Trust.ID Talk: The Digital Certificate and Identity Security Podcast
From Firefighting to Strategizing IT Security with Giles Thornton
October 9, 2025
In this episode of Trust.ID Talk: The Digital Certificate and Identity Security Podcast, host Michelle Davidson is joined by Giles Thornton, Head of Information Security at The Premier League, to explore why security teams feel like they’re constantly firefighting and how to break free. Giles shares insights into security perfectionism and compliance overload, and how security leaders can manage a lack of strategic breathing room driving burnout across the industry.
In this episode of Trust.ID Talk: The Digital Certificate and Identity Security Podcast, host Michelle Davidson is joined by Giles Thornton, Head of Information Security at The Premier League, to explore why security teams feel like they’re constantly firefighting and how to break free. Giles shares insights into security perfectionism and compliance overload, and how security leaders can manage a lack of strategic breathing room driving burnout across the industry.

What You’ll Learn:

Giles is a seasoned cybersecurity executive with vast experience in strategic security leadership and risk management. With a background in military service and enterprise security, he brings a unique perspective to addressing modern cybersecurity challenges. Currently working in a forward-leaning tech environment, Giles specializes in developing practical security strategies that balance compliance requirements with real-world security effectiveness.

If you enjoyed this episode, make sure to subscribe, rate, and review on Apple Podcasts, Spotify, and YouTube Podcasts, instructions on how to do this are here.


YouTube Chapters:


Episode Resources:


Key Takeaways:

Most breaches boil down to a lack of strategy and the unavoidable human element. While businesses often stay stuck in tactical firefighting mode just to “keep the lights on,” this short-term mindset leaves them exposed. Taking even a brief tactical pause to align security plans with business goals can prevent countless risks, but it requires courage, discipline, and leadership to prioritize long-term strategy over immediate pressures.

Moving from constant firefighting to a proactive security strategy starts with brutal prioritization and bringing your whole organization along for the ride. That means being honest about what your team can realistically handle, setting clear expectations with executives, and refusing to juggle every risk at once. Without this discipline, you’ll either burn out or kick today’s problems down the road for “future you” to deal with.

Cybersecurity awareness isn’t built on long, one-size-fits-all compliance training; it’s about short, targeted nudges that fit the person, the role, and the situation. By breaking training down into tiny, specific prompts, teams are more likely to make the right choices, avoid mistakes, and actually enjoy a smoother user experience. The lesson? Keep it brief, relevant, and proactive, because prevention beats “we told you so” every time.

Quotes: