top of page

Episode #


EQT's João Pedro Gonçalves on the Importance of Establishing Cybersecurity Steering Committees

Show Notes

In our recent episode of the Future of Threat Intelligence podcast, we talk with expert João Pedro Gonçalves, Global Chief Information Security Officer at EQT Group, about risk-based cybersecurity approaches, building security departments from the ground up, and the critical role of cybersecurity steering committees.

Pedro also talks about his journey in cybersecurity leadership and shares his insights on how security practitioners should aim to work with organizations that prioritize cybersecurity and align business strategies with tech architecture.

Topics discussed:

  • Risk-based cybersecurity approaches for effective protection.

  • Building security departments from scratch in organizations.

  • Significance of cybersecurity steering committees in risk management.

  • Navigating organizational hierarchies for enhanced security strategies.

  • Forming cybersecurity steering committees with executive team members for strategic decision-making.

Key Takeaways:

  • Implement risk-based cybersecurity approaches to enhance protection strategies.

  • Establish and structure security departments intentionally from the start.

  • Form cybersecurity steering committees with executive team members for strategic decision-making.

  • Navigate organizational hierarchies to streamline security strategies effectively.

  • Evaluate cybersecurity providers rigorously, focusing on certifications like SoC 2.

Quotes from Episode


“So it actually starts when you want to join that company, is to understand and get understanding how well they take security seriously. Is this something that they really want to work with or it's just a role they want to have for having it specific from a regulatory perspective, or just to say we have it and now therefore we are kind of fine.” (7:39-8:02)


“Lean architecture also brings lean security. This means that if you have a clean environment, very well defined, with very few legacy points, then it actually makes security as well more lean and more clean.” (11:51-12:05)

bottom of page