In High School, James Robinson had two loves: cars and football. An affinity for the former initially grew simply from poverty, he recalls. He had to help his dad keep an ageing car on the road (getting it started, fixing headlights, oil changes) just so his parents could get to work.

(They had both lost their jobs when he was 12-years-old and the family had moved to a farming community in central Illinois, he tells The Stack.) 

He “wasn’t very academic” and his principal let him know college wasn’t an option – suggesting that he enroll in vocational school instead. He took the advice and wound up in mechanical school, which included, teenage dreams being what they are, lots of fun wiring in subwoofers. 

From wiring, to networks…

Playing with car wiring precipitated a growing love of all forms of networks. “I wasn’t a reader,” he tells The Stack, “but the first book I could really sit down and read was the Cisco Press TCP/IP book. 

“I just sat there in the library and read it for hours and hours and tried to understand it; I couldn't get enough of it. It's an amazing thing now looking back,’ he laughs. “Who would sit there and read that book?!”

The seeds of future careers are planted in myriad mysterious ways.

Robinson wound up at Cisco academy, getting straight As at school, and then landing a tech job at insurance firm State Farm whilst in his teens. 

… from networks, to CISO

He is now Chief Information Security Officer at Netskope – a network and security company that went public in September at a $7.2 billion valuation; Netskope’s customers include Airbus, Colgate-Palmolive, and 30% of the Fortune 100. (The company provides “real-time, context-based security for people, devices, and data anywhere they go.”)

Sitting down to chat at Gartner’s Security and Risk Management Summit, Robinson harks back to his childhood as our conversation turns to hiring. (Netskope has over 240 roles open, as it continues to grow rapidly.)

Talent and grit

He tries, he says, to be “very intentional” about getting diverse talent through the door. There is, he says, not a talent problem but a “pipeline problem” – not least because he welcomes people who think differently. 

Netskope and his team get involved here in working closely with High Schools to bring in diverse talent, he says. Sometimes, he reflects, it’s a case of finding “people that maybe were growing up kind of like me; they didn't have money as a family, so they had to work through school. The right talent is someone who has that grit, that work ethic, is just going to jump right into it.”

And where they’re lacking confidence, we try to “wrap and support them and get them to that next level,” he reflects; pointing to one example of a young intern on his team who was “really nervous” about giving a talk, spent ages on it and then delivered “the best presentation!” he’d seen.

Appliances, networks, and AI

“Network security without performance trade-offs” is one of the marketing phrases of choice at Netskope. (The company says it sells to traditional networking as well as security teams, and finds that the two are increasingly close.)

Gartner rates it a leader in both its “Security Service Edge” Magic Quadrant and the SASE Magic Quadrant. (That’s for companies that provide “converged network and security-as-a-service capabilities, such as SD-WAN and secure access to the web, cloud services and private applications regardless of the user’s location” as Gartner puts it.) 

Robinson says Netskope's customers include major enterprises that are pivoting away from moat-and-castle legacy operating architectures at central offices; mining firms that use it for zero trust security at truly “edge” locations, including those running over satellite networks; and firms adopting heavily remote “coffee shop”-style approaches. 

He cites one company that effectively has no local network and is running all of its traffic from the mine’s operations over Starlink, with Netskope maintaining critical security coverage and low-latency routing to its nearest “NewEdge” data center and then onward to customer’s ultimate  destination, whether that is web, cloud, SaaS or private application. 

Netskope’s NewEdge is an extensive set of global data centres or points of presence, as well as redundant, premium transit links across some 700+ unique autonomous system networks (the building blocks of networks that comprise the internet) and it ranks in the top 15 of organisations globally, in terms of global internet exchange point (IX) participation.

That lets it “inspect, analyze, and control traffic in real-time and at high speed” to understand hundreds of activity types across “thousands of cloud, SaaS, and AI applications, over a billion websites, and countless data lakes, stores, and private applications” as its S1 IPO filing put it. 

The coffee shop model… 

Ultimately most customers are trying to move to a zero trust approach he says, without really using that widely abused term. As he puts it: “People are trying to move to more of the coffee shop model. In the coffee shop model, you don't have interconnected inner networks. You don't have inherent trust that's just established because you walk in the door, right?”

Netskope aims to help customers build what he describes as “very, very tight isolation from anyone else on the network” – which reduces network blast radius in the event of an incident, but also layers in contextual awareness across users, devices, applications, and data. (That includes blocking sensitive data from unintentional LLM exposure.)

Robinson is quick to volunteer that “openness of lateral movement from an application perspective and access to data [in the event of someone being compromised] is, I think, still one of the bigger areas of risk and one of the bigger areas of concern that most CISOs I talk to [are focused on].

“They haven’t built that muscle…”

Most firms are trying to “incorporate new security models to be able to defend against that” he comments. What can most do better, we ask?

“[We, as an industry, need to] dynamically look at role creation and access, and then take into account things like, ‘if you haven't used your access for a certain amount of time, why do we need to retain that access? Why don't we just remove it?’” he reflects. “If we can be faster at provisioning access, then we can be faster at removing access. 

“Many times, I think the conflict that security leaders run into is their efficiency to create and give access may be there, [but] they haven't built that muscle to remove the access, or they're afraid that they're going to break or block business” he says — reflecting that the drive to roll out autonomous agents in most organisations brings up similar challenges. 

Agentic AI? Keep it “very tight”

When it comes to agents, “I really look at agentic AI as this opportunity for a lot of things to be done, but much like we did with containerization, you want it to be very small, very tight, and so you're going to have hundreds, thousands, millions of agents operating [but they will have to] have a lot of boundaries that they have to cross," he says. "Going back to lateral movement. If you over-permission, you over-privilege a person. Guess what's going to happen? Why would we recreate the same security [risk] for agents?”

Finally, what do you think most people misunderstand about the CISO role, we ask? Robinson doesn’t hesitate: “That the CISO owns all security! Whenever an organization goes through a security incident, it drives me crazy whenever I see that the CISO gets attacked. All of us that are in the CISO community know that it really takes the entire organization. 

“It's a team effort. It's a team sport.”

Delivered in partnership with Netskope.

The link has been copied!