5 Questions with Aaron Jacobs: 2024 CompTIA Community – ANZ Cybersecurity Leadership Award Winner

When it comes to cybersecurity incidents, Aaron Jacobs isn't one to sit on the sidelines. As a senior global solutions engineer, security operations, at Sophos, Jacobs is a first responder when a new threat emerges, tasked with investigating and analyzing situations that can help better protect MSPs and their clients.

He shares his experiences and findings often-monthly calls (which aren't recorded for a reason) and speaking engagements that take MSPs on a journey from when a threat first gets detected, to how it impacts an organization, to how it was remediated. The reason? If one company is better protected, in essence all companies are better protected.

For his efforts and contributions, Jacobs received the 2024 CompTIA Community 2024 - ANZ Cybersecurity Leadership Award for demonstrating outstanding leadership and engagement in providing cybersecurity expertise and strengthening cybersecurity resilience within the technology industry.

We asked Jacobs what sees ahead in cybersecurity and why it's important to be proactive-not reactive-when it comes to threats. Here's what he had to say.

What does the Cybersecurity Leadership Award mean to you?

Winning the CompTIA Community Cybersecurity Leadership Award is both an honor and a reflection of the hard work and commitment I've put into helping businesses across ANZ strengthen their cybersecurity posture. It's a recognition that the conversations we're driving around detection, response and the importance of active cybersecurity management are resonating within the industry. This award underscores the importance of taking cybersecurity beyond just protective tools and embracing a holistic approach that includes detection and response capabilities-areas I'm particularly passionate about.

What is the biggest cyber challenge for ANZ MSPs and their customers?

In my experience, the biggest challenge facing MSPs and their customers in the ANZ region is the lack of enforced cybersecurity controls and the overwhelming choice of standards that don't always mandate 24x7 detection and response. Many organizations adopt a protection-first mindset, heavily investing in firewalls and endpoint protection. However, when incidents occur, the tools often do alert, but there is no response because no one is actively monitoring or knows what they are looking at. This reactive approach leaves gaps that cybercriminals exploit. Too many organizations rely on security tools alone, without considering the human and process elements that need to be in place. Without effective managed detection and response (MDR) services, even the best security tools can fail.

How are you working with the CompTIA Community to address those issues?

I work closely with the community to break down real-life incidents and examine their root causes. In many cases, it becomes evident that threats could have been identified early if someone had been paying attention. My goal is to help businesses understand that detection and response are as crucial as protection. By sharing real-world examples and incident analyses, I aim to shift the focus towards a balanced cybersecurity strategy that includes all pillars-protection, detection, and response. I also focus on educating MSPs and customers on the importance of incident response planning, encouraging them to ask, "What if?" and consider how they would handle different threat scenarios. Through this, we're helping organisations evolve their cybersecurity posture over time.

Where is the biggest opportunity for ANZ MSPs?

The biggest opportunity lies in managed detection and response (MDR). As threats grow more sophisticated and the attack surface expands, MSPs that offer comprehensive MDR services will be at the forefront of the cybersecurity landscape. By providing continuous monitoring, threat detection and timely responses, MSPs can fill the critical gap where many businesses struggle today-active incident management. It's no longer just about having the right tools but about having the right processes and people in place to act when those tools trigger alerts.

What advice do you have for MSPs about improving their cyber resilience?

My advice is simple: Start by building an incident response plan and continuously evolve it by asking the "what if" questions. Don't just focus on protection; ensure you're addressing all the pillars of cybersecurity-protection, detection and response. Doing something in each of these areas will position you far better than overinvesting in one while neglecting the others. Recognize that no matter how strong your defenses are, there will always be threats capable of bypassing them. When that happens, it's critical to have the ability to detect the breach and respond in real time.

<_h33d_22_22_>

Let's work together.
Learn about the CompTIA Information and Sharing Analysis Organization (ISAO).

Public link

Please use the above public link if you want to share this noodl on another website.