Navigating cybersecurity: Insights and tips from Niel Harper, Doodle’s CISO

Read Time: 6 minutes

Franchesca Tan

Franchesca Tan

Updated: Sep 30, 2024

A portrait of Doodle's CISO Niel Harper

As our lives become more intertwined with the digital world, the need for robust cybersecurity has never been greater. From protecting sensitive company data to safeguarding our personal information, the stakes have never been higher.  

We spoke with Niel Harper, Doodle’s Chief Information Security Officer and Data Protection Officer, to better understand this ever-evolving landscape. He recently won a Senior Professional Award with ISC2, a leading non-profit organization that specializes in cybersecurity training and certifications. Earlier this year, a New York Times advertisement by Lacework also featured him as an outstanding leader in cybersecurity.

In this interview, we’ll discuss his background and role at Doodle, trends in cybersecurity, how to secure customer data, and how small-to-medium businesses (SMBs) can protect themselves in this ever-evolving landscape. 

A portrait of Doodle's CISO Niel Harper

Meet Niel Harper, CISO at Doodle

Tell us about yourself and what inspired you to pursue a career in cybersecurity. 

My inspiration to pursue a career in cybersecurity stemmed from my interest in building resilient networks and IT systems.

My career began around 20 years ago when I obtained my college diploma in information systems specializing in telecoms. There, I was introduced to the field and received hands-on training in deploying commercial Integrated Services Digital Network (ISDN) services. 

My first real job was with Cable & Wireless, where I was a telecoms technician involved in the day-to-day operations of an Internet service provider in Barbados. My last pure-play telecoms role was as the Network Operations Manager for AT&T Wireless, where I led a team responsible for the operations and maintenance of a GSM mobile network. 

In 2002, I obtained my first cybersecurity-related certification - Certified Information Systems Auditor (CISA) - and then transitioned to cybersecurity the next year as Manager of Internal & ICT Audit for a telecoms services provider in the Netherlands Antilles. 

Fast-forward to 2022, when I joined Doodle and have since been leading the IT Operations,Security, and Compliance teams.

Niel Harper, CISO at Doodle, featured in the New York Times.

Niel Harper, CISO at Doodle, featured in the New York Times. Source: Lacework.

The most pressing cybersecurity threats

What do you see as the most pressing cybersecurity threats facing businesses today?

Ransomware—a type of malicious software that locks or encrypts a victim’s data and demands a ransom payment to restore access—continues to be a major threat. Still, it has become even more prevalent as threat actors focus their attention to cyber extortion. 

The current geopolitical climate also contributes to the increased targeting of organizations by highly experienced and well-organized state-sponsored adversaries. 

Additionally, many companies remain unprepared to deal with the risks they face from third parties (such as supply chain attacks). 

Finally, the use of generative AI by staff and external threat actors is both an opportunity and a threat, but many businesses still don't fully understand the implications.

Set up your free account - no credit card required

Ensuring our customers’ data security

How does Doodle ensure the security of its customers’ data, especially with its products?

At Doodle, we don’t depend on security tools as replacements for robust security controls. Our focus is primarily on getting the basics of cybersecurity right—identity and access management (IAM), configuration management, asset management, vulnerability management, penetration testing, and third-party risk management, among others. Any tooling is layered on top to support orchestration, automation, and defense-in-depth. 

There’s a risk-focused ‘tone from the top’ with cyber risk being a running topic in board and executive meetings and a key element in the enterprise risk management (ERM) framework. Doodle also undergoes annual SOC 2 Type II, Cyber Verify, and GDPR audits. 

Creating a culture of security awareness

What is the key to creating a culture of security awareness among employees? 

The most critical aspect of creating a culture of security awareness is a strong ‘tone from the top.’ Security awareness should start with leadership, influencing the company culture, and guiding their teams’ actions.

For example, at Doodle, the board of directors and executive management are sensitive and attuned to the potential impact of cyber risks across multiple company dimensions. Their support in terms of risk ownership, effective messaging, appropriate funding, and leading by example is integral in instilling the correct security practices among the staff. 

We also deliver a dynamic security awareness training program that leverages online learning, regular tips and tricks, phishing simulations, tabletop exercises, and role-specific training. 

A visual of a woman working and some cybersecurity icons

New trends in cybersecurity 

What emerging cybersecurity trends or technologies are you most excited or concerned about? 

I am particularly excited to see the barrage of attention focused on cyber capacity-building. We're witnessing significant resources concentrated toward building capacity within nation-states to better protect themselves from online threats. 

I must commend key players like the Global Forum for Cyber Expertise (GFCE), World Bank, European Union, World Economic Forum, Organisation of American States (OAS), Cyber Peace Institute, and others for their work in this area. 

Concerns on the threat horizon that are at the forefront of my mind include the risks of large language models (LLM) and AI, the Internet of Things (e.g., smart devices, connected cars, smart cities, etc.), quantum-safe cryptography, and state-sponsored cyber warfare and cyber espionage.

Set up your free account - no credit card required

Insights and advice for businesses

What advice would you give businesses, particularly SMBs, to better safeguard their data and maintain customer trust?

SMBs must have someone at the executive and operational levels who understands and owns cyber risk as a strategic business risk. By this, I mean that the responsibility for cybersecurity shouldn’t be delegated to an IT manager or system administrator because it’s much more than a technology risk.

A qualified and experienced individual should work on developing and executing the business’ cybersecurity roadmap. If this skill set is unavailable in-house, they should consider hiring a virtual or fractional Chief Information Security Officer (CISO) to oversee cyber risk management. 

As mentioned in a previous comment, organizations must not see fancy tools as a panacea or replacement for effective cybersecurity. They must create an inventory of their critical systems and data (‘crown jewels’) and implement strong controls based on the importance of those systems and information assets to the business.

Thank you, Niel, for sharing your insights and expertise!

Related content

woman focus work

Scheduling

The Top 5 Scheduling Mistakes and How to Avoid Them

by Franchesca Tan

Read Article
men with pet dog

Scheduling

The Best Way to Schedule Pet Care into a Busy Life

by Franchesca Tan

Read Article
old man indoor sports and yoga

Scheduling

The Best Strategies for Scheduling to Meet Personal Fitness Goals

by Franchesca Tan

Read Article

Solve the scheduling equation with Doodle