The Shifting Role of the CISO
My year as a venture capital CISO-in-residence.
The CISO role has evolved dramatically over the past decade, maturing from security officer to impactful business leader who, increasingly, is a part of their organization's C-suite. In light of the considerable impact security risks have on business objectives, this is a welcome transformation. Encouraging employees to go beyond their day-to-day and view security as a priority, making allies of users and business managers and providing the organization with tangible value, is extremely rewarding.
However, for many chief information security officers, the operational, real-time, and often strenuous aspects of the role haven't changed, despite this evolution. Being a CISO can be a lonely job, as employees know that if you approach them, you're likely going to be adding to their workload — whether by requesting that they learn more about a specific risk or asking for their help in mitigating it. Employees may see CISOs as causing friction within the organization, while CISOs today strive to become enablers — not obstructers. CISO burnout is real; having to juggle business expectations, customer needs, shifting workflows, new vulnerabilities, and incident-response 24/7 can become grueling over time.
The shifting role of the CISO has not gone unnoticed by other players in the tech industry, including startup founders and venture capital firms that view CISOs' expertise as a leverageable commodity in the competitive startup landscape. After years of perpetual threat mitigation, CISOs may be keen to explore alternative career opportunities down the line, pivoting away from the operational aspects of the CISO role.
These factors, as well as my passion for assisting vendors with optimizing their approach to CISOs, greatly influenced my 2021 decision to join the cybersecurity-focused venture capital firm YL Ventures as their CISO-in-residence.
The CISO's Vantage Point
Being a VC CISO-in-residence provides both a strategic and a behind-the-scenes vantage point into the startup environment. Shifting from a 24/7 incident-response role to a more holistic guidance position complements a CISO's breadth of knowledge and allows them to use their insights and experience to build new security products, rather than managing or mitigating risk. At YL Ventures, which invests at the earliest stages of a cybersecurity startup, I work with founders who are in the most crucial phases of their startup journey, and this is one of the most enjoyable and challenging aspects of my position.
My responsibility centers around participating in ideation sessions with a new generation of cybersecurity founders, holding weekly sessions with them on product strategy, and sharing my expertise as part of the YL Ventures team through personal branding opportunities. My close involvement in the startup process allows me to take an active part in building my dream solutions for pain points that have plagued the industry for years — and which have affected (and frustrated) me personally, in my job as an operational CISO.
Working closely with the Israeli cybersecurity industry is an exceptional opportunity to be part of the cradle of cybersecurity innovation. Israeli entrepreneurs are the Ivy League of young cybersecurity professionals, and embedding myself in their passion and drive makes me a better CISO. Before joining YL Ventures, I was under the impression that VCs dealt primarily in ideas. Learning that the firm bets on the team, not just the idea, was surprising, but also helped define my role in the process. I take an active part in the due diligence activities that are integral to deciding which startup to fund. This poses a challenge, as an idea may be exactly what the CISO ordered — everything you've dreamed about as an operational cyber professional — but the team may not stack up to expectations. And for the company, that factor would prevail.
Such exposure to nascent technologies and investment strategies rounds out my decades of security experience in an new way and opens up possibilities for angel investing, personal branding opportunities, and exposure to a global network of security professionals that has immense professional value going forward. In my experience, many CISOs harbor ambitions of becoming entrepreneurs, and guiding startup founders as a CISO-in-residence can be a crash course in entrepreneurship and understanding what it takes to launch your own startups and become a CEO.
I've had the opportunity to learn about more than just the technical product aspects during my time as CISO-in-residence so far. My role provides me with insights on team building, funding strategies, what investors look for in founders, and why the co-founder dynamic is important. For entrepreneurs, having a seasoned CISO at their disposal to bounce ideas off of has a real impact on their product-market fit strategy, as the CISO represents the customer — and these conversations are crucial at their early stage. Saving the world one incident at a time has its glamour, but stepping behind the curtain and helping stack the building blocks of future solutions as a VC CISO-in-residence is a unique and rewarding experience.
About the Author
You May Also Like