Episode 6

Christian Toon on Compliance, Communication, and AI

In this week’s episode of ThreatCast, Paul O’Sullivan is joined by Christian Toon, Head of Cyber Professional Services and former CISO at Pinsent Masons. With over 15 years’ experience in the cyber industry, Christian now leads his team in delivering security with purpose, building out programmes to proactively address security concerns, not only to meet and exceed standards, but because, ultimately, it’s the right thing to do.

Christian Toon on Compliance, Communication, and AI


Paul and Christian discuss generating stakeholder buy-in, creating an environment of collaboration that welcomes open communication, and what the future corporate threat landscape might look like, touching on their experiences from both sides of the table.

Making cyber security decisions out of fear and uncertainty might lead to rapid results and short-term traction, but once the immediate obstacle has been overcome, the momentum can soon wane. For a fully invested culture of support for cyber endeavours, Christian notes how a benefits-first approach to good (and not just adequate) security will lead to ongoing strategic cyber defence with increased organisational investment.

Cyber security is a high pressure, high stakes environment, and when it’s not possible to deliver on all ideal protections despite best efforts, burnout can become a problem. Christian emphasises the importance of realistic, manageable targets to maintain a positive atmosphere within cyber teams, along with a culture of transparency and positive remediation to maximise lessons learned when things, inevitably, do go wrong.

Understanding the operational impacts of cyber security can go a long way to obtaining stakeholder buy-in for upcoming security projects, necessary interruptions to productivity, and changes to processes. By identifying where IT difficulties could be creating friction within the organisation, a mutually beneficial resolution is more likely to be found than when cyber teams remain siloed. Christian explains how he champions communication at all levels to ensure the cyber security team is both visible, and also understood to be an involved, approachable presence.

Paul and Christian discuss what, in their view, the future of the global cyber threat landscape might look like in a time of such geopolitical upheaval and technological advancements. Christian explores his view that what we’re likely to see in the near future is more of the same, at an accelerated rate, referencing the CIA Triad and the continued challenges of Confidentiality, Integrity, and Availability, particularly in the context of biometric data.

What is covered?