In the SecureWorld Spotlight Series, we learn about the speakers and Advisory Council members that make our events a success. In Q&A format, they share about their professional journeys, unique experiences, and hopes for the future of cybersecurity—along with some personal anecdotes.
Dan Elliott is the Principal for Cyber Security Risk Advisory at Zurich Resilience Solutions Canada. He has more than 15 years of experience in national security and risk management and brings a unique perspective to cyber risk, having spent six years as an Intelligence Officer with the Canadian Security Intelligence Service (CSIS). He is a Chapter Board Member for the Risk and Insurance Management Society (RIMS) and a global representative for the Cybersecurity Advisors Network (CyAN).
Dan serves on the Advisory Council for SecureWorld Toronto and will be presenting at our upcoming conference on April 3rd.
Get to know Dan Elliott
Q: Why did you decide to pursue cybersecurity as a career path?
A: I was a tinkerer as a kid, and computers were one of my outlets. I had a bit of a misspent youth in various Telnet sites, which probably dates me. But then somehow along the way, I pivoted from that to national security. As I watched threat actors moving online, it made sense to combine old talents with new ones and put it to good use.
Q: When and why did you join your current organization (employer)?
A: I loved working in national intelligence. CSIS will always hold a special place for me, but at one point I looked around and realized I was spending less time with my family than I liked and something needed to change. In 2022, I met a friend and soon-to-be colleague who showed me how much I could still contribute in the private sector and I made the leap. Zurich has been a great place to work, allowing me to be a bridge between multiple worlds—business, insurance, and cyber—and draw on areas of expertise in each of those to improve cyber resilience for our insurance clients and everyone else that I work with. It has allowed me to keep many of the rewarding aspects of the work, while getting to share that with my kids.
Q: How would you describe your feelings about cybersecurity in one sentence?
A: Cybersecurity is a misunderstood (and often mislabeled) driver of business success that keeps me engaged every single day.
Q: What has been your most memorable moment thus far working in cybersecurity?
A: I would love to tell you. But I wouldn't be me if I didn't know how to keep a few secrets.
Q: If you had to choose, what's the one cybersecurity practice people can adopt that would have the greatest impact?
A: One? Wow. That's difficult. Okay, if you don't measure it, you cannot manage it. I could talk about cyber hygiene or 24/7 monitoring until I'm blue in the face, but if people don't know where they are currently (as an organization), then they have no benchmark from which to improve.
Q: What are the biggest challenges facing the cybersecurity profession?
A: Moving from an expense line or compliance requirement to business differentiator and driver.
Q: What are the biggest opportunities facing the profession?
A: In a word, growth. The profession isn't a "one size fits all" domain; it is so wide and so deep, and we need people with all different skills. It's not going away. Some of it will be replaced or augmented by AI tools, but as a profession, it is expanding exponentially.
Q: When you tell people what you do for a living, what do you say?
A: I help organizations understand cyber risk and be more resilient so that when they get hit, it's less impactful and they can get up faster.
Q: What advice do you have for someone considering cybersecurity as a career and/or someone new to the field who is looking to move up the career ladder?
A: Network and make a plan for continuous learning. If you stop networking and stop learning, you will fall behind in this field. No one has all the answers, and we work best when we're continually trying to be better.
Q: Lastly, what are you most looking forward to at your regional SecureWorld conference this year?
A: Meeting new people. I love learning and I know some of the presenters, so I know that will be great. But, I'm most eager to meet new people in the industry. I become better in speaking with others and learning from what's going well for them and what challenges they are facing.
To connect with Dan Elliott and other cybersecurity leaders in Canada, attend the second annual SecureWorld Toronto conference on April 3, 2024. Dan will be presenting a session entitled The Rosetta Stone of Cyber Security: Presenting Cyber as a Business Risk.
Continue to follow our Spotlight Series for more interviews of industry experts.
