In the fourth instalment in our Expert Insights series on cyber threats and security for 2025, we are joined once again by Edward Millington, of CariSec Global, which is headquartered in Barbados. In this conversation, Edward discusses, among other things: current trends in cybersecurity; whether there are well-defined paths to pursue specific cybersecurity-related disciplines or specialities; availability of suitable talent in the security job market; and tactics Caribbean countries should be employing to be more prepared and resilient to cyber threats.
This episode is also available on SoundCloud, Apple Podcasts, Spotify and Amazon Music..
The virtual inevitability of being a victim of a cybercrime or experiencing a security breach—to the point we should no longer be operating from the perspective of ‘if’ but rather ‘when’—is facilitating a change in mindset from “cybersecurity” to “cyber resiliency”. Unlike cybersecurity, where the primary focus is on doing what is necessary to prevent and defend against a cyberattack, with cyber resilience, the objective is to know what to do when a cyberattack occurs and ensure speedy and full restoration of all affected systems.
This change in emphasis indicates how the cybersecurity industry is evolving, which would also be reflected in other areas of the discipline. To that end, the Caribbean region’s cybersecurity capacity and capabilities must also develop to better meet the needs of the industry, since we are as (or even more) vulnerable than other parts of the world to the increasingly sophisticated threat landscape.
Introducing our guest
Edward Millington (BSc, CISSP, CISO, SOC 2, ISO, FCIIS, CCCF, MIET) is a Strategic Board Advisor, Principal Security Consultant, and Senior Lead Risk Manager, serving as Founder and Managing Director of CariSec Global Inc. With nearly three decades of expertise across information systems security, ICT, and telecommunications, he has partnered with boards, chairpersons, and executives to embed resilience, digital trust, and ethical technology governance into organisational culture.
His leadership is widely regarded as a cornerstone of organisational transformation, guiding enterprises across multiple sectors to achieve strategic goals, regulatory alignment, and operational resilience. Edward’s hallmark is translating complex frameworks—such as ISO/IEC 27001, NIST CSF, SOC 2, and ISO/IEC 42001—into actionable, board-level strategies that deliver measurable impact. He is recognised for strategic foresight in AI governance, Digital Operational Resilience, and Cyber Risk Management, seamlessly bridging policy insight with technical depth.
He holds a Bachelor of Science Degree in Electronics and is a member of the Institute of Engineering and Technology (IET). He is a Certified Information Security Professional (CISSP), a PECB Certified – Chief Information Security Officer, Senior Lead SOC 2 Analyst, ISO/IEC 27005 Information Security Senior Lead Risk Manager, ISO/IEC 27035 Information Security Senior Lead Incident Manager, ISO/IEC 42001 AI Management System Senior Lead Implementer – and is a Fellow member of the Royal Chartered Institute of Information Security (CIISec) and a CIISec Assessor; a Professional Evaluation and Certification Board (PECB) Trainer; a member of the PECB Focus 15 group; a Commonwealth Caribbean Cyber Fellow (CCCF) and Co-Chair; an EU CyberNet Expert Pool Member; and a member of the International Information Systems Security Association (ISSA).
Insights into our conversation
Although the cyberthreat landscape continues to evolve, according to Edward, no radical development has occurred. He thus steered our conversation towards capacity building, specifically the need for more trained personnel, and more importantly, emphasising that developing the requisite skills and experience takes time and continual study.
Currently, there appears to be a sense that with relatively little training and basic certification, an individual can present themselves as a “cybersecurity expert”. However, Edward is of the view that the study and discipline to become a security specialist is akin to that required to become a doctor or engineer—requiring long-term commitment to excellence and to maintain the knowledge and skills to operate at the top of one’s game.
- To start, what has been going on with respect to cybersecurity and cybercrime in Barbados? What have been the most prevalent types of incidents? And perhaps what is going on in the wider Caribbean region?
- How well defined are the disciplines or specialities under cybersecurity? And how easy is it to create a direct path from novice to becoming a specialist in one or more of those disciplines?
- A well-known challenge in cybersecurity spaces is the availability of suitable talent. What have you been observing in the security job market, especially with respect to supply and demand, and the expertise employers are requesting? Does CariSec Global have difficulty securing the expertise it needs?
- What more should Caribbean countries be doing to be more prepared and resilient to cyber threats?
We would love to hear your thoughts!
Do leave us a comment either here beneath this article, or on our Facebook or LinkedIn pages, or via Twitter, @ICTPulse.
Also, if you or a member of your network is interested in joining us for an episode, do get in touch.
Let’s make it happen!
Select links
Below are links to some of the organisations and resources that were mentioned during the episode, or might otherwise be useful:
Images credit: E Millington; Darwin Laganzon (Pixabay); DC Studio (Freepik); Buffik (Pixabay)
Music credit: The Last Word (Oui Ma Chérie), by Andy Narrell
Podcast editing support: Mayra Bonilla Lopez
