Episode 6
Chris Morales, CISO at Netenrich - Quick Witted Veteran, Fueled by Data Analytics
About Chris Morales:
We’re here this week with an AI and threat modeling guru, Chris Morales! He’s Netenrich’s FIRST CISO and Head of Security Strategy overseeing the strategic development, implementation, and market execution of the company’s security solutions and processes. Chris has 20-something years of information security experience, having previously led advisory services and security analytics for Vectra AI – while at Vectra he educated many of the Cloud Security Alliance chapter members on dissecting a Microsoft Office 365 attack. During his career, he has advised and designed incident response and threat management programs for some of the world’s largest enterprises. Chris has held senior roles in cybersecurity engineering, consulting, sales and research at companies such as HyTrust, an Entrust company, NSS Labs, 451 Research, Accuvant (acquired by Blackstone Group), McAfee and IBM. He is also currently a council member with CompTIA Cybersecurity and advisory board member for Saporo.
He not only brings his wicked smart knowledge on cyber; his candor and wit is refreshing. To boot, he’s from the friendship state – Texas, so listen to this podcast – it’s like hearing from a friend!Guest
- Chris Morales
- LinkedIn: https://www.linkedin.com/in/cmatx/
- Twitter: https://twitter.com/MoralesATX
Highlights:
0:00 - Introductions & About Netenrich
- Netenrich, Ingram Micro and expanding from roots
- Evolving IT & Security specialization
- Moving from consulting to CISO
7:10 - Pathway to CISO
- What's the definition who makes a good CxO?
- Six Types of CISO - Ref: Forrester Article, Jan 2020
- Identifying different types of personalities for industries
- Every company is a tech company
14:26 - Difference: Secure Operations vs. Security Operations
- Question of proactive vs reactive
- Two different focuses - predictive with cultural challenges and buy in
- Enhancing customer experience
- Situational awareness is important with looking at same set of data between groups to communicate daily.
18:16 - Bring Value of "Why Do I Care?"
- Entire management chain needs to care
- Alignment is important with the C-suite
- Look at data, threat modeling to share how and why it impacts key holder
- Chris learned a lot from statistical analysis and appreciation of data
22:48 - How Chris Came To Security
- Started as Computer Science to make video games
- Dropped out of college to launch his own business
- Joined the military
- Listened to his Dad talk about "The Art of War," Sun Tzu
- Spent time hacking to get video games
- Moving positions and being open to job challenges
31:35 - Advice to Future Leaders
- The title doesn't mean anything
- It's more important on what you do
- Have insight and empathy on why people do things, and learn their pain points
- Don't worry about being good at everything. Pick one thing and be good at it
- Hacking is social engineering
- Security breached through end users is a failure of the security team
- Don't be afraid to fail as a leader
- People are the victims, not the problem
- People are suffering from our technology problem
37:25 - How Chris Avoids Burn Out
- The question - How do you get more sleep?
- There is no magic answer and sometimes hitting the wall can be scary
- "I Am Me" - Chris needs to write this book on addressing burn out
- Do what you like and works for you.
- Burn out - Working too hard and no one cares.
Final Thoughts:
- On avoiding burn out: Working hard is ok, but recognize when you are working too hard and no one cares.