Spreminjajoča se vloga CISO

The CISO role has evolved dramatically over the past decade, maturing from security officer to impactful business leader who, increasingly, is a part of their organization’s C-suite. In light of the considerable impact security risks have on business objectives, this is a welcome transformation. Encouraging employees to go beyond their day-to-day and view security as a priority, making allies of users and business managers and providing the organization with tangible value, is extremely rewarding.

Vendar pa za mnoge glavni uradniki za informacijsko varnost, the operational, real-time, and often strenuous aspects of the role haven’t changed, despite this evolution. Being a CISO can be a lonely job, as employees know that if you approach them, you’re likely going to be adding to their workload — whether by requesting that they learn more about a specific risk or asking for their help in mitigating it. Employees may see CISOs as causing friction within the organization, while CISOs today strive to become enablers — not obstructers. CISO burnout is real; having to juggle business expectations, customer needs, shifting workflows, new vulnerabilities, and incident-response 24/7 can become grueling over time.

O sprememba vloge CISO has not gone unnoticed by other players in the tech industry, including startup founders and venture capital firms that view CISOs’ expertise as a leverageable commodity in the competitive startup landscape. After years of perpetual threat mitigation, CISOs may be keen to explore alternative career opportunities down the line, pivoting away from the operational aspects of the CISO role.

Ti dejavniki, kot tudi moja strast do pomoči prodajalcem pri optimizaciji njihovega pristopa do CISO, so močno vplivali na mojo odločitev leta 2021, da se pridružim podjetju tveganega kapitala YL Ventures, osredotočenemu na kibernetsko varnost, kot njihov rezidenčni CISO.

The CISO’s Vantage Point

Being a VC CISO-in-residence provides both a strategic and a behind-the-scenes vantage point into the startup environment. Shifting from a 24/7 incident-response role to a more holistic guidance position complements a CISO’s breadth of knowledge and allows them to use their insights and experience to build new security products, rather than managing or mitigating risk. At YL Ventures, which invests at the earliest stages of a cybersecurity startup, I work with founders who are in the most crucial phases of their startup journey, and this is one of the most enjoyable and challenging aspects of my position.

Moja odgovornost se osredotoča na sodelovanje na idejnih sejah z novo generacijo ustanoviteljev kibernetske varnosti, organiziranje tedenskih sestankov z njimi o strategiji izdelkov in deljenje svojega strokovnega znanja kot del ekipe YL Ventures prek priložnosti za osebno blagovno znamko. Moja tesna vpletenost v proces zagona mi omogoča, da aktivno sodelujem pri izgradnji svojih sanjskih rešitev za boleče točke, ki že leta pestijo industrijo – in ki so prizadele (in frustrirale) mene osebno, pri mojem delu operativnega CISO.

Working closely with the Israeli cybersecurity industry is an exceptional opportunity to be part of the cradle of cybersecurity innovation. Israeli entrepreneurs are the Ivy League of young cybersecurity professionals, and embedding myself in their passion and drive makes me a better CISO. Before joining YL Ventures, I was under the impression that VCs dealt primarily in ideas. Learning that the firm bets on the team, not just the idea, was surprising, but also helped define my role in the process. I take an active part in the due diligence activities that are integral to deciding which startup to fund. This poses a challenge, as an idea may be exactly what the CISO ordered — everything you’ve dreamed about as an operational cyber professional — but the team may not stack up to expectations. And for the company, that factor would prevail.

Takšna izpostavljenost nastajajočim tehnologijam in naložbenim strategijam zaokrožuje moje desetletja varnostnih izkušenj na nov način in odpira možnosti za vlaganje angelov, priložnosti za osebno blagovno znamko in izpostavljenost globalni mreži varnostnih strokovnjakov, ki ima v prihodnosti neizmerno strokovno vrednost. Po mojih izkušnjah ima veliko CISO ambicije, da bi postali podjetniki, in vodenje ustanoviteljev startupov kot rezidenčnih CISO je lahko pospešen tečaj podjetništva in razumevanja, kaj je potrebno, da ustanovite lastna startupa in postanete izvršni direktor.

I’ve had the opportunity to learn about more than just the technical product aspects during my time as CISO-in-residence so far. My role provides me with insights on team building, funding strategies, what investors look for in founders, and why the co-founder dynamic is important. For entrepreneurs, having a seasoned CISO at their disposal to bounce ideas off of has a real impact on their product-market fit strategy, as the CISO represents the customer — and these conversations are crucial at their early stage. Saving the world one incident at a time has its glamour, but stepping behind the curtain and helping stack the building blocks of future solutions as a VC CISO-in-residence is a unique and rewarding experience.