Marc Lueck is CISO EMEA at Zscaler, a security technology vendor. He describes the importance of cybersecurity in an organisation and also speaks about the major area of investment in his industry.
Describe your current job role.
I am a field facing CISO working for Zscaler, a security technology vendor. I represent and communicate our internal controls to our customers to build trust, ensuring that our customers understand how we protect ourselves, our service and our customer’s data. In addition – I leverage my 26 years of security experience to peer with our customer CISOs to operationalise and consume our platform; ensuring they get value.
What would you describe as your most memorable achievement?
Security rarely has great ‘achievements’ – the job means ensuring that problems remain problems, not catastrophic issues. These issues include ransomware and zero-day mitigation; but dealing with these issues are all part of the job. However, if I were to look at my work here at Zscaler, I built and launched what we call our ‘Security Risk Assessment’, an engagement used to help match our platform to security and business outcomes. I feel it’s a great way of helping to use my experience to help people look beyond features and architecture into the business value of a security platform.
What style of management philosophy do you employ with your current position?
I am not currently managing people; but I always try to enable those who work for me to succeed; listen and ensure their success is recognised. It is important to look at your behaviours regularly – sometimes it feels like you are succeeding when in fact you aren’t. Get feedback and act on it regularly!
What do you currently identify as the major areas of investment in your industry?
Zero Trust has moved from ‘buzzword’ to go-to architecture – it changes the game for security but is still not well-defined. However, lifting the stones of our IT past to find implicit trust underneath and removing it where possible will be an investment for years to come.
If you could go back and change one career decision, what would it be?
I would have chosen a career earlier than I did. For 11 years I contracted – the money was good and I was learning, but if I could wave that magic, time machine wand I would have cut that in half.
What advice would you offer somebody aspiring to obtain a C-level position in your industry?
Your technical or focus skills are incredibly important, but your ability to communicate them to the layperson, or even harder, the well-educated board member, will be your most important skill in the years to come. C-level positions are all about building and maintaining momentum in the business, to conduct business and usually to make profit. Learn how your skills enhance that and learn to communicate them that way.
What behaviour or personality trait do you most attribute your success to, and why?
Curiosity and a never-ending need to learn. It has helped me for my entire career. Early on it was all about my IT and security skills; but now, there has been no area in a business I didn’t want to know more about.
What’s your go-to productivity trick?
I use a ‘life hack’ tool/day organiser called ‘Things’ to ensure that I keep track of and prioritise my time.
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months?
I have been able to build closer relationships to my peers; the relevance of my message and experience has seemed to grow. Is that because my message has changed or because the world is focusing now on what I am saying? The next 12 months will see me back on the road, back to California and hopefully speaking that message directly with people, face to face.