Interview with Rik Ferguson, VP Security Research at Trend Micro

Interview with Rik Ferguson, VP Security Research at Trend Micro


Born – I am from all over the south-east of England, my family moved around a lot when I was young, so Kent, Sussex, Bedfordshire, Buckinghamshire. I have also lived in both France and Poland for a considerable period.

Studied / Education background – I took a degree in French at the University of Wales, in Lampeter. It was more of an accident than anything as I didn’t have any firm career plans. I graduated in 1992 in the middle of a sharp recession, found it impossible to get a job anywhere, so after a succession of pub and warehouse work I moved to Paris to seek my fortune!

Current role / bio – I am Vice President Security Research at Trend Micro and also serve as a Special Advisor to Europol EC3, and a project leader with the International Cyber Security Protection Alliance (ICSPA). I’m actively engaged in research into online threats and the underground economy.


Who do you work for and what does your role entail?

For the past 12 years (and counting) I have been with Trend Micro. I joined as a “Security Architect” which was really a continuation of the role I had been in with EDS before joining Trend. But Trend Micro is one of those great companies that really excels in allowing you to find your own particular niche. So, my role has moved steadily more into the areas of research, communication and education.

As Vice President of Security Research, I am responsible for the creation and dissemination of research and educational content including conference presentations, customer meetings, blogs, white papers and most recently videos.

What’s been your biggest work achievement of the last 12 months?

I have been working hard on getting closer to the institutions of the European Union in an advisory capacity and the past 12 months have seen some real breakthroughs for me in that area. From a Trend Micro perspective, we have hosted a number of really successful events for both internal and external participants, perhaps my favourite was our internal “Create” event where we challenged hundreds of our developers to solve some really intractable AI/ML-related challenges.

What is the biggest challenge facing the industry?

We still have a very long way to go in overcoming the legacy and mistakes that have led to us having such a terribly non-diverse workforce in cybersecurity. Diversity encompasses may areas, of course gender diversity, but also neurodiversity, racial diversity and equally critically a diversity of professional backgrounds. The current “cyber skills gap” is a largely self-inflicted wound where restrictive hiring practices have focussed more on hiring pieces of paper than on hiring people.

What’s the best piece of advice you have ever been given?

When I was learning to drive and stressing about having to do so many things at once behind the wheel, my mum told me “you don’t have to do all those things at the same time, just one after another in the right order”.

What are your predictions for the IT industry for 2019/20 or beyond?

In the very near future, the main drivers that will shape our industry are the 5G rollout, the inexorable market to ever more abstracted services and the death of “IT for IT’s sake”. No organisation ever became a global success by being the best at running Active Directory or by effectively managing their network infrastructure for example.

These skillsets will become less and less relevant in the enterprises of the near future as they are outsourced to specialist providers. Businesses will be free to focus on doing the things that really make them successful, whether that is selling widgets or delivering code. Containerisation technologies will see a very rapid adoption in this environment, giving businesses the ability to build secure, ship fast and run anywhere.

How do you perceive the hype around AI, a big concern ethically or a huge opportunity?

It’s both isn’t it? We have already seen examples of hiring algorithms with inbuilt biases, we are rapidly approaching a time when autonomous vehicles will have to make decisions about how to cause the least harm in the event of an accident and services already exist that use Machine Learning to effectively offer digital immortality to a person longer after their physical self has ceased to be.

However, we are also using AI and Machine Learning in innovative ways in cybersecurity. Of course, we use AI to detect Spam, exploits on the wire, criminal websites and malicious files but we are constantly innovating and finding new ways to harness this technology for more effective security, like our recent innovations around Writing Style Analysis to defeat Business Email Compromise attacks.

What do you think is going to be the next big technology development? Quantum Computing? Smart Robots?

I suppose that depends how far ahead you want to look, of course Quantum Computing will mean some big changes when it is widely available, most especially in the realm of encryption, and smart robots will one day step of the pages of science fiction novels and into our homes and businesses.

In the shorter term though it’s more prosaic things like Machine Learning to process the ever-increasing mountains of data generated by enterprises and Container platforms that finally allow them to shift legacy architecture into more adaptable infrastructures.

Join Rik's session 'Anatomy of an Attack: Factory as frontline' on Wednesday 9 October at 2:45-3:15pm in the Cyber Security Keynote Theatre.

Click here to return to the full speaker Q&A library.