There’s rarely a time in the day when Andi Hudson isn’t immersed in technology. When he’s not fulfilling his duties as IBM’s cloud security architecture lead in the U.K., he’s reaching out to the next generation of cyber professionals through volunteer work with universities and colleges. Or, he’s teaching his own young kids how to write in Python, or how to make wacky contraptions, such as an automated irrigation kit and a Tesla coil that plays music.

Simply put, Andi Hudson lives and breathes tech and security, and he’s always happy to chat about anything from cloud security, to artificial intelligence (AI), to the impact of the Internet of Things (IoT) to the neuroscience of privacy denial.

“For me, cybersecurity has to start right at the very beginning,” he said, speaking from his home in South Wales. “Giving kids access to this stuff is important, but even more important is teaching them to use it ethically and responsibly.”

Spreading the Gospel of Data Privacy

No matter what else he’s doing, Andi is always keeping a close eye on the future. He’s particularly interested in artificial intelligence, data privacy and what the C-suite needs to pay more attention to.

Much of it comes down to the data, which Andi classified as “the oil of tomorrow.” He believes that, given the right bits of information, cybercriminals can steal data (including identities) and “really go to town with this information.” He’s also worried about the confirmation bias this level of sharing brings — that our “likes” are collected and we’re grouped with other users who share the same ideas opinions. To quote Andi, quoting author Cory Doctorow: “It’s not about what you have to hide; it’s about what you choose to share.”

“We give away so much information so freely, to a degree I think the horse has already bolted,” he said. “That’s why I invest so much of my own time in educating academia, because they’re the next generation. But it doesn’t just start at universities and colleges; it starts at home in the family, and in primary school and secondary school. Security is not a product — it’s a process.”

Andi is a science, technology, engineering and mathematics (STEM) ambassador, as well as a Barefoot volunteer with Computing at School (CAS). He visits primary schools to nurture the next generation of cyber professionals. Andi shows the faculty how to teach computational science, helps children understand the importance of STEM subjects and exposes them to careers in technology.

A Nontraditional Approach to Cloud Security

When he’s not nurturing the youth, Andi leads a growing team of architects at IBM Security U.K. Part of his role is to ensure that all the individual skill sets in security keep cloud-based applications front of mind. IBM promoted him to lead after catching wind of the impressive work he did in the London insurance market, building collaborative cross-vendor solutions for a new target operating model that enables 9,000 U.K. financial services companies to work together.

“IBM never really had a cloud team that encompassed a lot of those different skill sets,” he said. “A lot of the traditional architecture always sat in resource pools within somebody else’s data center — but, of course, with the cloud, that’s all different now. They’re not using their own data centers anymore; they’re using ours.”

While Andi primarily works hands-on with clients on cloud-related transformation projects, he also gets to speak at conferences and, of course, engage with the education sector in both his day job and his volunteer work.

A member of the South Wales Cyber Security Cluster, Andi works with Cardiff’s three universities to make courses as relevant as possible according to the latest industry trends. That plays into the work IBM does with Exeter University, and may soon start doing with Warwick University and the University of the West of England.

“It’s about making a difference,” he said before launching into a story from last year when, at the height of the Petya and WannaCry ransomware outbreaks, he found himself in a war room on a weekend trying to reverse-engineer a client out of an attack.

“You know when you feel sick in your stomach, the nerves and anxiety? I’ve had it before when I used to work for a services company; we switched the system off once and it didn’t come back on,” he recalled. “You have this gut-sickness feeling. You’ve just done a lot of work, you’ve had no sleep, and you know you won’t get any sleep or food until this problem’s gone. It was exactly like that — that sick feeling.”

Why Security Leaders Need to Tell It Like It Is

Luckily, Andi was so close to the customer and had been so hands-on with the account that he was able to solve the problem and develop a watertight remediation plan. He even won an award for his work.

The key, he said, is his willingness to have frank discussions about security, even if it means telling clients what they don’t want to hear. Andi has found that this nontraditional approach helps him develop closer relationships with clients and break conversational barriers that would otherwise stymie progress.

“I think that clear, open transparency just resonates with customers,” he emphasized. “A lot of things were always taboo — certain things you didn’t say to certain executives, and certain things you didn’t cover — but if you want a real, secure solution, unfortunately you have to have those conversations.”

This transparency is especially crucial today, given the lightning-quick pace of change in the industry and ever-evolving nature of the cyberthreat landscape.

“The fact is, it keeps changing — and what’s right today might not be right tomorrow.”

That’s why Andi always has his eyes on tomorrow — both in terms of the threats his clients will have to contend with and the next generation of cybersecurity heroes that will defend them.

Meet Security Consultant Ben Goodrich

More from Cloud Security

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Best practices for cloud configuration security

5 min read - Cloud computing has become an integral part of IT infrastructure for businesses of all sizes, providing on-demand access to a wide range of services and resources. The evolution of cloud computing has been driven by the need for more efficient, scalable and cost-effective ways to deliver computing resources.Cloud computing enables on-demand access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) over the internet. Instead of owning and maintaining physical hardware and infrastructure, users…

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today