Rob Anderson at WithSecure

On this episode of The Route to Networking podcast, our host, Lewis West, is joined by Rob Anderson, Principal Incident Response Investigator at WithSecure, Europe’s trusted cybersecurity partner. Rob is at the forefront of cybersecurity, bringing a wealth of experience in managing critical incidents. He began his career in the police force, rising through the ranks to become an Inspector. The skills he developed—particularly in coordination and crisis management—proved invaluable when transitioning into cyber incident response.

Lewis sits down with Rob to discuss his journey from policing to cybersecurity, the parallels between the two fields, and his insights on incident management and the future of cybersecurity.

Where it all began

Rob Anderson’s career began with his interest in technology, building computers and exploring the early internet before landing his first IT role. By 19, he was a Microsoft Certified Professional, working across industries—from rolling out networks at Carphone Warehouse to roles at JP Morgan and Barclays.

In 2001, Rob craved more than just technology and took on a new challenge: volunteering as a Special Constable. What started as four years of voluntary service turned into a 16-year, full-time policing career. Rising to Inspector, Rob led frontline policing, major incident management, and public order operations, including high-profile events like the London Olympics, presidential visits, and large-scale protests.

As a Tactical Firearms Commander, he authorised armed operations and managed critical incidents. He also oversaw emergency response coordination, liaising with national security teams and agencies like the Air Crash Investigation Board.

After managing over 250 firearms incidents and countless high-stakes operations, Rob faced a choice—pursue promotion and another 19 years of shift work or start a new chapter.

How transferable were Rob’s policing skills to cybersecurity incident response?

According to Rob, the transition was smoother than one might expect. While cybersecurity has its own incident response cycle, his experience in the police—particularly as a firearms commander—gave him a solid foundation in risk assessment, decision-making, and stakeholder coordination.

In both fields, incident management involves assessing the situation, prioritising risks, following protocols, and implementing a clear plan. Rob was used to managing upwards—briefing senior officers and securing approval—while also directing teams on the ground and coordinating with external stakeholders like transport and emergency services.

The biggest challenge? Ensuring everyone understands their role. In policing, rigorous training meant teams could act swiftly under pressure. In cybersecurity, the maturity of an organisation varies, and sometimes, Rob finds himself not just managing the response but also structuring the team itself.

The Evolution of Security Breaches and Challenges

Rob addresses how security breaches have evolved significantly, with attackers becoming more sophisticated and patient. In the past, breaches often began with a phishing email or a compromised internet-facing device, allowing attackers to move laterally within a network. Now, we’re seeing a shift towards credential theft via info-stealers on websites, with stolen login details being auctioned or combined with other credentials for coordinated attacks.

Attackers are also refining their playbooks, compressing attack timelines, and using advanced techniques like defence evasion—bringing in EDR or AV killers to disable security. To combat these threats, organisations are enhancing security measures, including tamper-proofing products, improving detection rules, and shifting from blacklisting threats to strict whitelisting. Additionally, real-time monitoring and proactive threat hunting are playing a crucial role in staying ahead of attackers.

Rob also discusses how emotional business owners can be and the importance of being respectful and empathetic in these high-pressure situations.

The Future of Incident Response: AI-Powered Efficiency

Looking to the future, Rob shares his thoughts that while incident management itself is unlikely to change drastically, AI is set to revolutionise digital forensics. AI-driven automation will speed up log analysis, data processing, and investigations, reducing manual effort. Tools like AI-assisted log parsing are already streamlining workflows, allowing analysts to focus on decision-making rather than technical scripting. With scalable cloud frameworks, forensic investigations will become faster and more efficient, helping teams respond to threats at greater speed and scale.

Advice for Aspiring Cybersecurity Enthusiasts and Quick-Fire Questions

Having carved his own path into cybersecurity, Rob shares his top advice for those looking to do the same—it's all about mastering the basics. He reveals what he finds most rewarding about his job, where he gets the biggest buzz, and the myths he'd love to debunk. Plus, what skill would Rob love to master? The answer might surprise you! He also delves into the habits and mindsets that drive success in the industry.

Tune in to this unmissable episode to hear the full conversation and learn about Rob’s background in high-stakes policing and how it translates to the fast-moving world of cyber incident response.

🔗Connect with Rob here: LinkedIn