On Episode 32 of Executives Unpacked we had the pleasure of talking to Chris Castaldo, the CISO at Crossbeam and author of Start-Up Secure. He’s also an advisor and board member with numerous organisations, and has a rich background in cybersecurity, having built many organisations himself. We discussed the secrets to his successful career, including his biggest lessons and best advice.
What is the biggest lesson that you’ve learned during your career?
It took me a long time to really uncover and really understand that building cybersecurity is not just building technical controls. You’re building something for an end user somewhere, whether it’s a customer, a co worker, or your executive team, you’re providing a service to the business in some fashion. Or, if you’re at a cybersecurity company, you’re providing security services to your customers. Learning that really took a long time to understand. You’re just one piece in a very big puzzle that really needs to be managed as a team. And it’s like any team sport; you can’t go it alone. You can’t throw the ball and run for a touchdown. You can’t pitch the ball and hit it at the same time. There’s a lot of different pieces. At the end of the day, we’re building something for someone else, not ourselves.
What do you wish you’d been told earlier in your career?
Some stuff is learned through experience. Someone can tell you how to do something, but until you’re doing it, you won’t really understand. There are some things you just don’t get from a book. Also, when you love doing something, it’s very easy to find time to do that thing.
What is the best bit of career advice that you have ever been given?
One that sticks with me throughout the years, has always been ‘ask for forgiveness, not permission’. That really goes into the startup mindset. I really enjoy working in startups or with startup founders, because you’re trying to break the mould, not just do the same thing over again. To do that, you have to take risks. You’re either bootstrapping self funding, or you’re putting yourself out there, trying to get funding from a VC or friends and family. All these risks add up, hopefully to a success.
What type of things keep you awake at night?
Honestly there’s nothing that really keeps me up at night, right. Part of our role as risk managers is making sure that all the risks are accounted for – except for the unknown unknowns of course, those will always exist. If you’re looking at cyber security from a true risk management perspective, there shouldn’t really be anything keeping you up at night. You’ve either accepted the risks or you’ve managed them in some way. Even the unknown unknowns should be accepted, because you know that those will be there. Most people in cyber security know that there’s going to be zero days, it’s just a matter of fact, so you can build your programme around that and I think get a relatively healthy night of sleep.
Is there a single thread that’s run through your career that’s led to your success?
I think it’s persistence. You have to be persistent to achieve your goal. It’s the same with a startup founder – you can’t just throw in the towel at the first bump you hit, right? Maybe it’s a go to market motion failure. Maybe it’s a product failure. When it happens, you’re gonna pivot the entire company, pick a different product and adapt. That’s really what sets folks apart in their careers. If you’re driven enough, you can always find a way.
What’s one bit of advice that you’d give to somebody entering the industry?
Listen to the business and ask them as many questions as you can. Ask each of the stakeholders what they care about and what’s important to them, because that will make building your cyber security programme that much easier. Really being in tune with your peers is absolutely critical.
To hear more from Chris, tune into Episode 32 of the Executives Unpacked podcast here.
