Aris Matthidis
Group CISO
Tokio Marine Kiln
Aris Matthidis currently serves as Group CISO at Tokio Marine Kiln, a leading international insurer operating predominantly through the Lloyd's insurance market. Aris has over a decade of experience within the banking and insurance sectors, with a background in software engineering and a passion for automation. A fun fact about Aris, he is a native speaker of three languages: Greek, Spanish and English, and he is also fairly proficient in Catalan.
Learn more about the UK & Ireland CISO community here.
Give us a brief overview of the path that led to your current role.
It all started from a love of algebra at a young age and discovering programming to be a very similar problem with real world applications. After obtaining a degree in software engineering, I decided to get my Master's in Information Security at Royal Holloway. I got my first job in computer forensics for a startup, and worked in security ever since.
After some of the most formative years of my career, in many respects, at Ernst & Young, I joined Tokio Marine Kiln as its first full-time information security employee about a decade ago. From there, I moved into various security roles as the team grew, before taking over the running of the team in 2018.
What is one of your guiding leadership principles?
Always keep an engineering mindset – challenge every idea, especially my own, and always be prepared to do things radically different for the right outcome.
What is the greatest challenge security leaders face today, and how are you addressing it?
Communication of cyber security risk based on frequently measured facts. This is an area where it's evident our profession is still in its infancy, but there are some very good frameworks out there, like FAIR – we're training our GRC team on it and have started our journey to adopt it. Most modern security solutions are built using an API first approach, which allows us to interrogate and correlate information from all our tools more flexibly than ever before.
What is the key to success for someone just starting out as a CISO?
Take time to identify and understand your stakeholders. Security is not a business goal, it's revenue protection – articulate risk in business terms and allow the executive team to make informed decisions.
How do you measure success as a leader?
Other than seeing objective improvements in quantitative risk measurements and absence of significant breaches, I look at my team and feel successful as a leader when I see them grow, achieve their objectives and be recognised for them within a great team atmosphere where people choose to stay long term.
What is the value of being a member of the Evanta community?
I find a lot of value in talking to my peers across different industries to break confirmation bias. I've been a member of the network for many years now, and it's great to see the consistency of attendees – which is testament to how well run these events are by Luis and the Evanta team.
Evanta Governing Body members share their insights and leadership perspectives to shape the agendas and topics that address the top priorities impacting business leaders today.
by CISOs, for CISOs
Join the conversation with peers in your local CISO community.