Secret CSO: Jonathan Fischbein, Check Point Software Technologies

What's the best career advice you ever received? “I would say the best that I learned was not about technology. It’s about working with people you trust.”

IDGConnect_secretcso_suppliedart_jonathanfischbeincheckpointsoftwaretechnologies_1200x800
Check Point Software Technologies

Name: Jonathan Fischbein

Organisation: Check Point Software Technologies

Job title: Chief Information Security Officer (CISO) and Data Protection Officer (DPO)

Date started current role: July 2019

Location: Tel Aviv, Israel

Jonathan Fischbein heads up cybersecurity vendor Check Point Software’s own cybersecurity focusing on protecting Check Point assets, employees and services. He has more than 25 years’ experience in high tech security markets developing ad-hoc solutions for large corporations to mitigate security threats and shape security strategies to cope with upcoming challenges.

What was your first job? I spent several years in the Israeli army specialising in law enforcement, but my first cyber security job was in 1999 as the security operations centre (SOC) founder and manager at Bank Leumi. My mission was to build a 24/7 operation that would guard all the financial secrets and assets of the new digital world and it is still there today, and has continued to work for all those years without interruption.

How did you get involved in cybersecurity? From a very young age, 11 or 12, I started playing with computers, so I had an interest even then. It was while I was in the military though that I was also given the opportunity to work in data security. This was around 1996.

What was your education? Do you hold any certifications? What are they? My education is based on almost 25 years’ experience dealing with cybersecurity, but with regards to university, I studied Computer Science with Business Management, although I only finished about 60% of the degree. I do, however, hold various certifications in network management and cybersecurity, and I also have a certification in pragmatic product management. At the age of 25 I was a part-time IT Security instructor in a technology college.  

Explain your career path. Did you take any detours? If so, discuss. Although I have held various significant roles, my career path has always been focused on cyber security. I started at Check Point as a quality assurance engineer before embarking on positions in project management, R&D, security architecture and technical marketing. Now I am 25 months into my role as CISO and DPO at Check Point Software. I wouldn’t say I broke the record for longest Check Point employee, but I’m still here and enjoying what I’m doing. I think it’s a very exciting job in an exciting and challenging company. I see myself as the guy guarding those who develop the products to keep our customers safe.

Was there anyone who has inspired or mentored you in your career? Definitely. My wife is number one. She is always supporting me and telling me to not be afraid of risky steps and new challenges, because we can always keep doing what we’re doing for another year or two and stay comfortable, but then we would not achieve new, exciting things. Number two I would say is Gil Shwed, our CEO and founder. I have learned a lot from Gil especially when it comes to making analytical decisions. 

What do you feel is the most important aspect of your job? I think the most important aspect is the responsibility that I carry in making sure that we are delivering the highest standards of cybersecurity to protect Check Point Software from the evolving and evermore sophisticated external threats or even internal threats. It is a 24/7 responsibility, and not only as a cybersecurity leader but also has a business executive driving positive change and supporting new tech.

What metrics or KPIs do you use to measure security effectiveness? At Check Point Software we have an internal incident tracking system. Every morning I’ll open it up and there’s a full list of open incidents, new incidents, all the incidents that we should have mitigated already. Remediation can take a few days or even weeks depending on the project.

Is the security skills shortage affecting your organisation? What roles or skills are you finding the most difficult to fill? In general, the answer is yes, the shortage is being felt across our industry. We often see people jumping from one company to another which makes it very challenging for HR teams to recruit. Check Point is a special organisation though for a number of reasons. For me, the most important thing is not only having talented people but it’s people that I can trust. I have brought in people that I know personally. We also promote internal transfers. So, imagine we have a very good guy in technical support, DeVops or in quality assurance, think about it, they are the experts in Check Point Software products and about 80-90% of my security posture is built from Check Point solutions, so it’s a great start for me to bring somebody already pro into my team.

Cybersecurity is constantly changing – how do you keep learning? To be a CISO or to deal with cybersecurity on the mitigation side, on the blue team, it’s not a 9-5 job. It’s almost 24/7. There can be new discoveries at 11pm or 4am, and it pushes you and your teams to always keep up and stay relevant against the threats. The positive to this is that it’s never boring. Sometimes there will be things that you find very hard to understand, which is why you need allies within your organisation. Check Point’s threat intelligence team - which are of course the people who are investigating new threats and campaigns – will help me. They’ll say “look Jony this is not relevant for you, or this is relevant for you because you have two servers that might be vulnerable”. They are a bit like a team of doctors advising on Covid-19 safety precautions. With the same indications the threat intel team can help us to understand the level of risk and how urgently we need to treat it.

What conferences are on your must-attend list? In light of the pandemic, I haven’t been to any conferences over the last 18 months, and I have no plans at present, but I have attended RSA and Black Hat in the past. For me, they are a great way to catch up with friends and colleagues from the industry. But also, if at Check Point Software I’m using a lot of a specific vendor’s products then I will push my technical teams to go to that vendor’s events so that they feel closer, stay up to date with what’s going on and have more loyalty.

What is the best current trend in cybersecurity? The worst? I don’t think there is such a thing as a best trend when it comes to cyber security but there are two main threats that are being talked about – ransomware and supply chain attacks. There has been a huge increase in both types of attacks this year and I think it will continue.  

What's the best career advice you ever received? I have received a lot of great career advice over the years. I would say the best that I learned was not about technology. It’s about working with people you trust. It’s those people together with the technology that will keep you safe. Great technical solutions are great but will not suffice. It’s a combination of talented people that you can trust, implementing security controls effectively.

What advice would you give to aspiring security leaders? For aspiring security leaders, I would say the magic of implementing effective cyber security policies and controls, is working with the managers, with your peers, and supporting the business. Not the opposite. Don’t implement a technology without any thought for its cost. If your managers, peers, executives get frustrated with security implementation, then it’s game over. I think to be a CISO, it’s important that your colleagues like you, that they come for advice and see you as a very central entity supporting the business.

What has been your greatest career achievement? There are so many that I look back on fondly but becoming CISO of one of the world’s largest cyber security companies has to be the best so far.

Looking back with 20:20 hindsight, what would you have done differently? I wouldn’t have done anything differently. There have been mistakes and lessons learnt but they are all part of the journey, and that’s what makes it sweeter.

What is your favourite quote? Michael Jordan said, “Talent wins games, but teamwork and intelligence win championships.” I think the same is true in business.

What are you reading now? I’m not currently reading any books but I’m enjoying Netflix’s Hit & Run and CISO Secrets podcast series.

In my spare time, I like to… play tennis. I practise about 3-4 times a week, it’s what keeps me alive and kicking. Also love to watch movies with the kids.

Most people don't know that I… didn’t grow up in Israel. I actually grew up in Argentina. I was born in Buenos Aires and grew up with my family there before we moved to Israel when I was thirteen years old.

Ask me to do anything but… a live TV interview. I must admit I find it quite intimidating but if it brings value to the team and the things that we are doing, then I’ll be able to do it.