Episode 9
Data Is the New Security Battleground
Key Takeaways
Understanding what data exists and where it resides remains one of the biggest challenges for enterprises.
AI adoption is accelerating many of the same governance challenges organisations experienced during early cloud adoption.
Data protection and identity management remain foundational cybersecurity priorities.
Nation-state threats continue to reshape enterprise security strategies.
Resilience is a critical characteristic for both organisations and security leaders.
Effective cybersecurity programs must communicate risk in business language.
Mentorship and sponsorship can play a defining role in career development.
AI will continue to augment security teams and business operations rather than simply replace them.
Bobās Watershed Moment
Bob identifies two significant watershed moments in his career.
The first came when he transitioned from technology infrastructure into cybersecurity consulting in the mid-1990s. At a time when internet commerce was beginning to reshape business, he recognized the opportunity to apply his technical background to an entirely new discipline that was rapidly growing in importance.
The second came when he joined Bank One and was given opportunities by mentors who recognized his leadership potential. Through sponsorship, education, and hands-on experience, Bob was able to build a foundation that would eventually lead to senior cybersecurity leadership roles across the industry.
Looking back, he credits both opportunity and mentorship as defining factors that shaped the course of his career.
Full Transcript:
Declan Waters (00:02.923)
Well, hi everybody. I'm Declan Waters and welcome to The Watershed podcast. Today, I'm absolutely thrilled to be joined by Bob West. Bob has spent nearly 30 years at the center of enterprise security, from building some of the first CISO programs at JP Morgan, to advising companies that went on to define the cloud security era, to his current role as Data and AI Security Officer at Cyera, one of the fastest growing and most capitalized security companies in the world right now.
I am absolutely thrilled to have him on. We're going to have a discussion about AI, of course, data security, and also, of course, his watershed moment that I'm looking forward to getting into, and how the events that have shaped Bob to be the leader he is today.
So Bob, thank you so much for joining The Watershed.
Bob West (00:56.706)
Thank you so much for having me and congratulations on finishing the London Marathon, which I believe is your 10th marathon if I'm recalling correctly.
Declan Waters (01:01.591)
Thank you.
Declan Waters (01:05.279)
It was indeed. My 10th marathon. It was a memorable one. You've done how many now?
Bob West (01:12.974)
Done 20, going on 21. Berlin will be my 21st.
Declan Waters (01:17.581)
21 Wow, that's incredible.
Bob West (01:20.600)
It's all relative. I have a friend of mine that's about to finish his 100th marathon, but the good news is I can beat him, so it's all good.
Declan Waters (01:29.527)
Yeah, that's the most important thing. London, it's hilarious when you see... There was a guy I met on the train going to the event and he was doing his 50th marathon dressed as a taco, running for charity. I mean, that's what it's all about, isn't it?
Bob West (01:46.242)
That's something that obviously I overlooked at some point, and maybe I'll make up for it.
Declan Waters (01:52.065)
Yeah, there's plenty of time left, Bob, to do that.
Well, let's start there. What I love about your LinkedIn profile is you call yourself a lifelong runner, which I know you are. A lot of people don't put that in their bios. I think it's great that you do.
What does running mean to you?
Maybe take us back to how you got into running and how things have evolved over the years.
Bob West (02:22.972)
Well, first of all, the lifelong runner is a bit of an exaggeration. This is only my 50th year of running. Maybe I'll put something like 50-plus years of running, something in that neighborhood.
Running is not the center of my life, but it's certainly an important and foundational component to it.
I got into running in high school. In junior high school I was playing a lot of basketball, and when I entered high school I was five feet four. I can't remember what that translates into in meters, but I think it's around 160.
I was cut from the basketball team and one of my friends, in the spring of that year, asked me if I wanted to go out for the track team. I went.
As it turned out, I happened to be better than average for running the mile. As time went on, I started running longer distances, and by the end of my senior year I was co-captain of the cross-country team and ran in college.
So yeah, here we are.
Declan Waters (03:41.528)
Here we are.
And what does it represent now? How do you feel?
Personally, I've been running now for, on and off, 20 years, but seriously running marathons for the last 10 years or so.
I've found it to be tremendously helpful, not just physically, but from a work standpoint as well. Going for a run, you never regret it, as we always say.
We were talking about this at RSA just a few weeks back.
What does it mean for you, going into your career? How much do you think it's helped you?
Bob West (04:27.714)
To answer your last question first, it's helped me tremendously.
There are several primary benefits that I get from running. One of them is mental health. Your body excretes... shoot, I'm blanking on the substance. Think of it as being a natural narcotic. I have depression, but better living through chemistry. The exercise running is very, very helpful in terms of addressing depression.
The second thing is just staying healthy. It allows you to do everything else much more easily. The other thing is that it really creates discipline. Going out and running on a regular basis is something that you have to do overtly and willingly. As you know, I travel quite a bit and I always bring my running shoes and clothes along with me. I will go out for a run this afternoon here in Mexico City.
It's just something that clears my head. It's also great stress relief.
Declan Waters (04:58.471)
The serotonin that you're thinking about?
Bob West (05:19.150)
Endorphins. Thank you. Endorphins. Your body excretes endorphins. So foundationally, it's very helpful. I think the other thing, when I look at analogs in work, especially in the cybersecurity industry, one of the goals is to create a resilient business. And resilience is really fundamental in running.
Bob West (06:17.363)
Over time, if you do it enough, there'll be setbacks. You might get some injuries, but getting through that and getting past injuries, being able to just do it on a day-to-day basis.
For me, I get asked the question regularly, "Do you run when you're traveling?" And it's, "Of course I do."
It's just something that is very, very helpful for me personally on a mental level, on a physical level, all the way around.
Declan Waters (07:01.985)
Yeah, I completely agree with you.
And what about walking as well? Do you do a lot of walk-and-talks on conference calls? Is it just being outside in general that you enjoy, Bob, as part of the day as much as you possibly can?
Obviously timing is a factor here, but do you enjoy the walking as well?
Bob West (07:25.340)
Yeah, I do. And yes, I do some walk-and-talks when I can.
The change of scenery, getting outdoors in nature, is just so therapeutic.
I'm fortunate. When I go for a run here, it's going to be in a park that's just really gorgeous. Getting out and being in that environment is huge.
Declan Waters (07:49.634)
Yeah.
Well, from running to running into a very, very big opportunity with Cyera.
Before you joined Cyera, you built the West Strategy Group over, I think it was about a five-year period?
Bob West (08:16.208)
That's right.
Declan Waters (08:17.517)
Tell us a little bit about that.
You had a practice, you had a team, there was a real brand there.
You were keynoting all over the world, recruiting staff, and then you decided to move into Cyera, I believe, from West Strategy Group.
Maybe just take us through that decision-making process and why you felt Cyera was the right time for you to join that company.
Bob West (08:46.209)
Good question.
I started West Strategy Group after I left Deloitte. I was a Managing Director in the cybersecurity consulting practice. I'd wanted... I thoroughly enjoy independent work. It also comes with some risks, but it's thoroughly enjoyable. I started as an advisor to Cyera in January of 2024.
When I joined, the company had about 200 employees. As an advisor, it gave me the opportunity to get to know the leadership team, the go-to-market team, marketing, sales, right up to the front lines. One of the things that I communicate regularly is that Yotam Segev, our CEO, is first of all a great human being.
He's brilliant and he's made it an effort to make sure that when we hire people, they're not just good at what they do, but they're good human beings. That helps across the board in terms of day-to-day collaboration, servicing our customers, and working with strategic alliances.
In West Strategy Group, we were doing some consulting and helping a small portfolio of mostly early-stage cybersecurity companies go to market. We were also doing work in leadership and presentations in a number of geographies. At the end of September 2025, we were looking at what was coming over the next few years.
The team and I made a decision that it was important to find some more stable financial pastures. As we looked at economic risk and geopolitical risk, everything that's happening not just within the United States but globally, that was the primary factor that led to my decision to join Cyera full time.
I was very fortunate that there was a slot open that I could fit into. One of the things, now if you look at the last couple of months, for example, there was the attack on Iran. There are just so many things going on from both the geopolitical and economic perspective.
In retrospect, it was an excellent decision.
Declan Waters (11:25.229)
Absolutely. Looking from the outside in, Cyera is so impressive to me in terms of the branding, what I'm seeing on LinkedIn, the culture that's coming out of the company, and the way that people talk about the organization.
There's a culture there for sure. I can see, from my perspective, some of those reasons why you would have joined. But maybe you could drill in a little bit more into what you saw from the advisory seat. You were seeing everything going on.
What were some of the other compelling reasons that made you feel you had to get on the inside? You had to influence it from the inside out. You could go to any company that you want. You've played so many major roles in the security world.
What was it that stood out for you when you decided to join Cyera?
Bob West (12:26.803)
First of all, I'm very fortunate that I've had the opportunity to have the diverse set of roles that I've had.
When I make a decision to partner with a company, whether it's as an advisor or working in a full-time capacity, the sequence of things that go through my head is: First, it's the people.
To your point earlier, the culture. And are they doing something interesting? I'll give you a really good example in terms of the people, especially when I was an advisor. I presented at a couple of events, not just Cyera events, but events like the RSA Conference and other highly visible conferences.
I remember we were doing DataSec AI, which is Cyera's event series, and there are about 15 of them every year. This particular one was in Phoenix. I arrived early at the event, right around the same time that the Cyera employees were arriving. They were all giving each other hugs.
"How are you?"
"What can I do?"
"How are things going?"
That happens so rarely. It's a reflection of the quality of people and the culture of Cyera. So that's foundational.
The second thing is the problem that Cyera is solving.
Bob West (14:33.100)
We are in the data protection space.
If you're not familiar with large enterprises or have worked in the security and technology space, it's fundamentally hard to understand what data you have, what information you have, even in traditional infrastructure.
What type of data do I have? What's its value? Where is it being stored?
As time moves on, technology environments have become more complex. Think of operating in multi-cloud environments, whether it's Amazon Web Services, Google Cloud, Microsoft Azure, or SaaS applications like Salesforce, Box, Workday, and others.
As time has progressed, technology infrastructure has become much more complex. Being able to understand what you have is fundamentally hard. That's one of the places where Cyera shines.
Bob West (15:28.456)
The other thing that's played into the mix is the adoption and implementation of generative AI in large enterprises. I think of it as being really similar to shadow IT in the early cloud days about 15 years ago, where people could easily download a license of Salesforce. Put in your credit card and boom, you're using Salesforce.
But that's a challenge for an enterprise because you want to control the use of any applications, whether it's in traditional infrastructure or SaaS applications. When I was working at CipherCloud back in 2014 and 2015, that was part of our bread and butter, being able to protect information in SaaS environments.
As I look at the adoption of generative AI right now, it's very similar. It's very easy to download a license of ChatGPT or Microsoft Copilot or Claude, and people are using it to be much more efficient and productive without understanding the risks that come along with that.
When you think of generative AI, it consumes data fundamentally. So the question becomes: What data is being consumed by generative AI tools? Where is it being stored? Who has access to it?
That's one of the other fundamental issues that we address, understanding what's being used and then being able to make decisions in terms of how data is protected. Hopefully somewhere in there I answered your question.
Declan Waters (17:09.069)
You did, Bob, absolutely.
I've been looking forward to this conversation because you've got 30 years of experience to draw on.
You've seen dozens of companies over the years. Security categories get created, they get hyped, they're consolidated, then they get commoditized.
What's the signal for you that a category is real versus a feature that's waiting to be absorbed?
Cyera is obviously a category-defining company. The funding and everything points toward that.
What are the signals that you look for, given all your experience in this industry?
Bob West (18:04.574)
It's a combination of things. I started working in cybersecurity in 1995, right when the internet was becoming popular for conducting commerce. In fact, I remember Wells Fargo and Huntington Bank were the first two banks that did internet banking back in 1995.
As the adoption of the internet happened, there were all the risks that went along with it. The big thing happening at that time was that miscreants were defacing websites. Think of it as digital graffiti. That was the big problem we were dealing with in 1995. Very quickly after that, we started looking at fraud and money being misdirected from one place to another.
It began evolving in the 2000s where China started focusing on stealing intellectual property.
The internet made it much easier to steal information. We started seeing specialized malware in the late 2000s, such as point-of-sale malware and financial malware. Someone logs onto a banking website and malware pulls down information being used in that session.
There's been an evolving trend in the aggressiveness and changing nature of threats to organizations. As we look at things now, the biggest thing that we need to worry about is nation states such as China, North Korea, Iran, and Russia. Even in the last 60 days, after the U.S. attacked Iran, there were very aggressive attacks from Iran or Iranian sympathizers.
One of the attacks that was in the press was against Stryker, which distributes pharmaceutical and healthcare products. Think of being a hospital. If Stryker's supply chain is disrupted and the hospital can't receive products, that becomes potentially a life-threatening issue. These are the types of things we're concerned with right now.
I don't see that slowing down. We also have to make the assumption that bad actors are using generative AI as a tool for attacks. There was a story recently about AI tools being used to attack the Mexican government. I'm in Mexico City right now and that story was published a couple of weeks ago. Things are changing very, very quickly.
These are the types of issues that we're dealing with.
Bob West (21:27.647)
The final thing I would say is that if there are things you need to pay attention to in terms of protecting yourself as an enterprise, it's understanding what data you have and protecting it properly.
Managing identity correctly because people want to steal accounts and gain access to data.
And you have to operate under the assumption that bad things will happen.
You will be attacked.
It may be a small attack. It could be a catastrophic one.
Being prepared is critical.
Declan Waters (22:17.741)
Okay, if you need to go because of an earthquake, Bob, we will reconvene.
Bob West (22:22.763)
It's merely a drill, so I'll stay here.
We just had an earthquake the other day. It was a very mild one.
I can't remember if it was yesterday or the day before here in Mexico City, but there's an alarm going off because it's a drill.
So it's all good.
Bob West (22:46.000)
Now, we've evolved to where we are right now. You asked the question about how I look at categories being defined.
Data protection is something that is really fundamental to protecting information.
There have been early players in the market.
Cyera is the first company that is cloud native, has artificial intelligence built into it, and has an incredible amount of flexibility.
The combination of data being front and center on people's radar screens, the need to protect it, and the fact that Cyera is fundamentally different is the reason that I joined Cyera.
Declan Waters (23:17.975)
So it feels like you're at the right place at the right time from what I'm hearing.
Bob West (23:23.571)
Yeah. It's fortuitous. You don't get these opportunities very often.
Yotam Segev, our CEO, regularly communicates that this is a generational company. This is not something that happens very often.
I look at companies like Wiz, for example, that had a very large exit to Google. We think that we're in that neighborhood. Certainly, the amount of money invested in us, the valuation of the company, and the growth of the company all point in that direction.
When I joined as an advisor in January 2024, we had about 200 employees. We're now a little over 1,400.
All signals point to the fact that the right things are happening. Fingers and toes crossed that it continues.
Declan Waters (24:13.525)
Absolutely.
It feels like you're in between what the board is saying, what the board expectations are, and what has actually been resourced on the ground.
It feels like Cyera is in that position where you can help with accountability within large organizations.
Bob West (24:35.432)
Yeah, absolutely. I've had a couple of conversations in the last few months. One of them was with the Chief Audit Executive of a well-known company, and that person had just finished a meeting with the CEO.
The CEO communicated, "We're going all in on generative AI. We're going to implement it broadly." The CEO was willing to take risks. Well, what does that mean?
Is it a small risk? A medium risk? A large risk? Is it understood?
I was also speaking with a CISO of a large bank, and the chairman of the board had reached out and asked: "Are we using generative AI and are we safe?"
To your point, it is absolutely a board issue. It's a leadership issue.
The key thing is that this information needs to be translated into business language so that boards of directors and leadership teams understand how these issues are being addressed, what's being implemented, and whether the ecosystem is being protected properly.
Declan Waters (25:48.174)
Absolutely.
And if I'm a CISO in a meeting with you and I'm asking, "Can you tell me where my sensitive data is?"
Is that a solvable problem from Cyera's perspective?
Bob West (26:04.715)
Yeah, it absolutely is. That's one of our strengths. When you look at most of the legacy players, they were very good when they were launched and they're still good products.
But they were built to discover data in traditional infrastructure. Where we shine is because we're a cloud-native application and because we have AI built into the product.
We have visibility across the board. We can look at traditional infrastructure. We can look at data in multi-cloud environments and SaaS applications.
Even in legacy applications, we can create custom APIs to connect to them and understand what data is there.
We are fundamentally not only addressing issues at the board level and leadership level, but we're helping facilitate the use of AI, which is something organizations are very focused on right now.
Declan Waters (27:07.245)
This is one of the reasons why it's such a huge market opportunity for the company right now.
So much more for you, isn't it? That sounds amazing, Bob. I just want to take you back.
You're obviously on The Watershed Podcast, so one of the questions I always ask my guests is looking back on this illustrious career of yours, could you pinpoint one, or it could be more than one, watershed moment for you, Bob, where personally it took you in another direction that changed the course of your career for the better?
Is there anything you could think of over the years that had that huge impact on you?
Bob West (27:52.811)
Yeah, I would say two things. One of them was just fortuitous. I worked in technology infrastructure for about 10 years, and my last role was at Citigroup in New York and Chicago.
I was there for about eight years. A recruiter reached out to me and EY was forming a cybersecurity consulting practice, and there was a role open.
My background in working with networks, operating systems, and technology in general was a very good launching point for that.
So that is item number one. The second one would be when I left EY at the end of 1997 and joined Bank One at just a very good time.
We effectively rebuilt the cybersecurity function from square one, which is a multi-cocktail conversation.
Declan Waters (28:49.677)
Multi-cocktail. I love that.
Bob West (28:53.618)
A few months after I joined Bank One, my boss and my boss's boss, Keith and Neil, took me aside and said: "Hey, we think you'd be a good candidate for our leadership team."
They became my sponsors and mentors. They gave me some truly unique opportunities. They force-fed me a lot of security education. I went through the bank's leadership program, which was very difficult for technology people to get into at the time.
There's a very long list of things that I went through. I certainly would not have been able to build a foundation without Keith and Neil's mentorship and having them open doors that were truly unique.
Declan Waters (29:48.322)
Yeah, those open doors can open, but you have to want to move through them, Bob, don't you? Was that a through line of your career? Were you always pushing against those doors, trying to open them?
Bob West (30:04.999)
Yeah. I'm one of those people who feels really good when you stop hitting your head against the wall. I've been very fortunate that I've partnered with a lot of early-stage companies.
A lot of problems have presented themselves as a consequence of technology changing over time. I've just been very interested in understanding what's coming next. What are the issues being presented? How do we address them?
I've been on a number of advisory boards of cybersecurity companies. A lot of it is just being lucky, being at the right place at the right time. To your point, there are people who are intimidated by change and walking through doors. You can look at this in two ways.
Either it's being observant or it's being a glutton for punishment. Maybe it's a combination of both. But I've been very lucky to have unique opportunities, identify technologies that are game-changing, and here we are.
Declan Waters (31:25.505)
Yeah, here we are indeed. I want to close by asking you to maybe look through your crystal ball. If the AI security market plays out the way you think it will, what does that mean for the next generation of security leaders coming through?
You're going to play an important role in contributing toward that. You're laying foundations for the next generation of security professionals. What does that world look like for those future CISOs starting out in their careers?
Bob West (32:19.463)
That's a very good question. I will answer it generally because it's really hard to predict what's coming next. When ChatGPT was unleashed on the world in November 2022, most people did not know what generative AI was.
Now it's become front and center and something that's either being used on a day-to-day basis by enterprises or will be over the next year or two. I don't see generative AI going away. I see broader adoption in a very broad context.
For CISOs, it becomes really important to understand the business drivers of the enterprise, understand how generative AI can be leveraged, and then understand what risks are presented and how to put the right controls in place to make sure those risks are minimized.
Risk is never going to go away. It's not black and white. Think of retail banking.
Banks get robbed on a regular basis, but the fact that they get robbed doesn't mean they shut their business down. You put the right controls in place. In the physical world, you put in video cameras and dye packs in stacks of money.
As long as the right controls are in place, the risk becomes somewhat predictable. If you look at generative AI, it's going to solve a number of business problems. It's going to make companies more efficient. In security operations, I can see frontline roles being heavily augmented.
I don't know if they're ever going to go away. The jury is still out on that one. If the roles remain, generative AI tools are going to be used very broadly by security analysts. For enterprises, you have to understand what the business is doing, what the risks are, and where the business is going.
Once you understand that, you can take steps to address those risks.
Declan Waters (35:15.853)
Wise words, Bob, as always. And maybe just to close off, if we take a step back, how are you feeling big-picture-wise about the industry right now?
When we were at RSA, you told me that you've never been more excited than you are now to be working in security. I see that in your presentations and keynotes.
You're traveling around the world educating the market to help them look around the corner and see what's coming next.
What do you think?
Bob West (35:46.568)
Well, first of all, I don't think the issues we're facing will ever go away. If I wanted to, I'd probably work until I'm 140 as long as I'm having fun. I have this conversation every few years.
Why did I start working in cybersecurity? It's a mission-oriented environment. Our job as security professionals is to keep environments safe and minimize risk. It's almost binary: good versus evil.
That's what makes life interesting. If you're working with good people and interesting products like Cyera, it's as good a world as it can get. My hope is that luck continues with me and life continues to be interesting.
Declan Waters (36:53.737)
Absolutely.
The security industry is more interesting because you're in it, Bob, and I'm so pleased that you got into it 30 years ago. I'm grateful for this conversation.
You know I have a huge amount of respect for you personally and professionally. What you've done throughout your career and what you continue to do at Cyera is making a huge impact.
You're a hugely popular person in the security industry. I love spending time with you. I thoroughly enjoyed this conversation.
Thank you so much, Bob, for coming on The Watershed.
Bob West (37:30.429)
Thank you for having me.
I thoroughly enjoyed it as well.
Declan Waters (37:33.087)
Absolute pleasure.
Thank you.
Bob West (37:35.133)
Thanks. Cheers.