A tough goodbye
After nearly five years serving as Expel’s CISO (pronounced “ciz-oh,” for those wondering), I’m moving on to new adventures. But before I leave, I wanted to share a bit about my journey with Expel.
Expel is an incredible company. I honestly mean that.
Even from the beginning, Expel impressed me. In 2016, I had the opportunity to be the technical advisor to the Obama administration’s Commission on Enhancing National Cybersecurity. It was a fascinating experience, to be sure. One of the things I heard from all the companies and agencies I interacted with was that many of them had a similar shared experience that can be best summed up like this:
“I’ve done everything I’m supposed to do and bought all the tech I’m supposed to buy. I still don’t feel like I see what’s happening in my environment, and don’t think my provider is actually finding the bad things.”
At the time, I remember thinking, “Yep, that’s how it is,” and I didn’t have any real ideas on how to do better.
How it started
I got a call from Yanek, one of Expel’s founders, who was on the hunt for a CISO for this new company he was helping to start and was hoping I might have some recommendations. Always happy to help a friend, I asked him what Expel was doing and told him I’d see if I could find anyone who might be interested.
He told me the plan for Expel: The founders wanted to disrupt the managed security space, hook into existing investments companies have made and automate not just the detection but also the investigative and recommended remediation activities.
After listening to the pitch, I thought, “That’s it! That’s the thing nearly everyone I’ve talked to in the last year needs.”
I offered up that I’d be willing to be Expel’s CISO. I interviewed with the other execs (including a really memorable one with Pete Silberman), and I ended up with the job…even if we couldn’t agree on how to pronounce C-I-S-O.
How it’s going
Fast forward almost five years, and it’s been a blast. Seeing the initial vision of the company come to fruition is awesome.
I’ve had customers tell me our service has changed their lives; that they finally get to see their kids’ sporting events for the first time in forever…I’ve seen companies grow and build their internal security programs without having to deal with the day-to-day stress of security operations. And I’ve seen Expel grow too. This company has always been an incredible place to work, a place where everyone supports each other both professionally and personally.
In my role as CISO, I oversee not just security, but IT and facilities as well. I can’t overstate the quality of work done by this team. We’ve published some of the work we’ve done (like our 3PA process, the NIST CSF self-scoring tool and NIST Privacy Framework self-scoring tool) but there’s lots of good work this team has done that the public doesn’t get to see. I’m thankful for them and so proud of their work.
Although I’m off to a new adventure and excited about the future, it’s safe to say I’ll miss Expel and its band of merry Expletives.
Thanks and see you around
To our customers: I’m happy we’ve been able to make a difference for you.
To my coworkers, I’ve enjoyed working with all of you and you’ve made me a better person during my time at Expel.
And to my family, thanks for your support on this adventure and the next one.
I’m not going far — if you want to chat about third-party risk (that’s a great topic for cocktail parties, by the way) or just say hello, you can still find me in your favorite CISO Slack community, at ShmooCon and on Twitter.