James Lyne

Director of Technology Strategy

"I take the security threat as a direct affront to the purpose of the web."

—James Lyne

James Lyne is focused on the 5-year technology strategy at Sophos in the Office of the CTO. Working with key business and technology trends and combining a detailed knowledge of threats, James extrapolates from the modern world of threat protection to explore the future security and technology requirements. Aside from technology strategy, James frequently engages with customers and industry forums to evangelize the security problem domains.


With a background as a mathematician and a strong focus on cryptography, James Lyne's knowledge of security is informed by a detailed understanding of practicalities. James has worked with some of the world's largest and most paranoid enterprises to implement risk-oriented security strategies. With a collection of academic awards and industry certifications James also works with educational bodies to improve awareness, which is the most important component of security.


  • All things malicious
  • Legal drivers for security
  • Security policy
  • Technology trends


"I am a very energetic and passionate. I sleep very little and love to learn. I grew up with the Internet and I take the security threat as a direct affront to the purpose of the web. It's fantastic working at a company where I get paid to help people defend themselves against criminals.

I'm very passionate about my work and switch frequently between techy and business modes. I absolutely love talk to customers and prospects, you always learn something, get to meet some fantastic people and hopefully contribute visibility and knowledge in return. Of course, that can involve a fair amount of travel. As a result, I sometimes live in my own time zone – JMT."

Three questions

How is the security function perceived in most enterprises right now?

"I think many security decision makers are engaging more at the business level driven by the wider set of problems in the security problem domain; policy today is more of a business than simple technical discussion and has to be approached with a risk management methodology."

What do you think the most significant topics will be in security over the next 3 years?

"Technology trends like mobilization, virtualization, consumerization and SaaS—fundamentally the change of delivery of computing and services. Combine this with massive changes in the profile of the threat and many regulations with dubious alignment to industry best practice and I think you have a confusing mass of topics for the CISO to worry about. Security that supports the business and drives simplification and consolidation is going to be the focus."

What do you think the biggest mistake is that people are making around security at the moment?

"Trying to make more complex policies, employ more best of breed technologies and scale solutions/people to the growth of the threat. That is a losing battle with an exponentially growing problem space. The market needs to demand vendors solve this problem and take responsibility. People don't have the budget to continue the present approach to security—a new path has to be forged."