Menu
With nearly two decades at Topsec, Damien Holmes has seen the email security landscape transform. And he’s played a major role in shaping how we respond to those changes. A builder by nature (of systems, tools and even Lego models), Damien combines deep technical expertise with a zeal for problem-solving.
I joined Topsec all the way back in 2006, so I’m just about to mark my 19th year with the company. I started out as a tech support agent working 12-hour shifts, which was a bit of a jump into the world of email security. Before that, I was working in an internet café and in a company where I built and supported end-user computers, therefore I was familiar with antivirus and general security. But Topsec was a whole new landscape.
What hooked me was how dynamic and fast-changing the email security space is. Over the years, it’s evolved massively, and with every new development or threat vector. There’s always something new to learn or adapt to. It’s never dull, which suits me perfectly.
I’m a system administrator. This means I manage and build the servers and services that we use to filter and secure our customers’ emails. My role is to make sure everything is up and running and performing well.
I’ve also developed many of the internal tools we use, particularly for log analysis and monitoring. These tools help our support team respond quickly and accurately to customer queries. For example, if someone needs to know what happened with a specific email, the team can search and provide a detailed response almost instantly. I take pride in building systems that make our support as strong and responsive as possible.
Security is the number one priority at Topsec and that aligns very much with my values. It’s not just a checkbox. Instead, it’s baked into everything we do, from how we handle data to how we set up systems for our customers.
That way of thinking really clicks with me. I’ve always seen IT through a security-first lens. If you don’t build with security in mind from the start, everything else is on shaky ground.
Without security, nothing really lasts. If you’re not thinking about security from the start, your systems are vulnerable. It’s not a case of if but when they’ll get hijacked or taken down quickly. So it’s been rewarding to work in an environment where that’s the shared philosophy.
It’s changed drastically. In the early days, spammers focused on playing a volume game exclusively. Now volume is still very much a part of the strategy, but their methods are far more sophisticated. Phishing emails are carefully crafted to mimic legitimate messages from legitimate people an organisation is dealing with and nudge the recipient into taking action.
One area I’ve been particularly involved in is DMARC, which helps organisations protect their domains from being spoofed. We help companies secure their email infrastructure so that only authorised systems can send mail using their domain.
Definitely. The DMARC work we’ve done with some of our largest clients, who send hundreds of thousands, even millions of emails per month, really stands out.
In some cases, the customer already has a good handle on their email environment, so it’s about tightening up and finishing the process. In others, they’re completely unaware of how widely their domain is being used. It takes a lot of detective work on both sides, but when we get them to a point where everything is compliant and secure, it’s hugely rewarding.
At the moment, spammers and bad actors are using AI more freely. They’re using bots to generate thousands of emails, each slightly different, to try and bypass pattern-based filters.
On our side, we have to be more measured. We want to integrate AI thoughtfully and responsibly, ensuring it helps us without causing problems, such as blocking legitimate mail or letting dangerous messages through. That said, we’re seeing very promising results with AI-powered heuristic tools from some of our partners. So while the malicious use of AI is currently more prolific, the tools we’re deploying to counteract it are getting better all the time.
One word – teamwork! In the early days, I was the only system administrator. I even took support calls from a hospital bed and on my honeymoon! Now, I work alongside Daud, who shares the workload, and we’ve got a fantastic team overall.
Outside of work, I really enjoy spending time with my wife. We go for walks most evenings. I’ve also picked up some creative hobbies recently like hand-built pottery and painting classes. I enjoy a bit of gaming and have been building some interesting Lego models too. A good mix of nerdy and creative pursuits!
The continued adoption of AI and the potential it has for improved threat detection is exciting. This is especially when it’s backed by properly trained datasets. It should allow us to match patterns and flag suspicious activity even more effectively.
That said, I believe the human touch still matters. One of the things our customers appreciate is that they’re dealing with real people, not chatbots. Even as we embrace automation, we want to keep that personal connection. It’s about using AI smartly, in ways that actually benefit the customer, not just make life easier for us.
