybersecurity challenges facing businesses in 2024 is the rise of AI and its implications.
Data leakage in AI is a huge concern. From the obvious input of sensitive proprietary data into AI tools without realizing the risks, to the lack of need-to-know controls in internal AI integrations.
Lack of policies and guidelines which lead to shadow AI usage in the organization is another risk, as is blindly trusting AI responses, and lacking awareness of AI bias. Building guidelines and awareness around AI’s best and safest practices is crucial.
In your opinion, what separates a good information security strategy from a great one in today’s rapidly changing digital landscape?
A great strategy goes beyond a compliance checklist and technical controls; it integrates security into the core business processes. It involves a holistic approach that includes continuous risk assessment, proactive threat hunting, and fostering a culture of security awareness throughout the organization. To build a great security strategy the CISO has to first and foremost understand the business: What is the organization focused on, what challenges they face, who are their biggest competitors etc. A great security strategy serves the business and helps it grow.
With the rise of AI and machine learning, how do you foresee these technologies reshaping the information security field in the next 5 years?
AI-driven security tools will improve threat intelligence by identifying patterns and anomalies that would be impossible for humans to detect manually. Machine learning algorithms will also automate routine security tasks, allowing cybersecurity professionals to focus on more strategic initiatives. I believe that AI and ML implementation will make entry level work, such as SOC tier 1 analysts redundant. That means we’ll have to find better ways to train professionals coming into the industry, as they will have to hit the ground running even faster than today.
Looking ahead, what innovations or trends in information security are you most excited about?
I’m particularly excited about the advancements in AI and machine learning for threat detection and response and content generation. The potential of these technologies to transform cybersecurity is immense. AI is a double-edged sword, and I’m both excited and anxious to see how AI and deep fake technologies will be used by good and bad actors. What will future social engineering attacks look like, and how will we as protectors be able to detect such attacks, how will we differentiate between real and fake, and most importantly, how will we teach others to identify risks while exploring the incredible opportunities this technology brings?
What legacy do you hope to leave in the field of information security?
Throughout my career, I focused on three things:
- Demystify complex security concepts and make them relatable to everyday users.
- Growing the next generation of cybersecurity professionals and leaders.
- Helping shape a more diverse and inclusive cyber industry.
I’m blessed to be in a place where I can actively work to promote these agendas, and I am even more blessed to have so many amazing colleagues who share these passions. I know that together we’ll be able to make a change.
As a woman in this space, what advice would you give to young women aspiring to leadership roles in cybersecurity?
Cybersecurity is a field that thrives on diversity of thought, and your unique experiences and insights are invaluable. Seek out mentors and role models who can provide guidance and support. Don’t be afraid to take risks and step out of your comfort zone; some of the most rewarding experiences come from challenges that push your boundaries. Continuously invest in your education and stay updated with the latest trends and technologies. The cybersecurity landscape is constantly evolving, and your ability to adapt and persevere will set you apart as a leader in this dynamic field.
I am here for you so don’t hesitate to reach out!.