Security's Most Influential People in Security 2020 - Paul Lanois | 2020-09-03

Director of Technology, Outsourcing and Privacy Fieldfisher

SEC0920-cover-feat10-slide-Lanois-900x550

Paul Lanois is Director of Technology, Outsourcing and Privacy at Fieldfisher, a European law firm with practices in many of the world’s dynamic sectors. Lanois provides guidance on information governance, data protection, privacy, cybersecurity and digitalization. In particular, he advises businesses on a wide range of domestic and international privacy compliance matters. He is a subject matter expert on cybersecurity matters, including data breaches and incident response, risk assessments, policy development and compliance with industry standards, such as the Payment Card Industry Data Security Standard (PCI DSS).

Before joining Fieldfisher, Lanois was vice president and senior legal counsel at a leading international bank, Credit Suisse, at its headquarters in Switzerland and later at its Hong Kong office. As in-house senior legal counsel, he advised the bank on various matters and spearheaded several initiatives, to include a global compliance program, cross-border matters, the bank's digital transformation initiatives and the launch of new online services and products.

In addition to being a cybersecurity professional, he is also an attorney, qualified in California, New York and D.C., meaning he can advise both on cybersecurity requirements and on legal requirements such as the European General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

“I have had the privilege to work on a wide range of different projects and initiatives, including privacy and cybersecurity issues related to autonomous vehicles, new AI-enabled devices and applications, virtual reality (VR) and augmented reality (AR) projects, blockchain initiatives, digital banking solutions and contact tracing apps,” he says.

Throughout his career, one of the projects Lanois is most proud of was in an area he did not expect: videogames. “I advised a game developer from a privacy and cybersecurity law perspective in relation to the implementation of an anti-tamper and anti-cheat solution for an online multiplayer game,” he says. “I enjoy playing games and know how cheating can be an issue in today’s games, so it was interesting to help a game developer in their fight against tools designed by hackers to inject a game with specialized code that changes how the game works and gives the user an unfair advantage over other players.”

Lanois is a member of the International Association of Privacy Professionals' Education Advisory Board and CIPT Exam Development Board. In addition to holding several certifications, Lanois has received a number of awards, including the Association of Corporate Counsel’s Top 10 30-Somethings award and the ACC Advocacy Award.

“My advice for future security professionals is to always read and keep learning. There are many resources readily accessible online to help new security professionals get started on their journey. Never stop the learning process: getting a cybersecurity job is not the end, but only the beginning of the journey. Cybersecurity is an area which is ever-changing, with the emergence of new technologies and new threats constantly arising or evolving, so it is important to always keep abreast of such new developments. Also, never assume that a shiny new tool acquired by your company can or will do your job for you and that you can just sit back and relax. A determined attacker will just find another way to get through,” Lanois says.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.