Straight From the CISO: Top Tips for Today's Cybersecurity Leaders

We’ve gained massive insight from our conversations with CISOs and other cybersecurity leaders. Now, we're passing along their wisdom to you.
Megan Garza
4 min read
Last updated March 25, 2024
shield of cybersecurity leaders

Speed Data: Quick Conversations With Cybersecurity Leaders has hosted everyone, from skydiving CISOs to video-game-loving Chief Technologists.

We’ve gained massive insight from our conversations with these industry titans and are passing along their wisdom to you. Enjoy this round-up of their take on AI, teamwork, and more, and get a sneak peek at what some of our 2024 guests have to say.

The impact of AI

If Spotify Wrapped could list the top cybersecurity buzzwords of 2023, "artificial intelligence" would surely take home the gold.

“Everyone is worried about what AI is able to do and how attack vectors might change as malicious actors take advantage of the resources available through AI tools,” said Justin Michael, Corbin Capital Partners CTO. “They’re quite powerful, and I’m impressed with what they can do, but that means that we have to be even more on our guard about what might be available in our environment and what we can do to close those issues down.”

Dr. Dalal Alharthi agrees:

AI has a significant impact on the field of cybersecurity, both positively and negatively; AI-powered cyberattacks can pose the biggest cyber threats in the near future.
Dr. Dalal Alharthi, Assistant Professor in the Cyber, Intelligence, and Information Operations Department at the University of Arizona.

"They are very sophisticated and very hard to detect or defend against," she said.

As AI tools like ChatGPT and generative AI tools like Microsoft Copilot continue to dominate the conversation, cybersecurity leaders warn against relying too heavily on such new technology.

“It’s going to be interesting to see where AI takes us,” said Chief Risk Officer for Communisis Michelle Griffey. “As consumers, we hook onto things — ‘Oh, this is great! Look what it can do for us!’ — and AI has come upon us so quickly with very little regulation, but the bad actors can use it just as easily as the good people.”

Tenacity over technical skills

When it comes to addressing a vulnerability or threat, Michelle’s best advice is to lean on a team of tenacious colleagues and never be afraid to ask for additional help.

“It’s hard,” Michelle said. “You’ve got to keep going, and having insatiable curiosity is helpful because you’ll keep thinking about, ‘What could that be?’ and ‘What am I seeing there?’”

Kieron Newsham, Chief Technologist of Cybersecurity for Softcat, said, “Tenacity and resilience set you up really well for what is a fast-paced vocation in cybersecurity.”

And speaking of vocation, Leah McLean, Vice President and Cybersecurity Specialist for Mastercard Data and Services, shared the importance of an individual’s ambition over acumen.

“I think there’s a lot of talent out there and a lot of people wanting to break into cybersecurity or advance further,” she said. “My advice to recruiting teams would be, look for those characteristics in people that have the soft skills, the willingness to learn, the aptitude, the motivation, the drive, because those types of people who are willing to jump in and learn, they are going to be easy to train.”

“Anyone can build up in terms of skill sets and knowledge, but you need that willingness, and you need that drive,” Leah said. "Without that, I wouldn’t have gotten to where I am today.”

Illena Armstrong, President of Cloud Security Alliance, added empathy to the list of desired personal traits.

Any professional, especially those who have aspirations of being in an executive-level position, need to lead with empathy,
Illena Armstrong, President of Cloud Security Alliance

“Those human elements are more important than anything else because if you have this desire to learn about this space, you can do that, but paying attention and perfecting some of those traits like honesty and humility, those are critical to leadership roles in any space, but perhaps more important in this space given how far-reaching cybersecurity is.”

It’s a team effort

It’s that broad reach of cybersecurity and all it touches that drive the importance of teamwork, Illena said.

“Cybersecurity professionals have to understand how to work cohesively with other teams since cybersecurity is pretty much foundational to everything we do. It’s a team effort.”

Leah agrees with that sentiment. “We have to keep helping each other and collaborating,” she said. “It’s not an easy job, but we need that community, and we need more people to be a part of it.”

“I love it when somebody not in cyber comes to me and says, ‘I want to learn more. Can you help me?’ — I love helping people,” Leah said. “It’s more than just our jobs and work; it impacts our daily lives. I don’t know about you, but I’m getting way more phishing scams, texts, emails, calls every day. So when I can help others to realize how they can better protect themselves, I love that.”

Kieron said helping people is his absolute favorite aspect of his role.

“If I’m not helping someone with their career in cybersecurity, if I’m not helping someone understand a particular area of cybersecurity, or if I’m not helping a customer with an outcome, then I don’t know what I’m doing,” he said.

The importance of anticipating a breach

The one thing Dalal and other leaders wish they could share with future generations of leaders is that in the world of cybersecurity, you should always expect the unexpected.

“There are systems we know are vulnerable, and there are other systems that have vulnerabilities, but we haven’t discovered that yet or we haven’t identified that yet,” Dalal said. “It’s really important to keep in mind that there is nothing that is one hundred percent secure.”

These unknown vulnerabilities can sometimes affect Justin’s ability to get a good night’s rest.

I think what keeps me up at night the most is not knowing what I don’t know. And so we’re always looking for ways to understand our environment.”
Justin Michael, Corbin Capital Partners CTO

Varonis Senior Security Specialist Siwar El Assad summarized it well. “It is an irrefutable reality that breaches can happen in spite of our defenses. This is how it is. However, when data is protected, the impact of an attack is diminished.”

Learn how Varonis can protect your most valuable asset — your data. Schedule a free Data Risk Assessment to learn actionable recommendations and a clear path to remediation, and watch each of these leaders share insights and more on their full Speed Data episodes. Subscribe to Varonis on YouTube so you never miss a new episode! 

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:


Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.


See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.


Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

How to Protect Your Cloud Environment From Today’s Top 5 Threats
Learn the top five cloud threats after your sensitive data and how to protect your organization from them.
Best of the Inside Out Security Show Podcast
We’ve interviewed many privacy experts, chief data officers, security pros and learned so much about the real world. Because we’ve covered so much, I’ve curated the most popular infosec quotes...
Do Executives and Cybersecurity Pros Agree on Today’s Biggest Cyber Threats?
Breaches cost companies billions, erode trust and can have a long-lasting negative impact on a company’s brand. With so much as stake, we wondered: are C-Suite executives aligned with their...
How to Protect GDPR Data with Varonis
In the overall data security paradigm, GDPR data isn’t necessarily more important than other sensitive data, but demands specific monitoring, policy, and processing – with significant fines to encourage compliance....