A Visionary Leader with Over Three Decades of Impactful Experience!
In a time characterized by constant technological progress and shifting cybersecurity obstacles, the key drivers of advancement are often exceptional individuals. These trailblazers, with their varied experiences and unwavering commitment to innovation, act as the masterminds behind our digital destiny. Within the rapidly changing realms of technology and cybersecurity, they hold a crucial position in reshaping the overall landscape.
One such individual is Ashleigh Watson, a seasoned IT and cybersecurity professional with over 30 years of experience. His journey is marked by innovation, a commitment to superior IT operations and security, and a track record of applying strong governance controls to ensure high-quality offerings. With extensive experience in C-level positions such as CTO, CISO, and CIO, his expertise in IT and Cyber Security has made him a sought-after authority in the field.
Ashleigh’s career in IT and Cyber Security began more than three decades ago, and his passion for the field continues to burn brightly. Over the years, he has held various positions, including serving at the highest executive levels. His journey has been characterized by a hands-on approach, allowing him to maintain a deep connection with his subject matter.
His reputation in the industry led to a pivotal opportunity when he was approached by Lugmety. Recognizing the need for an experienced CTO, Ashleigh accepted the position without hesitation.
For him, the role of a CTO is what you make it—a relentless pursuit of alignment with strategic goals and an unwavering commitment to ensuring maximum efficiency through technology.
The Food and Beverage (F & B) sector is vast and rapidly evolving, particularly in a market like Saudi Arabia, where growth has been nothing short of astronomical. Ashleigh recognizes the immense potential within this sector and is poised to make a significant impact. What makes this journey even more exciting is the integration of Artificial Intelligence (AI), a cutting-edge technology that has the potential to revolutionize and optimize the F&B industry.
As a guest speaker at numerous cybersecurity and IT events, he continues to inspire and educate the next generation of professionals, ensuring that his impact will endure long into the future.
Below are the highlights of the interview:
Revolutionizing Food Delivery
Since its launch in Jeddah in 2016, Lugmety has revolutionized the food delivery industry by offering a high-end service that brings restaurant-quality meals directly to customers’ doors. While traditional delivery services were limited to standard restaurants and house drivers, Lugmety broke the mold by partnering with high-end establishments and ensuring that the food arrived in the same pristine condition as if it were enjoyed in the restaurant itself.
By expanding its services to Riyadh and Makkah in 2018, Lugmety quickly established itself as a leader in the market. In addition to delivery, the company introduced pickup and reservation options for both individual customers and corporate clients, becoming a comprehensive food and beverage solution provider.
The outbreak of COVID-19 led to a surge in the food delivery market, and Lugmety was well-prepared to meet the increased demand. As the first delivery app to obtain permits allowing its drivers to freely navigate the streets, Lugmety experienced a significant boost in all aspects of its operations. The trust it earned from clients and restaurants alike even attracted the attention of event management.
In 2020, Lugmety made its mark on the event industry by managing the prestigious Saudi Cup in Riyadh. This was followed by successful collaborations with major events such as the annual Red Sea International Film Festival and Islamic Arts Biennale in Jeddah, where Lugmety introduced its innovative Lugmety Ordering Devices, providing a seamless cashless purchasing experience.
Furthermore, it has set its sights on ambitious goals for 2024. The company plans to focus on technological upgrades and service enhancements to reach an even wider audience, expanding its reach across the Kingdom and solidifying its position as a leader in the food delivery industry.
Triumphs in the World of Cybersecurity Compliance
Ashleigh’s journey included working on the largest Active Directory structure globally and ensuring full compliance with the SAMA CyberSecurity Framework. These tasks presented significant challenges, but he approached them with resolute determination and drew upon his extensive experience to overcome each obstacle. For him, it was more than just a series of challenges; it was a personal crusade that they were able to conquer successfully. He says, “For me, the biggest challenge was people who had no idea what they were doing but thought they knew what they were doing! Technology is never a challenge. It’s the people!”
Leveraging Experience and Technology
When asked about their approach to innovation and the incorporation of new technologies to enhance IT operations and security, Ashleigh emphasizes the importance of experience and leveraging technology for the benefit of the business.
He believes that technology should serve as a tool rather than dictate operations. By actively engaging with technology and security measures, Ashleigh gains a comprehensive understanding of these areas and is able to enhance services through configuration improvements.
He recognizes that embracing unfamiliar technology can be overwhelming. However, they have discovered that by effectively communicating the advantages in simple terms to senior management, they can obtain their support.
Innovative Governance Measures
In the discussion about the strategies and measures implemented to enforce strong governance controls and achieve a high-quality offering, it was mentioned that the utilization of ISO frameworks, CIS, COBIT, and FinTech frameworks has been instrumental in ensuring the optimal standard of the offering and maintaining a firm grip. The implementation of SDLC is also enforced when adopting DevOps and DevSecOps strategies.
Strengthening Security Standards
The commitment to bolstering security standards was underscored through a strategic approach that involved the implementation of configuration changes and harnessing the power of CIS frameworks. These measures were applied comprehensively across various systems, encompassing Windows, Linux, Unix, and the dynamic realms of DevOps and DevSecOps.
To ensure ongoing compliance and the integration of the latest security updates, templates for operating system builds were introduced, effectively fortifying the security posture of each build throughout the enterprise.
Several key initiatives were undertaken in pursuit of this goal:
- Enhanced Services Security: Services including Email, Databases, Sharepoint, and Developer Operations benefited from automated configuration enhancements, contributing to a heightened level of security.
- Code Security Assurance: The DevOps Team adopted SonarQube to provide an additional layer of security assurance for the code they develop, reinforcing the commitment to secure software practices.
- Standardized Technology Stack: The establishment of a standardized technology stack for deployment and system management streamlines the process of security updates. This approach, based on predefined standards, simplifies the task of maintaining a secure and resilient IT environment.
Perspective on Process and Controls
Throughout Ashleigh’s professional journey, the importance of well-defined processes and robust controls has become increasingly evident. In earlier years, these aspects may have seemed cumbersome or secondary, but as his experience grew, so did his appreciation for their significance.
In the dynamic landscape of larger enterprises and complex solutions, Ashleigh came to understand that effective processes and sound management are not mere formalities; they are indispensable pillars of success. This realization has consistently yielded positive results, underscoring the pivotal role that processes and controls play in achieving organizational objectives and maintaining operational excellence.
Prominent Role as a Speaker and Panelist
Ashleigh’s reputation as a known figure in his field has led to numerous invitations to speak at various events. In 2022, he served as the chair of the panel for two sessions at InterSec.
Impressed by his expertise, Ashleigh was later asked to be a guest speaker at another event later in the year. His extensive experience has also garnered requests for his participation in roundtable discussions, both in person and online.
He said, “The events give me even more exposure, and I have found numerous individuals from around the world contact me through LinkedIn, asking for consulting and other services within the IT and cyber security industries.”
Passion for Continuous Learning
Ashleigh is an avid reader who subscribes to every publication and online resource. Staying current and constantly learning is essential to him. He is hands-on and values the skill of learning on a daily basis. In addition, he maintains numerous virtual networks and systems to keep his skills up to date in all areas, from Active Directory to Zeek. This commitment is not limited to his work life; it extends to his spare time at home as well.
Key Achievements
- Active Directory implementation at BAE Systems in 2004/2005 with solid design and efficient functionality
- Successful achievement of SAMA Level 3 cyber security maturity at Al Yusr during his tenure as CISO.
- Successful implementation for Aramco SACS002 Compliance for BinZomah and a sister company
- Seamless migration from of Exchange versions with over 3000 mailboxes; resulting in zero mailbox failures and error counts, thanks to significant planning efforts.
- The remarkable transformation of IT services in Lugmety within 11 weeks resulted in a self-sufficient department.
- Complete realignment of KACare’s chaotic Windows Server 2012 R2 infrastructure, leaving behind a solid, well-documented system.
- Mentoring numerous Saudi Nationals in IT and cyber security and witnessing their career development.
- Implementation of ISO 27001:2013 for a UK company as a virtual CISO, successfully passing a 4-day audit with no major non-conformance issues raised and achieving 100% compliance
A Seamless Crusade
Ashleigh’s passion for IT and cybersecurity is akin to a crusade, as his vast experiences allow him to generate ideas effortlessly. With a long-standing background in IT, assuming the role of CISO became a seamless task. Additionally, his proficiency as a developer facilitated the implementation of DevSecOps solutions, while his expertise in IT engineering made it effortless to enhance security across various platforms, such as Windows.
Celebrating Outstanding Achievements
- CISO of the Year 2023
- Given an exception by SAMA to be CISO in the Financial Sector in Saudi Arabia (The only non-Saudi ever to hold this role)
- Gold Chartered Status: Microsoft Windows Server: Only one of 50 in the world
- Chairman’s Award for Active Directory implementation for the entire Kingdom of Saudi Arabia: BAE Systems