The Human Edge of Cybersecurity: Ben Hanson on Protecting a Digital Society

Ben Hanson is an acclaimed cybersecurity speaker and a leading voice on digital risk, identity management, and the future of secure enterprise. 

As a seasoned strategist with deep technical fluency, Ben helps organisations navigate the shifting cybersecurity landscape—from AI disruption to cloud-native threats. 

With a career spent advising Fortune 500 companies and critical infrastructure providers, he offers a uniquely human perspective on digital defence: one that balances innovation with responsibility. 

In this exclusive Q&A, Ben discusses the evolving role of identity, the urgency of AI governance, and why cybersecurity is not just a technical function—but a societal imperative.

Q: Cybersecurity is increasingly being recognised not just as a technical domain, but as a critical enabler of societal resilience. With that in mind, what makes this field uniquely impactful—and why do you believe it offers such meaningful career opportunities today?

Ben Hanson: “What we do in cybersecurity enables the whole of society to flourish. I mean, in this day and age, that is true. Recently, I was working in a coffee shop in the village where I live, and it was early in the morning. Outside the window, I could see mums and dads walking with their kids through the village square to school. I was working on my laptop with a very large bank, helping them through a particular security challenge they were having.

“I remember thinking, as I looked outside at these folks walking across the square: what we’re doing matters to every one of those people—but none of them know it. If you lose a global systemic financial institution, like a large systemic bank, it doesn’t just affect cities and nations. It affects the financial systems of entire continents, which undermines the fabric of society in a very tangible, very practical way.

“So, this, for me, is both the great responsibility and the privilege of working in cybersecurity. You can invest yourself in something that really, really matters. And I think, if you have a North Star in your career—if you want to invest yourself in work that’s meaningful, that’s consequential—you can’t find an industry more consequential than this one. That’s what I love about it the most.”

Q: Every industry experiences breakthrough moments that redefine best practice. In cybersecurity, what would you identify as a game-changing paradigm shift—and why has the growing centrality of identity been so transformative?

Ben Hanson: “It’s the central role of identity in security—this idea of identity as the modern perimeter. Attackers are becoming more identity-centric. The industry is still trying to catch up with the implications of identity becoming essentially the central focus of what we have to protect.

“If you go back to the early ’90s—this is when enterprise firewalls came to the fore. Certainly, this was before widespread cloud adoption, so it was very easy for organisations to draw a very stark dividing line: delineating their traditional network perimeter and defining what was inside versus outside, trusted versus untrusted, us versus them.

“Fast forward to the early 2000s, with very widespread adoption of the internet and increasing cloud adoption, you had organisations like the Jericho Forum talking about de-perimeterisation.

“So, the traditional network perimeter was eroding and contracting around assets themselves. This gave rise to the idea of the “endpoint as bastion”, which led us to more advanced endpoint protections—EDR platforms.

“We’ve now taken another step towards the central role of identity in security. I think there are three reasons why this is happening.

“First, if you look at modern access scenarios—especially post-COVID—often the user’s corporate identity is the only common factor across all domains. People use networks you can’t control—their home, a coffee shop. They use endpoints—depending on your BYOD policy—that you can’t control or not as well as you might like. They’re accessing data on systems you don’t control, accessing SaaS applications run by others.

“So, almost out of necessity—because it’s the only common unifying factor across all these components—identity becomes the fulcrum around which everything else balances.

“Second is attacker behaviour. Attackers have always been identity-focused. Effectively, every attack is an attack on identity at some point. Around the midpoint of the attack chain, they try to get control of privileged identities to access the data they want.

“But it’s shifted even further. Attacks in the news right now are compromising cloud-native identities, targeting cloud-native applications, compromising application service principals, connecting via APIs to cloud-native services, and extracting data.

“Nothing about that attack sequence touches your endpoint. So if you’re still focusing most of your attention on your devices, you’ll miss a lot. Those kinds of attacks don’t trigger endpoint controls—and if they do, it’ll already be too late.”

Q: Artificial intelligence has already begun transforming security operations, yet widespread adoption still faces serious roadblocks. From your vantage point, what is the most overlooked challenge—and how can organisations unlock AI’s full potential while managing its risks?

Ben Hanson: It’s not the capabilities of AI that people are afraid of. I don’t think it’s about whether we can or cannot erect and enforce boundaries around what AI can do—that’s a slightly different conversation. The upside is abundantly clear. People and organisations recognise that this is going to change the world—in fact, it already is.

“Anecdotally, I haven’t done a normal web search in months because of the value that tools like Copilot and ChatGPT provide. And I think there’s no question AI will be doing things for us. This is a conversation people are a bit afraid to have right now. But I believe it’s not only inevitable—it’s necessary, especially in security.

“We’ll need AI to act on our behalf, to supercharge our automation so we can keep up. We want to allocate our most valuable human capital to our most complex challenges. To enable that, we need AI. The concern is how—and how well—we can enforce limits on what AI does on our behalf.

“Take, for example, the story about the US Department of Defense testing five off-the-shelf large language models in a simulated wargaming environment. Two of the five decided it would be appropriate to use nuclear weapons. That underscores people’s fears about needing strong, enforceable boundaries.

“Especially in heavily regulated enterprises and industries, that governance layer around AI—being able to impose and enforce those boundaries—is essential for scaled adoption and extracting maximum value.

“And that’s the missing piece—the governance layer around AI. Some tools have capabilities built in (some better than others), but horizontally—across vendors and systems—we don’t yet have a way to govern AI end-to-end in an organisation.

“Even basics like controlling inputs and outputs, and managing how AI interacts with sensitive business data or cyber-physical systems—auditing, logging, monitoring—these just don’t exist consistently across the board.

“That said, I take some comfort from the fact that this isn’t unique to AI. It’s symptomatic of every technology innovation. If you go back to the early 1900s and the invention of the car, the first petrol station came five years after the automobile. So the technology existed before the ecosystem to support it did.

“We’re in that same in-between phase with AI. The tools are here—the governance ecosystem isn’t. But we’ll get there. The second challenge, using that analogy again, is that people are still dragging horse-and-buggy ideas into a car world.

“You look at some of the strategies organisations are developing two or three years out—and you realise, in 12 to 18 months, those strategies will be obsolete. The way we solve these problems is about to fundamentally change.

“In security, this is going to hurt. We’ve got some sacred cows—ways of doing security we’ve been wedded to for 5, 10, 15, 20 years: monolithic SIEM platforms, security operations, endpoint protection, investigations, information enrichment—all of that is going to change.

“If you’re still doing it the same way in 18 months as you did over the past decade, you’ll be far behind the curve. And that matters—not just because you won’t be extracting full value from AI, but because attackers will have evolved. They’ll have moved beyond what traditional controls can handle.

“The inability to evolve—and evolve quickly—will put your entire organisation at risk.”

This exclusive interview with Ben Hanson was conducted by Mark Matthews.

The post The Human Edge of Cybersecurity: Ben Hanson on Protecting a Digital Society appeared first on European Business & Finance Magazine.