A Day in the Life of a Cybersecurity Strategist

Ryan Kalember. EVP, Cybersecurity Strategist at Proofpoint joined Dr. Rebecca Wynn on this episode of Soulful CXO and provided insights into:

• What a cybersecurity strategist focuses on
• How a CISO actually sleeps at night
• His biggest piece of advice for the audience

Kalember has over 20 years’ experience in the information security industry and as has been the case with most of Dr. Wynn’s guests, it happened almost by accident. As a Stanford undergrad, while taking a computer science class he got a glimpse of the cybersecurity industry. He was intrigued by the problem that they were trying to solve and was able to graduate early at 20 years old and took his first job as a cybersecurity practitioner. That was just the beginning of Kalember’s very notable career.

A Cybersecurity Strategist: The Mission

As a cybersecurity strategist, approximately 50% of his day is spent speaking to CISOs, and CPOs to focus on how they can take the products and technology services they develop at Proofpoint to help make those lives easier. At Proofpoint they also pride themselves on being useful to the CISO community as a whole and he spends a great deal of time sharing information with CISOs who may not be their customers. Being front and center with the community and figuring out how they need to, not only benefit from some of the information and insight that they have, but also how they can inform what they’re building over the longer term is really the core of what Kalember does.

From the perspective of the technology side, he thinks strategy really does matter because you have people choosing to build cybersecurity technologies with many different backgrounds, which is generally a good thing. He focuses on keeping Proofpoint aligned to the things that are actually going to make a risk mitigation difference for the customers they serve. That largely revolves around protecting people, protecting the information they work with, and of course, making sure that all that is done in a compliant and private way as well. That is ultimately where the bulk of his time is spent. He has an organization with approximately 150 people that does similar stuff to try and not only get that message out more broadly, but also meet the needs of the community.

Time Management

In Kalember’s words, “time management is a bear.” It really gets complicated when you have a global team, as he does. He often has a chunk in the morning that's devoted to his European calls. He then provides himself with a break to workout, eat breakfast, drop off one of his kids at school and then get back into the meat of the day. He tries not to spend too much time on internal Zoom meetings, which are often a necessary ‘evil.’ He focuses on mixing that up between talking to customer CISOs, people who might want to work with them, as well as, his own team. Trying to keep everything on track to ensure that they’re building the right technologies into the future, which is really focused on what are the attackers exploiting?

He notes that he always spends time making sure he’s connected to their threat research team who are the boots on the ground. Kalember takes a chunk of time in the afternoon to actually get something done. He’ll then talk to an Australian CISO in the late afternoon and wrap up the day like that. It's a little exhausting and he recognizes the need to build in lots of ways to take breaks, go for a walk, anyway to step away for moment. Although that’s how he plans out his day, there are often things that may throw a monkey wrench in that which is not necessarily controllable.

The CISO Who Sleeps At Night

Kalember shares insights on the CISO he knows who sleeps the best at night and has a very straightforward environment. Everything's in Google workspace, he’s not an Office 365 shop, which is interesting; however, it’s very hard to ransomware a Google workspace environment because the files are not files, they're actually blobs. They have basically no corporate network, everybody is just connecting to cloud applications. They have a few things that they develop themselves, but those basically run in their own private clouds and have very specific routes in and out. That legacy infrastructure that is so problematic and is connected to things like AD, which are an absolute beast to secure, does not exist in his world. He does not have AD and he gives up a lot of functionality. The team likes it because it means they don't have passwords, which is a huge gain in terms of user productivity, especially when they're remote. That's his world. SaaS applications, a few assets that live in the cloud, devices are mostly Macs, which also makes a huge difference. Kalember believes this is the future. This CISO is not terrified at night that he's going to wake up to a 4:00 AM phone call about ransomware.

Final Thoughts

Kalember wraps up by sharing his recommendations. “The biggest piece of advice I would give to people is wherever you're at on your cloud journey, figure out what that secure future looks like, because it's not it's not a myth, it's not a unicorn. It really does exist. It's possible to get there and then figure out how to take the toxic stuff that you will never be able to secure on prem and whatever it happens to be and figure out how to properly segment those things.” He continues, “It would be a huge wasted opportunity if we don't go down this path, there's not going to be another move to the cloud that occurs in any of our lifetimes, nor do we think any of that is going to reverse and go back on prem. And we're all going to be building data centers again. It's just not going to happen. So with that, we have to use this move to the cloud to go as close to this new paradigm as we possibly can. And there are some really, actually straightforward things that we can get there with, but we can't be just connecting the old to the new and contaminating everything that way and expect a better outcome than we've had in years past. And that's going to be politically hard. But there is a risk mitigation case to be made for it. The ROI is 100% there because every board in the world knows that ransomware can take their entire organization offline. And it would be a shame to waste this horrific spate of ransomware incidents and not actually end up with better security on the other end of it.”

You can view the full podcast here which includes Dr. Wynn and Kalember discussing the evolution of threats and much more.