Carl Froggett Strengthens Cybersecurity by Combining CISO and CIO Roles at Deep Instinct
Carl Froggett currently serves as both Chief Information Security Officer (CISO) and Chief Information Officer (CIO) at Deep Instinct, a cybersecurity firm. His unique dual role reflects a growing trend in the industry, where the convergence of technology and security is increasingly recognized as vital for organizational success. Prior to joining Deep Instinct, Froggett held the CISO position at Citi for nearly 17 years, where he gained extensive experience in managing security for a large financial institution.
Combining CISO and CIO
Froggett has long maintained that the responsibilities of the CISO and CIO overlap significantly, making a combined role appealing in certain contexts. However, he acknowledges that this approach may not be suitable for all organizations. For instance, Citi employs over 200,000 individuals, making it impractical for one person to effectively manage both roles. In contrast, Deep Instinct has a workforce of fewer than 200, making the combination of CISO and CIO more feasible.
Froggett emphasizes that both roles fundamentally aim to support the business. The CIO is tasked with developing the technology strategy, which includes software, infrastructure, and cloud initiatives, while the CISO focuses on securing these technologies. Each role is interdependent; the business cannot function securely without the CISO, nor can it operate effectively without the CIO’s technological framework.
He notes, “There is no such thing as zero risk unless you want to turn everything off and go home.” This highlights the necessity for collaboration between technology and security teams to ensure business continuity.
While separating the roles can lead to conflict, combining them may result in a loss of impartiality. Froggett actively encourages his IT team to challenge his decisions, fostering a culture of openness. He states, “The main issue with combining the roles is you can get tunnel vision if you don’t have the alternative view; and that can lead to bad decisions.”
Early Career
Froggett’s journey into technology began with a Bachelor of Science in Computer Science from Loughborough University. He started his career as a contract engineer before joining Salomon Brothers in 2004, primarily working as a network engineer for almost four years. During this time, Salomon was acquired by the Travelers Group, which later merged with Citicorp to form Citigroup. Consequently, Froggett transitioned to work for Citigroup in 1998, which rebranded to Citi in 2003.
This corporate change also marked a significant shift in his career focus. He moved from an IT engineering role to become the EMEA Information Security Services Manager at Citi, where he served for nearly nine years before taking on the CISO role. He remained in this capacity for almost 17 years, gaining invaluable experience in managing security for a global financial institution.
Transitioning to Cybersecurity
Froggett’s career has encompassed various technology roles, including system administration, email management, and trading environments. He was involved in the transition to internet-based business practices in the early 2000s, a period that saw cybersecurity emerge as a distinct professional field.
His diverse background in technology led to an unexpected entry into cybersecurity when he was asked to assess the security implications of new communication technologies. “I immediately just loved it, because I love the challenge,” he explains. This passion for tackling complex challenges has persisted for over two decades.
Froggett points out that security often lags behind technological advancements. He cites current concerns surrounding artificial intelligence (AI) and large language models (LLMs) as examples. “You have to find creative ways to mitigate the risk in the short term until the technology catches up with built-in security controls,” he states.
Being a Leader
Froggett’s career trajectory has evolved from technical roles to leadership positions in both IT and cybersecurity. He did not initially see himself as a leader but found himself in leadership roles through opportunity. “I always wanted to be part of something bigger than me on my own, and that involves working within teams,” he notes.
His transition to leadership was not without challenges. Initially, he was a senior technical person within a team, often looked to for guidance. A temporary promotion to team leader marked a turning point, as he suddenly became responsible for his colleagues’ career growth and aspirations. “That was a horrible time because overnight my teammates started treating me differently,” he recalls.
Froggett attributes his ability to thrive in leadership to empathy, both towards people and the business. He views leadership as a bridge that connects individual aspirations with the organization’s goals.
Career Advice
Froggett emphasizes the importance of seizing opportunities. “When opportunity knocks, you say, ‘Come on in’. Never say no to an opportunity,” he advises. His own career reflects this principle; he took on various roles that expanded his network and knowledge.
He encourages his team members to embrace opportunities and to speak up about mistakes. “Small things become big things very fast,” he warns, highlighting the importance of transparency in a team environment.
Froggett believes that nurturing individual growth is crucial for organizational success. He cites the example of a former team member who started as a graduate and eventually became a manager at the London Stock Exchange. “Nurture the person and not just the work is one of my philosophies of leadership,” he states.
Primary Cybersecurity Concern for Today
Froggett identifies artificial intelligence as his primary cybersecurity concern. He recognizes the potential benefits of AI for various sectors but also warns of the risks it poses. “We’re already seeing bad actors leveraging generative AI models to do harm,” he explains. This shift means that hacking is becoming more accessible, as individuals no longer need extensive coding skills to execute attacks.
He believes that the implications of AI will extend beyond cybersecurity, potentially disrupting traditional career paths. “I see AI as a force multiplier, but maybe that means there will be fewer of those junior opportunities,” he notes.
Froggett’s insights underscore the dual nature of AI as both a tool for progress and a potential threat. He remains committed to finding innovative solutions to navigate the challenges posed by emerging technologies.
For further insights on cybersecurity, visit SecurityWeek.
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
