Paul Barnes
Insights into the world of analytics
Polly
Hiya, how are you?
Paul
Hi Polly, I'm well, how are you?
Polly
Yeah, I'm good, thank you. Right, well, we'll get started then. So, do you wanna just tell me a little bit about yourself, about kind of like what you do and how you've got to where you are now?
Paul
Yeah, sure, Polly. So, I'm Paul. I'm the CEO and co-founder of Overe, a SaaS security business. I've been in the industry for about 20 years. My journey started in a technical role, more on the engineering side, and then I moved into sales and product management. Eventually, I landed in a startup again. I started in a startup, grew that business to a large one, and then started again.
Polly
Great, that sounds good. And it sounds like you've got quite a lot of experience in different areas of the industry. How has that shaped your approach at Overe and made the company what it is today?
Paul
Yeah, as I hinted at, I started in a technical role and then moved into sales, which was quite the opposite. Along the way, I also did product management. Experiencing all these roles gave me a great grasp on how to run a business, and that naturally evolved into me wanting to give it a go myself. One of the key tips I’d always give someone is to be open to trying something new. I was quite introverted and thought I’d stay in a technical role. But then, my CEO at the time told me, “Hey, you talk a lot, so we’re going to put you in front of customers.” That led me into product management.
Polly
That’s really nice to hear – it kind of brought you out of your shell. Do you feel like you're a bit more outgoing now than you were?
Paul
Yeah, there’s an element of putting on a show in front of customers, but it has helped me gain confidence. As I’ve mentored people early in their careers, I always emphasise that getting out of your comfort zone pays dividends in the long run.
Polly
Nice, that's good advice. So, you’ve been in the industry for quite a while now. What do you see as the biggest or most emerging threats that the cyber security business faces today?
Paul
Great question. I started out in endpoint security – we had antivirus back in the early 2000s, which was the main threat. Over the years, the focus has shifted to where the customer data is – mainly in the cloud. One thing we’ve noticed is that threats have increasingly moved to the cloud. For every threat hitting your PC, laptop, or network, we see six threats in the cloud on SaaS apps. Attackers are focusing on the cloud because it offers access to a larger volume of data. You still see data breaches primarily from a cloud perspective now.
Polly
Okay, that leads me to my next question. Can you share any insights into new trends or technologies in cyber that professionals or aspiring professionals should be aware of?
Paul
The obvious one is AI. It’s advancing quickly and is used by adversaries, but it also offers a defence advantage. In the past, getting into cybersecurity required intense technical skills, like reverse engineering. Now, machine learning and AI help us automate and detect threats, lowering the barrier for entry. The use of AI makes it easier to find the “needle in the haystack” when identifying threats. However, adversaries are also using AI. Deepfakes, for instance, are getting more advanced. These days, attackers can clone a voice from a few seconds of audio, making it much harder to distinguish real from fake. Innovation in this area is crucial to stay ahead.
Polly
Okay, so it sounds like key skills would include innovation and forward-thinking, along with that base knowledge you gain through certifications. What other skills would you say are fundamental to pursuing a career in cyber security? A lot of our students are career changers who may be unfamiliar with the industry.
Paul
I’m a good example of a career-changer myself. I started with a generic business degree, and I think curiosity and a willingness to learn are key. It depends on what area you’re aiming for. If you want to specialise, like dissecting malware, you follow a structured path with certifications. But if you want variety, those softer skills, like communication and collaboration, are crucial. In our company, we’re small, so we rely on each other’s expertise. And don’t feel overwhelmed if you’re not an expert – even thought leaders have teams supporting them. We have team members who had no cybersecurity background but are great at interacting with people to understand requirements.
Polly
That’s great. It feels like you’re saying that, for people just starting out, it’s quite an attainable goal. Earlier, you touched on networking and staying updated. Any more advice for our students on connecting with professionals in the industry?
Paul
LinkedIn is a good place to start. In the UK, we have several cyber and tech conferences that students can attend for free. Walking the floor, attending panel sessions, and soaking it all in can give you a feel for the industry. YouTube is also an excellent resource for understanding new research and seeing how things work. One of the coolest aspects of cybersecurity is stopping adversaries from causing harm, which can be incredibly rewarding.
Polly
That’s nice. So for anyone looking to get into that area, how valuable would you say certifications are for cyber professionals? Are they crucial for career progression?
Paul
I’m a bit of an anomaly – I don’t have cyber certifications, but I do have technical ones and experience leading large product teams. Certifications are essential if you’re aiming to be an analyst or a CISO, for instance. But in private vendors, if you want to sell or market cyber security products, certifications are less critical. The key is to understand the different roles in cyber, then pursue relevant certifications if needed. Workshops and conferences are great ways to learn what’s out there and find your path.
Polly
That’s good to know. So what do you think are the key areas for growth in cybersecurity for people entering the industry?
Paul
AI, again, is both a help and a challenge. The fundamentals, like networking basics and understanding operating systems, are also important. But cyber security is evolving so quickly, especially with the growth of AI. There are government programmes supporting businesses that are pushing the boundaries of AI from both a positive and an adversarial-prevention perspective.
Polly
Interesting. And for someone looking to progress to a role like yours, what advice would you give them?
Paul
To run a startup, or to lead successfully, you need a broad variety of experiences. It’s not for everyone – being a leader involves pressure and stress. I’d recommend product management, especially from a vendor’s perspective, as the best role for a 360-degree view of a business.
Polly
That makes total sense. And you seem so relaxed, which is nice to see. Have you got any tips on how to keep your head above water and maintain your wellbeing?
Paul
Having an amazing team really lowers my stress levels. If I was doing this solo, it would be extremely difficult. Having a network of mentors and advisors, as well as regular exercise breaks, helps a lot. Many startup founders neglect their mental and physical health, but finding balance is crucial. It’s also essential to build a support network for success – I tried going solo fresh out of university, but I didn’t have the experience, which made it tough.
Polly
Good for you! My last question is, what’s one piece of advice you would give to yourself 20 years ago?
Paul
I’d say to be less stressed about things. Stay curious, keep trying, and talk to people. Networking is incredibly important, especially as a leader. Over time, I’ve learned to give back more than I receive, and that pays dividends. For anyone starting a career, sharing experiences and supporting each other can lead to future opportunities. That curiosity, communication, and knowing this is the right industry are all key. But it’s also a demanding field, so staying mindful of burnout is important.