The Strange Story of Security’s Next Superstar

James Lyne is destined to be one of the biggest names in security. He might even become the industry’s first ever mega-star

Continued from page one

The interview was strange too. Lyne was handed a test and given 15 minutes to complete it. When the interviewer returned, he asked Lyne which section did he do. “What do you mean?” Lyne replied. “I did all of them.” “You’re only supposed to do your specialism,” the bemused interviewer responded.

Then a Sophos founder came in, asking him a typically lateral question: how many tennis balls could Lyne fit into the room. “Do you want me to do a random lattice or a perfect lattice?” Lyne asked. “Ok, I get the point, don’t bother answering it,” the founder replied. Lyne, at just 18, was handed the support job at the end of the interview.

Just as in school, his rise to the top was to be a speedy one. Lyne loved his new job and became obsessive in his new role. “One morning I handled 458 support cases before anyone else got in. The average per day was about 25,” he claims. He once spent three hours on the phone to an NHS worker who could not get their Sophos CD to load. It turned out the CD was upside down.

He began doing internal presentations, but his introverted nature meant he was awful at it. Yet there was one defining moment that would help turn this around. It was at a time when Sophos was at a low. Many of its products simply weren’t working. “It was one of our less great moments as a company,” Lyne explains. “We were introducing new products like email, we were broadening. We ran to do this. It was the right design but the wrong implementation. It just didn’t work reliably. The number of calls to support tripled. We screwed up and we had angry customers.”

CEO Steve Munford had heard stories of Lyne’s technical wizardry and called him up to the office, asking what was wrong with the software it was selling. “I’m on the spot. I gave him this list, saying ‘these are the things that are wrong’. For a start, when someone types in their username and passwords wrong, the product says ‘800F4409’ rather than ‘please re-type your username and password’. I went through this list and at the end of it he said thank you.” This meeting would eventually catapult him into the upper echelons of Sophos.  Lyne was brought in to assist in bringing an end to the crisis.

“That was the defining moment. Steve had seen that I was technical but that I could – albeit not brilliantly – speak English. From then I got to  travel to different different places and do different deals.”

Before long, Lyne was put to work in the office of CTO, where he would be developing strategy, writing the company’s threat protection vision, whilst working with engineers, sales and product managers. “By this time I’d learnt I could talk to all these different groups in their language and translate,” he adds.

Lyne overcame his social problems. His presentations became hugely entertaining. And he became the young face of Sophos, and one of the leading lights of the UK infosec scene, all whist keeping his hands dirty, tearing apart nasty pieces of malware, as he still does today.

Security’s first real superstar

As a sign of Lyne’s rise to prominence, when he met his data security hero Ed Skoudis (author of Counter Hack and other books on security), the latter was almost as excited to meet the former. “It was a nice meeting of minds,” Lyne says. Other companies have tried to pinch him too, including the likes of Symantec and McAfee.

Has the dark side ever been attractive? “I’ve never been tempted. I do believe that when I was an idiotic teenager with all these deeply technical skills, if some cyber crime gang from Russia came along and tempted me with praise and money, I could be in a bad place. I think it could have happened.”

Those outside the industry are fond of him too. “James is a smashing chap. I’ve worked closely with him for two years now and I still do not have a clue what he’s talking about most of the time – that is a sign of a true expert,” quips lawyer Stewart Room, director of the Cyber Security Challenge, which Lyne is heavily involved in, mentoring the UK’s future cyber security pros.

Evidently, he is already massively popular. Whilst there are many big names in the security industry, from F-Secure’s Mikko Hyponnen to Bruce Schneier – “the closest thing the security industry has to a rock star” – few are as young or as vibrant as Lyne. One gets the feeling he is destined for something more than others.

As we walk up through a remarkably sunny Soho, a typically chirpy Lyne, wearing a £400 bespoke tweed jacket, reveals he is involved as a talking head in a TV show about cyber security, set to air on terrestrial TV later this year. The producers were so enamoured with him, it seems, that he is being considered for the role of presenter. Earlier he had told me he met modern-day physics celebrity Brian Cox on a flight to the DEF CON hacking conference.

I ask him if he’d like to be the Cox of cyber security. “Yes, I think I would actually,” he responds. For the first time he’s taken aback by my questioning.

Lyne is certain to be one of infosec’s biggest names. But he might also have a shot at being the industry’s first ever true mega-star.

Think you’re a security whizzkid? Test yourself with our quiz.