Pure Storage’s Andrew Gontarczyk on Avoiding Common Pitfalls in Cybersecurity Leadership
Welcome to Team Cymru 's newsletter, The Future of Threat Intelligence.
Twice a month, we take deep dives from our podcast interviews with leading cybersecurity professionals and distill their insights right here for you.?
In our latest edition, we speak with Andrew Gontarczyk, CISO at Pure Storage, who shares his invaluable insights on the importance of blending technical expertise with a strong understanding of business priorities. Andrew offers unique value by addressing common industry pitfalls, the significance of effective communication, and strategies for building and leading successful cybersecurity teams.?
Here are the top takeaways from the interview.?
#1: Take Architectural Approach to Problem-Solving?
“I approach every problem as an architectural problem, and I like building a program and structures that kind of work from the perspective of there's a finding or an issue that we have, it's managed, the business or whoever the stakeholders are, understand that they can take action and digest it and understand and sort of closed-loop systems and getting the people side of it I find challenging, but also kind of exciting if and when you get that to work.”??
Actionable Takeaway: Approach problems as architectural challenges by building structured programs that manage issues effectively. Ensure stakeholders understand, take action, and digest information in a closed-loop system. Focus on both technical and human aspects to achieve a comprehensive solution.?
#2: Measure Success Through Stakeholder Engagement?
“So to me, one of the ways I guess I measure my success is my stakeholders coming to me with security ideas, with security strategies and what they're going to do about security. Rather than just sitting there waiting for me to tell them what to do next. That's obviously fine. But when they are doing it and when they're thinking it, to me that means that they're internalizing the objectives and the priorities from a security standpoint.”?
Actionable Takeaway: Measure success by how proactively stakeholders engage with security ideas and strategies. Encourage them to internalize security objectives and priorities, leading them to independently think and act on security matters rather than simply waiting for directives.?
领英推荐
#3: Practice Effective Executive Reporting
“I, and most of my peers, you get, typically the reporting is done at the audit committee, and if you get 15 minutes in that every quarter, that's a really good window to present in.?
“So again, I think if you put that lens on, three months worth of activity in an organization distilled down to 15 minutes or so for executive reporting, that in and of itself, should be a great filter for you to think about what's important and not talk about bits and bytes and technical stuff, but really the broader business context of ‘are we under control or are we not under control? Do we have things that we need to worry about,’ etc.? So, yeah, that's, I think, the biggest challenge.”?
Actionable Takeaway: Use your limited executive reporting time to focus on the broader business context rather than technical details. Distill three months of activity into key points that address control, priorities, and potential concerns. This ensures clarity and relevance for executive decision-making.?
Listen to our latest episodes:
Channel Account Manager Gov/Civ. Our cyber threat intelligence is incomparable — Pure Signal? — and our clients use it to make the world a safer place.
1 个月Thanks for sharing