Rik Ferguson, vice president of security intelligence, Forescout

Rik Ferguson didn’t plan on a life in cybersecurity. As a teenager, he wanted to be an astronaut, then an actor, before landing a tech support job in the 1990s.

Three decades later, as vice president of security intelligence at Forescout, he’s seen the threat landscape transform from clumsy phishing emails to state-backed groups posing as hacktivists and AI tools lowering the bar for would-be attackers.

Over a strong builder’s tea, and calling in from his base in Poland, Ferguson reflects on what’s changed, what hasn’t, and why a moment’s lapse can still catch out even the experts.

You’ve spent three decades decoding cybercrime. What first drew you to this world?

This is my 31st year in tech. My career began in 1994, but not in cybersecurity. I was one of those kids who didn’t know what they wanted to do. First, I dreamed of being an astronaut. Then I wanted to be an actor and applied to polytechnics for drama and to universities for American Studies, because it included a year in the US.

I messed up my A-levels, so university didn’t seem likely. No one in my family had ever gone to university, so I wasn’t too upset. While on a lads’ holiday, my mum phoned the hotel to say I’d been offered a place to study French at the University of Wales, Lampeter… After graduating, there was a recession and I couldn’t find work. I spent a year in a bookshop in Paris, then came back to the UK and landed a job in frontline tech support on a European help desk because I spoke two languages and “knew a bit about computers.”

Cybersecurity wasn’t really a discipline then, we called it information security, but when I changed jobs in 2000 to join Network Associates (later McAfee), I moved into the field. I did years of help-desk work, which was high-pressure and hard to progress from, so I moved to a systems integrator as a security and privacy architect. That shifted my focus from fixing broken things to designing systems that wouldn’t break.

After a couple of years there, I joined Trend Micro, spent 15 years deep in research, and then moved to Forescout three years ago, still on the research side.

You study real-world attacks. What’s one surprising trend you’ve seen recently?

There’s very little anymore that’s surprising in the world of cyber crime. Any new technology will be used for both good and bad, so you kind of expect that.

I’ve been talking about AI-powered cyberweapons since 2017, well before the ChatGPT boom. Back then, I warned we’d see autonomous cyberweapons. I reiterated it in 2019, and now in 2025 it’s finally taking off. I think for a lot of people who are on the practitioner side, rather than in research, don’t get the luxury of time to set their horizons that far ahead, you’re too busy fighting the fires of today. So I guess my perspective is very different because I do get the luxury of time.

One development that is somewhat surprising is how state-aligned threat actors, from countries such as Russia, China, Iran and Israel, have started using hacktivist personas to carry out cyber-operations. Traditionally, hacktivists were cause-driven volunteers, like those who targeted Visa for blocking payments to WikiLeaks. Now, well-funded, state-driven groups pose as hacktivists to gain plausible deniability and even public sympathy. That shift was unexpected.

And AI’s role in all this?

AI is still more of a co-pilot than an autopilot for cyber-attacks, but it’s removing old barriers. For example, poor grammar and spelling once gave phishing scams away. Now, with AI, even a message in Polish, my adopted country’s language, can look convincing.

You’ve advised governments and law enforcement. What lessons have stuck with you?

The importance of repetition.

Over the years, I’ve briefed UK MPs and peers, spoken to EU policymakers about unintended consequences of proposed regulations, and served as a special adviser to Europol’s European Cybercrime Centre. The professionals there know their stuff; they rely on us for intelligence and context to set priorities.

You quickly learn you have to repeat yourself, for years sometimes, until the message sticks. But when it does, it forms the foundation for better policy and enforcement.

The same applies to the public. People still fall for phishing scams or gift-card fraud. I did myself, not long ago. My wife and I had disputed a strange bank payment, then I got a text in Polish saying my Netflix payment had failed. I assumed it was linked, clicked the link, entered my credentials, and immediately realised my mistake. Luckily, I use a password manager, so I just changed that one password.

It just goes to show that anyone is a potential victim.

Can you tell us about the Respect in Security initiative?

It started during COVID after I joined a webinar about online harassment and was shocked to learn how widespread it was, even on LinkedIn. As a guy, you just never see that side of the internet.

A few of us launched Respect in Security to encourage companies to pledge zero tolerance for abuse. A key pledge point was having a publicly available grievance procedure – so if you’re harassed by someone at a conference, you know how to report it to their employer.

The initiative succeeded in raising awareness and getting major companies to sign up. 

How do you unwind in your free time?

I love two things: walking my dog and music.

We live near a forest in Warsaw, so taking the dog out there – no phone signal, no screens – gives me headspace to think and sometimes dictate research ideas into my phone.

And, music has been part of my life for as long as I can remember: collecting vinyl and CDs, listening, writing, recording and producing.

How do you take your coffee?

I take my coffee to my wife’s office and give it to her.

I rarely drink coffee. If I do, it’s a double espresso with sugar. But my real preference is tea: builder’s strength, with milk and sugar.