Episode 6

Chris Morales, CISO at Netenrich - Quick Witted Veteran, Fueled by Data Analytics

Published on: 23rd September, 2021

About Chris Morales:

We’re here this week with an AI and threat modeling guru, Chris Morales! He’s Netenrich’s FIRST CISO and Head of Security Strategy overseeing the strategic development, implementation, and market execution of the company’s security solutions and processes. Chris has 20-something years of information security experience, having previously led advisory services and security analytics for Vectra AI – while at Vectra he educated many of the Cloud Security Alliance chapter members on dissecting a Microsoft Office 365 attack. During his career, he has advised and designed incident response and threat management programs for some of the world’s largest enterprises. Chris has held senior roles in cybersecurity engineering, consulting, sales and research at companies such as HyTrust, an Entrust company, NSS Labs, 451 Research, Accuvant (acquired by Blackstone Group), McAfee and IBM. He is also currently a council member with CompTIA Cybersecurity and advisory board member for Saporo.

He not only brings his wicked smart knowledge on cyber; his candor and wit is refreshing. To boot, he’s from the friendship state – Texas, so listen to this podcast – it’s like hearing from a friend!Guest

Highlights:

0:00 - Introductions & About Netenrich

  • Netenrich, Ingram Micro and expanding from roots
  • Evolving IT & Security specialization
  • Moving from consulting to CISO

7:10 - Pathway to CISO

  • What's the definition who makes a good CxO?
  • Six Types of CISO - Ref: Forrester Article, Jan 2020
  • Identifying different types of personalities for industries
  • Every company is a tech company

14:26 - Difference: Secure Operations vs. Security Operations

  • Question of proactive vs reactive
  • Two different focuses - predictive with cultural challenges and buy in
  • Enhancing customer experience
  • Situational awareness is important with looking at same set of data between groups to communicate daily.

18:16 - Bring Value of "Why Do I Care?"

  • Entire management chain needs to care
  • Alignment is important with the C-suite
  • Look at data, threat modeling to share how and why it impacts key holder
  • Chris learned a lot from statistical analysis and appreciation of data

22:48 - How Chris Came To Security

  • Started as Computer Science to make video games
  • Dropped out of college to launch his own business
  • Joined the military
  • Listened to his Dad talk about "The Art of War," Sun Tzu
  • Spent time hacking to get video games
  • Moving positions and being open to job challenges

31:35 - Advice to Future Leaders

  • The title doesn't mean anything
  • It's more important on what you do
  • Have insight and empathy on why people do things, and learn their pain points
  • Don't worry about being good at everything. Pick one thing and be good at it
  • Hacking is social engineering
  • Security breached through end users is a failure of the security team
  • Don't be afraid to fail as a leader
  • People are the victims, not the problem
  • People are suffering from our technology problem

37:25 - How Chris Avoids Burn Out

  • The question - How do you get more sleep?
  • There is no magic answer and sometimes hitting the wall can be scary
  • "I Am Me" - Chris needs to write this book on addressing burn out
  • Do what you like and works for you.
  • Burn out - Working too hard and no one cares.

Final Thoughts:

  • On avoiding burn out: Working hard is ok, but recognize when you are working too hard and no one cares.
Next Episode All Episodes Previous Episode

Listen for free

Show artwork for The CISO Diaries

About the Podcast

The CISO Diaries
The path to cybersecurity leadership is not a direct route and it's those divergent routes that create the amazing stories and histories of leaders who are driving security to keep businesses and people safe.

We’re Leah McLean and Syya Yasotornrat and we intend to give CISOs and cybersecurity professionals a place to be their authentic selves. These are the unedited stories told of how they got into cybersecurity, the real struggles they’ve persevered through, personal anecdotes that make them tick, and leadership advice based on experiences.

We aren't the kind of cybersecurity podcasts that focuses on the technologies, or recent incidents. We are the podcast that focuses on the people behind the headlines and the incredible diversity of experiences and backgrounds. (And it's not lost on us that we're two awesome female hosts)!

Let's face it: we are a cybersecurity tribe and we need all hands on deck!

We hope you enjoy our CISO diary entries.

After all, we're only human, right?

Special thanks to our sponsor, Cyber Future Foundation, a non-profit global cybersecurity executive leadership community, where leaders, thinkers, and futurists discuss and develop actionable guidance and frameworks for a trusted and safer world.

About your hosts

Syya Yasotornrat

Profile picture for Syya Yasotornrat
Syya is a tenured tech sales professional with her time at SonicWALL and Hewlett Packard (HPE) with some hospitality at the Walt Disney Company and IT recruitment experience in the mix. She is currently a podcast strategist and consultant, helping others to bring out their voice and legacy through podcasting. She loves to learn and talk about anything, so feel free to reach out!

Leah McLean

Profile picture for Leah McLean
Leah is Vice President, Cybersecurity Specialist at Mastercard. She is focused on implementing strategy and programs to evolve cybersecurity risk management approaches and cybersecurity awareness and training. She actively contributes in community working groups to advance cybersecurity risk management and third-party risk. Leah is also a mentor to candidates breaking into cybersecurity careers, and collaborates with employers to rethink their workforce and hiring strategies.
Leah is a co-founder at Whole Cyber Human Initiative, a non-profit focused on redefining how we identify, train, equip, advance knowledge, and build workforce development within IT and Cybersecurity. She also volunteers for Cyber Future Foundation, a non-profit driving workforce development initiatives and private and public sector collaboration.
Previously Leah held senior level roles as a cybersecurity practitioner at Armor, a cloud security company protecting data for SMB and mid-market customers, Apstra (acquired by Juniper Networks), A10 Networks and Cisco Systems. Leah serves on the Board of Advisors for Cloud Defense, Inc., a breach visibility cloud security startup and is on the board for the Cloud Security Alliance North Texas Chapter.
Leah holds a bachelor’s degree in Political Science, with an emphasis in International Relations from the University of California, Santa Barbara. She is an active outdoor junkie always chasing adventure.