Axonius announced today that I’ve been named the company’s first Chief Information Security Officer. Naturally, I’m excited.
I’m up to the task, though I recognize that despite my two decades of cybersecurity experience, fulfilling CISO responsibilities at such a fast-paced organization won’t be easy. It’s one thing to know that a cybersecurity program should align with business goals. It’s another to develop such a program that actually achieves this at a growing tech company like Axonius.
Enterprises juggle a mind-boggling array of security technologies and processes; the years of building products and advising clients have taught me that much. But it wasn’t until I began organizing our own capabilities at Axonius (with the help of the Cyber Defense Matrix, by the way) that I understood the challenge of making all the elements fit together.
I’m not even talking about defense-in-depth, but rather about the essentials such as identity and access management, cloud oversight, network security, endpoint management, anti malware, log management, vulnerability scanning, data backup, asset management, encryption, web application security, browsing oversight, incident response, and more. I bet this list is so long that you didn’t have the patience to read it.
As the CISO at Axonius, I have the pleasure of amalgamating such security controls into a cohesive program in pursuit of these objectives:
Defend corporate and product environments (and the associated data) according to Axonius’ risk management principles.
Guide the Axonius R&D team through the Secure Software Development Lifecycle.
Earnthe trust in our cybersecurity program among Axonius’ prospects and customers.
Educate the industry about cybersecurity approaches grounded in modern asset management practices.
I’ll be striving toward these goals in collaboration with Daniel Trauner, the Director of Security at Axonius. As we expand our understanding of the ways in which a security program helps fuel the company’s growth, we’ll share our knowledge through blogs, webinars, and industry events.