Paul Watts

Distinguished Analyst

Paul has worked in information technology for over twenty-five years, seventeen of which have been as a security executive and CISO in several industry sectors including financial services, retail, critical national infrastructure, food and beverage, data analytics and market research. This probably explains the receding hairline and fear of Friday afternoon phone calls!


Pauls role at the ISF is a diverse one. He sees his main objective as representing the voice of the security leader across our content, our capability, and our community. His tenure at the ISF has only been brief, but thus far he has consulted on several research projects, and delivered numerous blogs, webinars, and presentations. Paul also co-authored our flagship research paper, Threat Horizon 2024, during the fall of 2021. He maintains relationships with several external communities as part of our ongoing commitment to strategic alliances across the international security industry, and work to feed the output back into our products and services.

Outside of the day job, Paul coaches and mentors several new-in-role and aspiring security leaders from as far afield as North America. He is also a non-executive director (NED) for a large multi-academy education trust in north Buckinghamshire.

“I think that security leaders find themselves at a critical period. Rapid digital transformation promises to drive innovation, efficiency, and prosperity to business. However, it can drive up risk as well as reward, with tragic consequences if the risks are not clearly understood by all. Digital transformation is speeding up and not slowing down; the Coronavirus pandemic contributing to this step-change. A strong relationship between security leader and business leader helps to understand and manage digital risk. However, over time, this troubled relationship has become even more ineffective, decaying to the point where both parties are not effectively engaged at a time when they need each other the most. There are failings on both side that require change to recover the relationship. Security leaders need to take a more business-orientated approach to their work, hone their soft skills, communicate the language of business, and demystify their tradecraft to demonstrate their relevance. Business leaders urgently need to gain skills in cybersecurity so they can understand the risks and recognise that effective security and risk management is not outsourced, it is a collaboration. If these changes do not happen and these relationships are not optimised, a digitally orchestrated business disruption event becomes almost inevitable.”