Information security used to be a game of rules, not relationships. The job was simple: protect the system by sticking to the rulebook. Security teams were like referees on the pitch — watching for fouls, enforcing the rules, and blowing the whistle at the first sign of trouble. If the policy didn’t allow it, the answer was no.
But that’s not the job anymore. Modern security isn’t about putting up barriers; it’s about using judgment, influence and communication to help the business make smart decisions. Today’s security professionals aren’t gatekeepers — they’re problem solvers, coaches and collaborators. The shift is driven by a simple reality: digital systems are now woven into every corner of the business, risk moves faster than any rulebook can and security must be a defender that enables innovation rather than becoming a barrier to it.
That’s why information security has evolved from a technical niche into one of the most dynamic, people-focused roles in technology.
The Evolution of the InfoSec Role
When I started in information security more than 25 years ago, we typically worked within closed systems. At AstraZeneca, where I began my career (Zeneca back then), the mainframes weren’t connected to the internet. The biggest risks were misconfigurations and insider errors — problems you could often fix by tightening controls and enforcing a strict, zero-tolerance approach to anything outside the security policy.
Then came the internet, cloud computing, social media and mobile. Suddenly, the digital perimeter disappeared. Businesses became interconnected, always-on, and globally exposed. It has been a period of incredible innovation but with it, each new channel has expanded the surface area of attack and introduced fresh opportunities for exploitation.
As the risk environment expanded, so did the role of the security professional. Information security evolved from a solitary pursuit into a team sport spanning infrastructure, cryptography, data analysis, compliance and human behavior.
From Safeguard to Strategic Priority
Part of what’s made information security so compelling today is how visible it’s become. Data breaches, ransomware and nation-state attacks dominate the headlines. That visibility has reshaped public perception and with it, the level of respect for the profession.
Today, boards and governments recognize cybersecurity as a strategic priority. But the role has become fascinating for another reason too: it demands judgment. There’s no playbook that can cover the pace of change. Every day brings new threats, new technologies and new dilemmas. That need for constant interpretation is why information security has become such a dynamic, people-centric discipline, and why it now demands a new skillset.
Creativity as a Core Security Skill
To me, the difference between science and art is adaptability. Science follows a formula. Art demands interpretation and cybersecurity sits firmly on the artistic side.
“No two days, incidents or threats are the same. You can’t copy-and-paste yesterday’s answer into today’s problem.”
No two days, incidents or threats are the same. You can’t copy-and-paste yesterday’s answer into today’s problem. Threat actors evolve constantly, and so must we. The real craft of security lies in how we respond: blending logic with instinct and technical skill with human understanding.
That’s why creativity matters as much as coding. Whether choosing vendors, assessing risk or handling an incident, security professionals must understand the business model, the customer experience and the culture they’re protecting. Technical knowledge is essential, but context is what turns that knowledge into good decisions.
Balancing Policy with Practical Judgement
If there’s one phrase that captures effective security, it’s “applied common sense.” Security has always been a risk-based discipline, but modern environments demand far more nuance. Every organization balances safety against speed, and control against creativity. Understanding that balance requires judgment, not just technical knowledge.
The core principles never change; confidentiality, integrity and availability. What changes is how you apply them. A financial institution’s risk appetite looks very different from a gaming company’s, which is why the best security professionals adapt their decisions to the context, not to a fixed rulebook.
Practical judgment means taking abstract principles and turning them into everyday behaviors. It’s the same instinct that makes you lock your front door without thinking. The challenge in business is helping people develop that same instinct for the systems and data they use at work, and that’s where people skills matter as much as technical expertise.
Empathetic Communication
Technology is essential, but people remain the real frontline of security. Most breaches start with social engineering. Today’s attackers don’t break in, they blend in, mimicking branded emails, senior leaders’ voices, or even joining online meetings. They’ve shifted from passive eavesdroppers to active participants.
That’s why modern security requires empathy, communication and emotional intelligence. Our job isn’t simply to enforce rules; it’s to help people understand why the rules exist — and to encourage them to stop and think before they act. At bet365, we’ve built a culture around openness. If someone makes a mistake or spots an issue, we want them to feel safe raising it. Shouting doesn’t make people secure. Understanding does.
Security professionals today need to be part teacher, part counsellor and part translator — turning complex risks into clear, actionable guidance that people can use confidently. As I often tell my team: if people think your idea was their idea, you’ve won.
Bending Without Breaking
Policies and processes are essential, but real life rarely fits neatly into a rulebook and the pace of modern business means people sometimes need to work in ways the policy didn’t anticipate. When that happens, good security isn’t about quoting the rule, it’s about finding a safe, workable path forward.
That’s why flexibility is such an important skill. A strong security leader knows when to bend without breaking; when to uphold a control, and when to rethink it. Flexibility doesn’t mean compromising safety, it means understanding the context, weighing the risks, and helping people achieve their goals securely.
Continuous Curiosity
Security never stands still. The threat landscape changes daily, and so must our understanding. That’s why the best professionals are curious by default. They read, experiment, share, question, and challenge.
At bet365, we encourage our teams to explore and connect. The security community thrives on collaboration — across companies, sectors, even industries — because no single organization can tackle these challenges alone. The more minds sharing insights, the stronger the collective defense.
The New Talent Pool
Because modern security blends technology, psychology and communication, there is no single template for success. Yes, we still need brilliant engineers and analysts — but we also need people who can see beyond their immediate task and understand how security fits into the bigger picture of how the business operates.
We see this first-hand at bet365. One of our most effective Security Operations Centre (SOC) analysts didn’t come from a technical background but from the fashion industry. She brought professionalism, strong communication, and the confidence to talk through problems calmly. In a role where teams must respond quickly to incidents, limit impact, and meet regulatory obligations, those skills are every bit as valuable as the ability to configure a firewall.
Stories like that illustrate how the profession is changing. Today, we welcome talent from teaching, marketing, retail, and the arts. These people bring fresh perspectives, transferable skills, and different ways of thinking. In a discipline where threats evolve daily and no two problems look the same, that diversity of thought is one of our greatest strengths.
Security’s Human Future
Cybersecurity today is one of the most multifaceted, fast-moving, and rewarding areas of technology. Yes, we still build defences and respond to attacks — but the real work happens in the decisions people make, the relationships we build and the judgment we apply under pressure.
That’s why the profession has changed so profoundly. Modern security isn’t defined by tools or technical skills alone; it’s defined by the people who bring creativity, empathy, pragmatism, curiosity and big picture thinking to the job every day.
Security has become a human discipline — one that enables the business to move forward safely, confidently and at pace. And that’s what makes it such an exciting place to be.