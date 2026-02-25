From a young age with my first computer, a ZX Spectrum, I have been passionate about technology. I enjoy understanding how things work, solving complex...

Q&A WITH Ryan Rubin

What drives and motivates you in your daily role? How do you stay inspired and engaged in your area of specialisation?

From a young age with my first computer, a ZX Spectrum, I have been passionate about technology. I enjoy understanding how things work, solving complex problems and helping others. This passion led me to a career in cyber security, a field that is crucial as our world becomes more digitally interconnected. Cyber security impacts many aspects of life, including crime prevention, economics and safety. With experience comes responsibility, and I find it rewarding to help organisations enhance their defences against cyber attacks. The best work is when it does not feel like work, and this is true for me in the cyber security field. The positive impact we can have is significant, providing meaning to our daily work. As technology advances, our roles in preserving digital and physical security will continue to evolve, offering deeper significance to those dedicated to protecting our interconnected world.

What emerging technologies or shifts in your area of expertise are capturing your attention? How are you adapting to stay at the forefront of these changes?

Adoption of artificial intelligence (AI) and blockchain technologies is rapidly advancing, while quantum computing comes into and out of focus. As cyber criminals and nation states increasingly exploit these technologies, it is crucial for protectors and investigators to keep pace with these developments and remain relevant to support our clients. Thankfully, principles applied to securing traditional technology over the last 28 years help. Also, I am on a journey, along with the security research community and ‘threat actors', to explore ways of compromising AI's integrity to identify mitigation opportunities. Sharing lessons learned from industry and cyber crime victims contributes to a growing body of knowledge. Despite often being one step behind perpetrators, quick learning from incidents helps close gaps. Engaging in cyber crime investigations also keeps me at the forefront of cyber crime. Embracing curiosity and open-mindedness is vital as the field evolves. I focus on collaboration through ‘learning by breaking, doing and sharing'.

Would you discuss a particularly rewarding engagement you have worked on? What made it stand out for you?

Ransomware is thriving as criminals exploit weaknesses to execute perfect crimes. Over the past five years, I have helped many global clients tackle severe ransomware attacks, which pose significant challenges. These attacks affect not only the businesses but also their customers and the teams dedicated to resolving them. Being part of the response team is a privilege, often requiring personal sacrifices for all to aid recovery from near disaster. Our efforts bring us immense pride as we collaborate with multidisciplinary teams to leverage expertise to provide support in difficult situations, applying rapid remediation tactics to contain the incident. Each incident presents unique challenges: identifying attackers, understanding their methods and ensuring eradication from client systems. Balancing the need for swift restoration with thorough investigation is essential. Applying our proactive and reactive security experience, we offer guidance and reassurance, helping clients navigate through incidents to progress toward a more secure future in their hour of need.

Representative Engagements

Provided broad security and privacy consulting services to a variety of financial services, retailers, hospitality, telecoms providers, airlines, energy and utilities clients.

Led global DFIR investigations in EMEA with internal audit, general counsel partners and insurance clients.

Provide ongoing incident response and proactive retainer services to help clients plan for, react and respond to cyber incidents on IT and operational assets.

Used crypto tracing to support victims of crypto thefts through social engineering or hacking attacks.

Led a workstream assisting receiverships to preserve evidence, locate, seize, trace and recover assets related to an investment and active trading fund Ponzi scheme across multiple exchanges, Bitcoin, Ethereum wallets and defi.

Helped a European and an Asian retail organisation with their cyber security improvement programme, strategy and roadmap.

Supported internal audit and fraud risk services for a global cryptocurrency exchange based in Hong Kong and provided advice on cyber compliance against HFC guidelines.

