Andrew Smeaton – DataRobot

Each day she walks through the searing sun and dusty brush on a dirt track, then waits in line for tap water to carry back home to her family. Then one day, the spigot goes dry and it’s not just a wasted walk, it’s her family’s water supply in jeopardy.

Andrew Smeaton | CISO | DataRobot

Communal water points serve about 1 billion people globally and an estimated 25 percent of them are not functioning. The scenario is all too familiar to the team at Global Water Challenge.

GWC’s goal was to know which water points were not working and which ones needed preventive maintenance to keep the water flowing.

The team from the nonprofit assembled that data—and then turned to DataRobot for its machine-learning platform. In 2019, the Water Point Data Exchange was able to build models in 13 countries showing working and nonworking water points, while prioritizing repairs and predicting future malfunctions.

GWC is just one of several companies that are part of DataRobot’s AI for Good program, notes CISO Andrew Smeaton.

“DataRobot is the most amazing company I’ve been able to work for,” he adds. “You’re standing on the shoulders of giants. There are so many super-smart people and we’re changing the future for the good.”

Water points are not DataRobot’s sole focus. Founded in 2012, the company serves industries including banking, insurance, retail, health care, manufacturing, and oil and gas from its headquarters in Boston and offices in Columbus, Ohio; San Francisco; Copenhagen; Kyiv and Singapore.

Smeaton’s not in charge of making the machine learning work—he protects what DataRobot offers, which also thrills him.

“I compare the battle with bad actors to a massive game of chess on many different levels, trying to stay a step ahead,” he says. “I love it. It’s the first thing I think about when I wake up.”

Securing the innovations

In April, DataRobot launched its new Visual AI, which allows users to easily incorporate image data to its machine-learning models alongside tabular and text-based data types. Visual AI unlocks new use cases for customers and can be used in retail for things like detecting when an item is out of stock.

In June, the company added Humble AI to its lineup, designed to better define rules for modeling to add detail and clarity to predictions.

Smeaton joined the company in 2019, bringing more than 20 years of experience in IT and cybersecurity in government, health care and banking.

His latest accomplishment is achieving DataRobot’s first ISO 27001 certification. Developed by the International Organization for Standardization and the International Electrotechnical Commission, the certification standard shows the company has secured its assets, such as intellectual property, financial data and employee information, as well as information entrusted by third parties.

DataRobot has collaborated on its privacy program with international law firm Bird & Bird to comply with the European Union’s General Data Protection Regulation requirements. Smeaton is also working to gain certifications from the Payment Card Industry Security Standards Council and Federal Risk and Authorization Management Program.

Cohesion counts

Smeaton arrived at DataRobot with a long resume—and a strong list of partners he uses to protect networks.

Those partners help counter an occupational hazard he’s seen throughout his career—a company has an array of security products and infrastructure, but those products do not work cohesively. That’s almost as bad as no security infrastructure, and a reminder of the need to strategize before implementing protective software and platforms.

It’s been almost 15 years since Smeaton first discovered Palo Alto Networks. Invited in 2006 to a sales demo, he recalls arriving with skepticism and leaving a believer in the firewall technology offered by the company based in Santa Clara, California.

Since then, Smeaton’s worked with the company at least four times to build the cybersecurity networks that are invaluable to success, he says.

“They have given me the ability to consolidate my security vendors and provide a portfolio that secures all users, applications, data, networks and devices with comprehensive context at all times, across all locations,” Smeaton explains.

Although adding product coordination is crucial, Smeaton’s also excited by Cymulate’s breach and attack simulation tools that infiltrate an entire infrastructure. While BAS tools have shown vulnerabilities that sometimes shocked him, he’s also realized how essential they are to his efforts to secure a company’s operations.

From kill chain defenses against advanced persistent threats to blocking phishing attempts, Cymulate now offers protection services Smeaton says will soon be “the bread and butter” for security teams in the future.

He credits Cursive Security for changing his outlook on penetration testing because its testing “literally swoops in and finds hole after hole,” while its reporting makes it easy to understand the vulnerabilities discovered. And as DataRobot moves forward, Smeaton’s also working with Vulcan on a proof of concept because the company prioritizes, remediates and automates vulnerabilities.

“The biggest evolution I’ve seen is on a board level,” he adds. “Fifteen years ago, when you spoke on the senior management level no one got it. Now it’s a part of the DNA, which has made my job easier over the years. I don’t have to convince the COO Dan Wright or our CEO Jeremy Achin; they realize it’s crucial.”

Stay nimble

Experience counts, but so does an open mind.

“There’s all different types of CISOs,” Smeaton says. “It’s generational—the modern-day ones have to be super-aligned to business. It’s never a question of ‘no,’ it’s about how can we do this securely.”

A native of Liverpool, England, Smeaton has crossed its Mersey River more than once to enjoy an IT career that’s taken him from the British Home Office—which is responsible for immigration, security, and law and order—to Saudi Arabia and New England. Even in a pandemic world, his travels have not halted completely—Smeaton traveled to Ukraine to complete DataRobot’s ISO 27001 certification.

He earned a higher national diploma in computer science from Edinburgh Napier University in 2001 as well as a cybersecurity certification from Harvard University for managing risk in the information age. Smeaton is also studying for a Master of Science in Information Security from Liverpool John Moores University.

Yet, so much of what Smeaton has learned and imparts comes from his own practical experience and innate ability to assemble teams, he says.

For him, it’s about finding talent that’s unafraid to be bold in thought and actions, even if it means tearing down an existing structure and starting over.

“After you’ve done all the hard work in hiring and creating the right environment, the next step is exhilarating; it’s letting the horses run,” Smeaton says. “Every year I say to my team: it’s a blank piece of paper—think differently.”