CISOs: The pros and cons of being visible online

Cybersecurity isn’t just a job – “It’s a discipline,” Gary Hayslip (CISO at Softbank Investment Advisers) told us.

He’s a global CISO with repeated success across multi-billion dollar enterprises, and he’s dedicated to continuous improvement. Resting on your existing knowledge and experience is never enough: to be a valuable player in the cybersecurity industry, you have to be open to new ideas. Always.

This approach to his work – existing as a forever student, no matter how much he learns – is why Hayslip is a thought leader as well as an expert. We asked him how he manages his online presence to support his career; and if being a visible figure online has its downsides when you’re working in cyber.

Could you briefly share your career journey so far?

“I honestly got involved in Cybersecurity during my military career.

“I was working in IT and was doing both software development and network engineering. I enjoyed those roles, but I always found doing security more interesting, especially when building and stress testing networks.

“A pivotal moment for me is upon reflecting on my career path in cyber after leaving military/government service and transitioning to private industry, cyber is still cyber. No matter the vertical or industry the basics still need to be followed. Whether you are legacy, hybrid, or 100% cloud, many of the basic cyber hygiene security controls still apply – even if they look different.

“I remind my teams we aren’t working in a job; we are working in a discipline made up of both technical and soft skills – and as the technology and threats change over time, the basics still need to be followed. Cyber is still cyber.”

What's one thing most people don't know about cybersecurity that you wish they did?

“That it’s a discipline. It’s not just taking a couple of classes or completing a college degree and you are in this new job. Cybersecurity is a field of study incorporating extensive soft/technical skills and experience.

“Couple that with the fact it’s continuous, working in this field you are always ‘on’. There is no time you are going to walk into work, and everything is secure, and you have nothing to do. Working in this field you must continually educate yourself on new technologies, new threats, and new risks. Working in this field you must get the basics right every day, every time – again, it's continuous and takes focus and discipline to be effective.”

Could you tell us a little bit about Security Tinkerers?

“Security Tinkerers is a peer group of CISOs, Security Executives, and Thought leaders. It is a close-knit family, a tribe of cyber practitioners who support one another.

“If you are doing research, having problems trying to fix an issue, or seeking advice for your slide deck before you report to the board – Tinkerers is where many of us go to talk with a friend to get insight and help if we need it. Even with over 20+ years of experience in IT and Cybersecurity I still occasionally need advice and this group is a good place to get some wide ranging, diverse insight into issues I may be facing as a CISO and a Business Executive.”

As a thought leader and author as well as a CISO, how do you manage your online presence so that it supports your work?

“I view my online presence as part of being a thought leader, CISO, and author. It is how I stay actively involved in my community and share knowledge with peers and new practitioners who are joining our growing community.

“That presence allows me to speak with authority at work about specific subjects when asked by my leadership team. It also opens doors for me when speaking with vendors and negotiating for new technologies. Lastly, it helps when recruiting for talent to join my teams.”

Are there any downsides to having an active online presence as a cybersecurity professional?

“Yes, as always there is always a negative to every positive. One of the hardest parts of managing an online presence is you must keep it current and provide content that is relatable and wanted by those who follow and trust you. It carries a responsibility and if neglected it can impact you and can take time to repair the trust you have built with your community.”

What are you most looking forward to at Black Hat MEA 2023?

I have been coming to Black Hat in Las Vegas for over 15 years and I’m excited to experience it in another venue.

“I love the cyber community and I am looking forward to meeting peers and new practitioners in Riyadh, where I’ll get the chance to connect with longtime friends and make new ones as well. I also am looking forward to looking at new startups and hearing about new technologies.”

Learn more from Gary Hayslip at Black Hat MEA 2023.