In our latest Cyber Leaders on the Move series, I had the privilege to sit down with Georges De Moura, the Head of Industry Solutions (Center for Cybersecurity), at the World Economic Forum (WEF). One of the most decorated global CISOs who has held executive and advisory roles at major global brands like Etihad Airways, Thales, IBM, and Airbus, De Moura certainly knows a thing or two about leadership.
It was refreshing to have De Moura in our April 2021 class of the Cyber Leadership Program, where he generously shared his leadership lessons with our global community of CISOs. We had to make this interview happen, knowing his lessons from lived experiences would prove invaluable to aspiring and experienced CISOs alike.
To understand what drives De Moura, I took him back to his childhood years. His parents escaped Portuguese dictatorship at the end of the 1960s and migrated to France to secure a brighter future for their children.
"My parents raised us in a family-oriented and caring environment,” De Moura opened the conversation from Geneva, Switzerland, where he lives. De Moura describes a modest childhood with very hard-working parents striving to give their kids a better life. During those early years, his parents instilled critical lessons about empathy, hard work, and a continual quest for self-improvement. His parents’ grit, determination, and selflessness would prove invaluable lessons that would help him thrive in various global leadership roles.
“Those childhood learnings help me better empathize and connect with my team members,” De Moura explains, “To succeed in any leadership role, your team must believe that you have their best interests at heart.” The impacts are tangible, especially in a highly dynamic market like cybersecurity. “I have enjoyed strong retention in all my leadership roles. People stay, not for financial reasons, but because they feel safe, have clear visibility about career progression and where they fit in the big picture,” he explains, “what does it mean for their personal development?”
De Moura graduated with an MSc, Computer Engineering from ESME-Sudria, France, in 1999. He soon faced a conundrum: Either join the compulsory French military service or undertake a civil internship with a French company abroad. He chose the latter and flew across the Atlantic to start a new life in the USA.
The risky move paid off. The turn of the century birthed digital transformation 1.0, internet adoption was rapidly accelerating, and Y2K fears sent shivers across boardrooms.
Armed with his computer engineering degree, De Moura interned at Thales, a global company that services defence, aeronautics, space, transportation and digital identity and security markets. “It was pretty much just me in charge and figuring out how to do the job,” he recalls nostalgically. De Moura immersed himself in the intricacies of IT infrastructure, application support and service delivery, those formative years laying a strong foundation for his career.
He would stay at Thales for 15 years, rising through the ranks from an IT engineer to become the company's first-ever CISO in the USA — a dual-hat role that combined IT infrastructure and security. In his early days, De Moura describes not being particularly attracted to cybersecurity. That said, because Thales was heavily focused on the defense industry, risk management was ingrained in the DNA of the organization.
I wasn’t surprised when De Moura highlighted friction between IT and security as one of the key challenges during that time. “You want to be an enabler in IT,” he says, “IT is a service-oriented function — your main goal is to keep customers satisfied.” As De Moura recalls, striking the right balance between security and service delivery remained a significant challenge during those early years.
When I asked about his most significant career highlight at Thales, De Moura doesn’t hesitate, describing leading an ERP transformation program, replacing legacy applications with a complex SAP platform. The program carried significant strategic and financial implications. De Moura explained that cloud offerings were just starting to mature and were a clear no-go for many corporations — held back by security concerns.
The dual security and program delivery responsibilities forced De Moura to think outside the box. “The situation required a paradigm shift,” De Moura explains, “We carefully vetted suppliers, preferring strategic partners whose values aligned with ours to ensure long term success.” “This was a risky move,” De Moura says, “to host the country ERP in a private cloud.” “After careful planning, we landed on a hybrid cloud model, which was endorsed by the business,” De Moura recalls. While cloud benefits, such as increased agility and scalability, are widely understood today, De Moura took a significant risk on an emerging technology with minimal frameworks at the time.
Perhaps, the most critical lesson De Moura got from the project is that “You sometimes have to be a risk-taker,” he says, “being risk-averse can only get you so far.” A CISO must take emotion out of the equation and arm business leaders with advice to make calculated and risk-informed decisions. Businesses thrive by taking risks, not avoiding them. “I presented something [with the ERP project] that looked high risk, but when the mitigation controls were considered, the residual risk was acceptable,” De Moura says, “and I realized that the security function can actually be a business enabler.”
De Moura describes his time with Thales fondly. Yet, he knew that to remain relevant in a world of rapid digital transformation and dilapidating geographical boundaries, he had to reinvent constantly.
In 2014, he joined Golden State Foods (GSF), a multi-billion-dollar privately-owned diversified food supplier. His tenure as Director, Enterprise Technology Services and Security (CISO) only lasted one year but left an indelible mark on his professional journey. De Moura defined and executed a global cybersecurity and IT strategy covering hybrid cloud hosting, security transformation, and IT service delivery at a time when cyber threats were rising rapidly.
The secret to his success at GSF was largely because of the support from the CIO, who understood cyber risk. “It was the first time I felt fully empowered as a CISO to establish the necessary policies, measures, and capabilities to protect the digital assets,” De Moura explains.
De Moura notes that building trust with the CEO and executives in monthly meetings gave him the freedom to drive the cyber transformation program. “You have to disseminate insightful and well-curated information to help decision-makers make risk-informed decisions,” he explains.
At the beginning of Autumn 2015, De Moura’s cyber executive career took another sharp and unexpected turn. In what De Moura describes as a pivotal moment in his career, he was headhunted to become the first-ever CISO for Etihad Aviation Group, the fastest-growing global commercial airline at that time.
De Moura took a leap of faith (with his family's blessings) and flew, family in tow, to the Persian Gulf to take up the new challenge. “It was a tough decision,” he explains, “My kids were born and raised in the USA.” This marked a new challenge at a professional level, too, with Etihad comprising over 35,000 employees. “I jumped into a much bigger arena with a very diverse, complex and political environment,” De Moura says.
The environment, as De Moura explains, was highly dynamic, fast-paced, and 24/7. “Safety, availability, and customer satisfaction were the most strategic indicators of success for the airline,” De Moura tells me, “with security [later on] closely behind.” De Moura was hired as Etihad’s first CISO and was tasked with helping his boss (Group CIO and CTO) drive digital transformation securely. Etihad spun a project that replaced ageing infrastructure with several advanced technologies, including artificial intelligence, multi-cloud and omnichannel e-commerce platform, while at the same time embedding security, privacy, and resilience deep into core business lines.
“I had to run multiple sprints in parallel, one sprint to define my [cyber resilience] strategy, one sprint to get my team in place all while developing a strategic partnership with a global technology firm,” De Moura recalls, at a time when the digital and threat landscapes was fast-changing and volatile. The attackers were as varied as they come – from opportunistic lone hackers to well-resourced nation-states.
To succeed, he had to persuade a range of key stakeholders – senior executives, risk management, internal audit, technology, and suppliers to throw their total weight behind the transformation program. De Moura reiterates the necessity of viewing cybersecurity as a team sport, “It requires collective and concerted action,” he underscores.
Like any successful leader, De Moura has also suffered his share of setbacks. He recalls giving an unconvincing response when an executive caught him off guard and fired the usual question, "Are we secure?" The question was asked in his first month when he was still building situational awareness and strategies at that time, “I did not necessarily answer as I would have liked,” De Moura grins, though he made up for it in time, improving trust and communication.
After three years, De Moura and his family left the UAE for Geneva, Switzerland. There, he joined the World Economic Forum (WEF) as Head of Industry Solutions (Center for Cybersecurity). The attractions to the WEF role were twofold. First, De Moura and his wife felt it was time they returned to Europe after more than two decades abroad. Second, De Moura thought that this new role – tasked with building executive cyber resilience awareness and driving deeper collaboration between the public and private sector – would help him give back to the global community in ways impossible to achieve within an Enterprise environment.
I eagerly asked De Moura how he got his job at WEF, to which he replied, “I followed the traditional process, which rarely worked for me, by the way, sending your résumé through an Indeed or LinkedIn post, but in this case, it worked.” When describing his move to Geneva, De Moura conveys the excitement from his family, “They were dazzled by Lake Geneva, the mountains and the scenic views,” he exclaims, further cementing his decision to join WEF.
De Moura outlines his role at WEF as markedly different to his previous CISO roles. Here, soft skills are everything. “You are interacting with World Class Global CISOs, such as Darren Argyle (Chairman of Cyber Leadership Institute); you cannot fluff your way with generic arguments and appeal to them,” De Moura elucidates, “You need to bring substance, a compelling narrative, and value to the table.”
Throughout our discussion, De Moura was constantly imparting valuable lessons in leadership and life. He reinforces the skill of active listening, honing one’s soft skills, and the importance of empathy and interpersonal awareness in leadership. Perhaps, most powerful, however, were De Moura’s closing remarks. “You are constantly learning,” De Moura informs me, “don’t think that the knowledge you have today is good enough for tomorrow.” He recommends keeping abreast and astute, developing your cybersecurity knowledge, soft skills, and business acumen. Lastly, De Moura says, “Check out your ego.” “People can have very strong opinions, be very sure about their knowledge and be very stubborn,” he explains, “Ultimately, it [ego] won’t make you successful.”