Solutions The best route to security compliance
Platform A powerful suite of ISMS features
Resources Everything you need to know
Knowledge Base Learn more about infosec
Company Security and customers first
Back to News

Meet Nick Graham: CTO

In the latest installment of the Meet the Team series, we spoke to Hicomply co-founder and CTO, Nick Graham.

He discloses how he got his start in tech, his advice for anyone who wants to get into the tech industry, and how the industry has evolved.

How did you get your start in the industry?

I began my career as a geologist in the oil and gas industry during the late 1990s. The job required training in IT and networking, which sparked my interest in technology. This led me to join an MSc course with a broad coverage of computer science.

After the course, I knew I wanted to focus on software development, spurred on by the excitement of the dot-com era and emerging web technologies. My first role was with a large marketing technology business, which provided an excellent start in software development.

In 2004, I joined 4Projects, my first true SaaS business, where I stayed for a number of years before setting up my own SaaS businesses Kykloud, and now Hicomply.

How has the industry changed since you started out?

The tech market has changed massively since I started out. The biggest I've been part of is the move from on-premises infrastructure and software to cloud and software services.

For years, the discussion was around the risk of moving information and critical software from your own premises to the cloud - but this argument is now settled and almost all software is delivered this way.

What is your favourite part of your job?

I love creating product strategies and building products from an idea into something that truly disrupts the status quo.

For example, at 4Projects, traditional paper-based document and project management processes were moved into the cloud, which enhanced collaboration and safety on some of the very largest infrastructure projects. At Kykloud, traditional building surveying tasks were digitised, improving efficiency across many thousands of buildings around the world.

At Hicomply, we're helping businesses protect their operations and data by automating the processes required to achieve and maintain information security compliance using our SaaS product.

Where do you see the industry in the next five years?

In the very near term, I think we will see a rapid adoption of AI, mainly large language models, which will have a massive impact on the efficiency of collaboration, content creation and review.

More generally, the standard of protection for cyber and information security across businesses is patchy at best. Some businesses do things very well while others do very little to nothing at all. But the ever increasing volume of cyber attack globally suggests this patchy protection cannot continue.

My view is that businesses of all sizes will be adopting ISMS platforms, and adopting some of the internationally-recognised standards available to them.

What advice would you give to someone wanting to join the technology sales industry?

I recommend that anyone interested in the tech industry identify their primary interests and look at how to acquire the basic skills needed for entry-level roles. This could be through an apprenticeship, a degree, further education, or a combination of these.

What mistakes do you often see businesses make with their information security?

Many people tend to be optimistic and overlook their information security risks, assuming that breaches will happen to others, not them.

Businesses also often believe that attaining certification against a standard like ISO 27001 or SOC 2 will be challenging, which can indeed be the case without the support of a platform like ours or using security consultants. We are seeing customers achieving successful outcomes to ISO 27001 audits in a little as three months.

Some SME businesses consider the audit and certification costs associated with ISO 27001 or SOC 2 too expensive, and opt not to implement anything, which is a grave mistake. Implementing the controls and working towards a standard can vastly improve security posture with little investment.

Even without paying additional audit and certification costs, businesses can adopt standards, build their protections over time, and be prepared for audit and certification when a customer demands it.

More News

Leading name in cyber resilience, Prescient…
Martin Crossland appointed new Head of…
Hicomply joins innovative Cyber Bridge programme