Leadership & Executive Communication , Training & Security Leadership , Video

What CISOs Must Implement in Their First 90 Days on the Job

Cloudflare CISO Grant Bourzikas on Building Risk-Based Security Programs
Grant Bourzikas, CISO, Cloudflare

A chief information security officer plays a critical role in establishing and overseeing a risk-based security program within an organization. Grant Bourzikas shared his experience as the new CISO at Cloudflare, highlighting a 90-day period during which he engaged with customers, internal nonsecurity personnel, executives and his team to gather insights on Cloudflare's security landscape.

See Also: 2024 Threat Landscape: Data Loss is a People Problem

Identifying threats, determining the necessary security programs to address those risks and establishing metrics to measure risk mitigation progress are foundational to building a new risk-based security program, Bourzikas said.

"I always think about this as a pyramid. There are going to be different metrics for different audiences," he said. "The top level is board-level metrics. Then you have program-level metrics and operational metrics." He emphasized the significance of organizational alignment and communication in driving change effectively.

In this video interview with Information Security Media Group at Black Hat USA 2023, Bourzikas also discussed:

  • The need to spend time with nonsecurity people to help build a security program;
  • The advancements in AI, especially ChatGPT's ability to use large language models to respond to questions;
  • Concerns around security and data privacy when it comes to building generative AI models within organizations.

Bourzikas is passionate about technology and security and its potential to improve lives. His key areas include enterprise risk management, AI, regulatory operations, vendor management and IT strategy. Prior to Cloudflare, he was the group CISO and executive director at Silicon Valley Bank.


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.