If we're lucky, we'll all have a chance once in our careers to take a risk and use our skills and experience to do something we truly love. Sometimes the career risk is low, but sometimes it's truly a leap of faith--one that offers potentially big rewards as well as the risk of major setbacks.
Tammy Moskites took one such leap of faith. The former Time Warner Cable CISO had plenty of experience at traditional enterprises, including The Home Depot, Huntington National Bank, Nationwide and Aetna. And when she got word that there would soon be a major restructuring at Time Warner Cable, she realized that her role as CISO would be eliminated.
Forewarned of her upcoming unemployment, Moskites went on the lookout for new opportunities, and decided to do something completely different. During a conversation with Jeff Hudson, CEO at certificate and encryption key security firm Venafi, she temperature-checked the idea of moving from being a security executive for an the enterprise--a role she had always played--to working on the vendor side of the business. "I know my role is going to get eliminated with the restructuring, and I'm very excited about the opportunity to possibly make a move to the vendor side," she said to Hudson.
"He kind of laughed at me," Moskites explained months after the fact. "And he then asked, 'Are you serious?'"
She was. And Hudson took her up on her offer.
We are seeing more CISOs take chances today, and now that there's near zero unemployment for seasoned security managers, it seems there is plenty of wiggle room for them to do so. Those who have been in security for a decade or more have usually built security programs from scratch. They've helped organizations recover from breaches. They've mentored new professionals. They've seen what works well and what doesn't. And now they are ready to try new things.
Moskites is not entirely new to the vendor side, as she also sits on the board of advisers for Box and Qualys. And if you talk to her for 5 minutes, you can tell she's not only passionate about the opportunity, but also a believer in the need for more secure treatment and management of certificates and encryption keys.
"Three out of every four organizations don't have security processes in place to manage the SSH keys," she says. "Once these keys are in place, they remain in place forever. It's a huge risk."
Many of the same motivations inspired Eric Cowperthwaite to recently leave his CISO position at Providence Health and Services to join Core Security as vice president of advanced security and strategy. Cowperthwaite had been CISO at Providence Health and Services for seven years.
Sign up for CIO Asia eNewsletters.