Interview: How to Become a CISO with Ty Sbano (Vercel)
Cybersecurity started as an underground vibe — cool, but once upon a time it was home to those who just weren’t that social, kind of nerdy, and just needed an escape to feel at home at 3AM (like me!)
Today is different. Cybersecurity is a critical business function, and core to keeping the company steady. It all falls to the Chief Information Security Officer (CISO) who creates the strategy to secure the organization from cyberattack. It overlaps with IT in many ways too.
I sat down with TY SBANO to get the scoop on how should someone become a CISO, and much more! (Full YouTube here)
1: “Empathy is important to anything that we do in life.”
Ty jumped into my car with the swagger of a college kid, donning a classic DOPE jacket. Even in the 20-odd years in cyber, he still gets his hands dirty when working at Vercel. I always jump into a rapid fire mode of questions, especially into something I know well 🤓
So, Ty, what do you say is the biggest problem with cybersecurity products?
“If you are more concerned about who’s going to buy your product rather than who should benefit from it, then you’re missing the mark,” he responded.
With the mass consumption of cyber products, there’s been a disconnect between the end-user and the person who’s building the product. Ultimately, the creator needs to understand the user’s world.
He asserts, “But if you’re not going to take their feedback seriously, if you’re not going to think about their use cases and you’re just building a product …. who’s going to buy it?”
In other words: put yourself into the shoes of the person who is going to be using the product you’re building.
2: “Do I actually want to be a CISO or do I want to grow my career?”
We were almost stopped by the police, so I had to take the plunge quickly!
So, Ty, why Vercel? And, how can someone become a CISO like you?
Ty chuckled. “Why am I at this company? Because I want to make my community happier.” There’s a ton of organizations that depend on Vercel to host and deploy their front-ends & other components, it’s a dream job to be helping build the security practices on this.
Okay, how should someone become a CISO?
“First, I’d question their sanity,” he says, “Do I actually want to be a CISO or do I want to grow my career?” It’s two very different things, and can be a very stressful to jump into these roles! You can have career growth without necessarily trying to climb the ladder too.
Ty’s top 3 recommendations:
- Get Educated: get the certifications or education around cybersecurity whether it’s individually or through a program
- Work: put in the work and grind to understand how would you build a team or implement a tool or build functions
- Get Detailed: understanding is different than managing.
3: “Understand your crown jewels”
We came close to finishing off, so I wanted to get some special knowledge from Ty on actually *being* a CISO
If you became this CISO, what would you do next?
“Ask yourself the questions,” he responded, “And, understand:”
- What are your crown jewels?
- What’s the threat model?
- Where are your secrets?
- What would happen if something is compromised?
etc.
“Step zero to security hygiene is making sure single-sign on is rolled out as effectively as possible,” Ty said. “Then, understand what your assets are and manage them.”
Ty’s approach is about identifying business risks first, only then propose solutions. It needs to be pragmatic. Choose products that not only solve your security issues, but also align with your company’s budget, scale, and future goals.
And, that’s all folks! Give it a watch!
— kunala