Google Cloud’s first Chief Information Security Officer Phil Venables, is leaving the role after four years – and hanging up his CISO spurs.
Venables, who has spent over three decades working as a CISO, joined Google Cloud in December 2020 after more than twenty years in the banking sector – and created a “unified security, compliance, privacy and risk team” as the cloud business became one of Google’s largest.
He announced his departure on LinkedIn this Saturday, saying: “It’s now time for me to transition to something new (more news on that soon).”
Venables suggested that he was hanging up his CISO spurs, posting that “after being a CISO for 30 years spanning 4 CISO roles at some of the world’s largest organizations it’s time to do something a bit different…”
Venables’ departure is a significant loss for Google – his role was extensive. He sketched it out to The Stack last year at a GCP event,
“I have a few roles here at Google, so I'm CISO for Cloud and Workspace and our AI businesses. And in that I cover compliance, security, privacy, risk, all that kind of stuff; then I also run our field CISO team... which does a lot of customer-facing strategic work, in terms of engaging with customer CISOs. And then my third role is kind of across Google. So I run security engineering for our technical infrastructure that underpins Cloud and all the other Google services" – Phil Venables to The Stack at Google Cloud NEXT '24.
His career has spanned CISO roles at Deutsche Bank, Standard Chartered, and Goldman Sachs and as co-founder of the Centre for Internet Security, Venables rose his profile in the cybersecurity world partly through his regular blog posts on cyber risks, security leadership, and regulation.
A post on "regulatory harmonisation" from November saw Venables call for the industry to work on being "more efficiently compliant" with regulations both directly on and adjacent to cybersecurity, and go beyond compliance to properly mitigate risks. His regulatory work also extended to government advisory, with Venables sitting on President Biden’s “Council of Advisors on Science and Technology” (PCAST) and the NIST’s “Information Security and Privacy Advisory Board” among other roles.
See also: Less talk, more action on CNI cyber resilience, say White House advisors
In a report he led at PCAST, the council warned that more pressure was needed to improve the security of critical national infrastructure, and called for a “National Critical Infrastructure Observatory”.
Since joining Google, Venables has also taken a number of board roles including for security providers HackerOne and Veza, and fintech data transfer network company Plaid. Venables added in his post that he will continue his relationship with Google as a Strategic Security Advisor.
Praise for Venables' work at Google came from CISOs at organisations including the NFL, TSB Bank and JPMorgan, and Google colleagues.
Pat Opet, Global CISO at JPMorgan, for example, commented: “Thank you for being a champion, thought leader, mentor, innovator, and advocate for the security community for so many years – your massive contributions and impact will be carried forward by all of us.”
Venables is yet to reveal his next move but said he would be sticking with Google Cloud through the "transition to a new CISO."
