expert
OPINION
RICH SEIERSEN, CHIEF RISK TECHNOLOGY OFFICER AT QUALYS
Rich Seiersen, Chief Risk Technology Officer at Qualys, shares why the industry’ s obsession with metrics misses the point and how CISOs can reframe security for the business.
The problem with cybersecurity is not just hackers – it’ s how we measure risk
he conference room at Dubai’ s Hilton
T
Towers, now empty, still held name placards of key businesses from the region. The chairs were pushed back and the coffee cups cleared away. Only a few pens and folded agendas remained, reminders of the executives who had filled the space hours before.
In retrospect, the setting was perfect to reflect on a conversation with Rich Seiersen, Chief Risk Technology Officer at Qualys. Seiersen had just concluded a workshop with Qualys’ customers, and it was unlike a typical vendor session filled with slides and jargon.
It was designed to prompt senior executives and CISOs to step back, question their assumptions and consider security in terms of risk and resilience, rather than focusing on endless lists of threats. When asked how he thinks about cybersecurity, he shared a line that summed up his approach:“ If your metric doesn’ t change a decision, stop collecting it.”
Direct, unembellished and entirely characteristic of Seiersen.
From accidental beginnings to engineering
In his second stint as the Chief Risk Technology Officer at Qualys, Seiersen explained that his career in technology, like most things in life, was unplanned. While studying for his master’ s degree in California more than three decades ago, he landed an internship at a company that handled HR for startups. The General Counsel,‘ a bit of a nerd’, introduced him to open-source software.
“ I didn’ t have a background in it, but I got hooked,” he recalled.“ Linux, Apache, MySQL, PHP – I became one of the few people who knew it. One of our portfolio companies needed a developer and I landed the job after an interview. From there, it just kept going.”
By 2004, he was working at Qualys as an engineer. Cut to nearly two decades later, when CEO Sumedh Thakar asked him to return as part of a new push to reposition the company around risk.“ He said,‘ Rich, we’ re going to become a cyber-risk management company. Do you want to be part of it?’ It felt like coming back to the same house by a different road.”
WWW. INTELLIGENTCISO. COM 49