I’ve seen a lot in over twenty years working in the cyber security vendor world. I’ve met all types of information security leaders – tech focused, C-level focused, self-branding-focused, way too nice, way too mean, underprepared, over-prepared, under financed and under staffed, and over financed and over staffed.

So I’m gonna take all these experiences and mash them up into a strategy for a new CISO. I’ve been hired for this imaginary role at the Miktz Corporation and I’m excited as hell. They’ve just crossed the $100mil revenue threshold, they have real customers and IP to protect, risks agreements with business partners, cyber insurance requirements, a load of problems, a pissed off staff, and a boat load of problems.

Like most companies, Miktz Corp underinvested in cyber throughout the years and now they are feeling the pain. Their cyber insurance rates are skyrocketing, their business parties are becoming a real pain in the ass with all the risk requirements in their cyber programs, and they are recovering from a $150,000 ransomware fiasco that ultimately got me this job.

I’m excited as hell because I’ve been selling cybersecurity, but now it’s time to walk the walk. I have to put 20 years of talk into action and it’s scary and I’m feeling nervous. But not to fear, I’ve been through many changes and I’ve seen a lot.

So let’s go on the journey together – I have two virtual weeks before I start and I’m gonna start my planning now.