Secret CSO: Todd Dekkinga, Zluri

What advice would you give to aspiring security leaders? “Learn as much as you can, get a mentor, network with other security folks.”

Headshot of Todd Dekkinga, CISO at Zluri

Name: Todd Dekkinga

Organisation: Zluri

Job title: CISO

Date started current role: October 2022

Location: Silicon Valley

Todd Dekkinga has been in IT/Security for 25+ years and has had hands-on roles in designing, developing, and deploying enterprise architectures from the ground up for companies such as Airgap Networks, Armis, Genomic Health, Crescendo Bioscience, and Versartis, fully modernising their IT departments while working within aggressive and high-growth environments.

What was your first job? Insight Enterprises in 1995 – selling computers and accessories via catalogue sales

How did you get involved in cybersecurity? I worked at several organisations in the biotech/pharmaceutical industry as head of IT, and security was always part of my job.

What was your education? Do you hold any certifications? What are they? I have a business degree from Western Michigan University. I have my MCSE (Microsoft’s Core Infrastructure certification) and a variety of others.

Explain your career path. Did you take any detours? If so, discuss. I started out in help desk, then moved up to system administrator, then IT manager, Director, VP, etc. so it has been a steady and linear career path. The bulk of my career has been in biotech, but most recently working for software companies.

Was there anyone who has inspired or mentored you in your career? Yes, shout out to Jeff Richards of CIO Professional Services for getting me out of my shell and encouraging me to start networking and asking for promotions.

What do you feel is the most important aspect of your job? Convincing security and IT leaders to get out of the “this is how we have always done it” mentality and be open to new and innovative solutions that will make them look good to their management team. IT and Security are no longer a back-office function and should be leading product/company innovation and contributing to revenue.

What metrics or KPIs do you use to measure security effectiveness? I use risk posture management tools such as Scrut Automation to keep track of and fix any inconsistencies in our infrastructure. The reporting easily keeps track of the team’s progress on known issues.

Is the security skills shortage affecting your organisation? What roles or skills are you finding the most difficult to fill? It is not affecting my organisation currently, but the industry in general has many security positions to fill. It is really across the board from CISOs to cloud security engineers to SOC analysts.

Cybersecurity is constantly changing – how do you keep learning? CISO communities, events and Slack channels. We learn from each other’s experiences, which are shared within our communities.

What conferences are on your must-attend list? C-Vision, HMG, Evanta, Blackhat, AWS Reinvent

What is the best current trend in cybersecurity? The worst? The best trend is that cybersecurity is getting a lot of attention, the worst trend is that most companies are not doing enough to address cybersecurity. An example is the daily news on new ransomware attacks and all the companies which are affected. This is all preventable if you follow the leading security frameworks and implement proper segmentation in your network.

What's the best career advice you ever received? Keep track of all your accomplishments, even the small ones, and ask for promotions. You don’t get what you don’t ask for.

What advice would you give to aspiring security leaders? Learn as much as you can, get a mentor, network with other security folks.

What has been your greatest career achievement? Progressing my career to upper management

Looking back with 20:20 hindsight, what would you have done differently? There are a lot of things I would have done differently; however I am happy with the path I’ve taken and where I am today.

What is your favourite quote? “Before you marry a person, you should first make them use a computer with slow Internet to see who they really are.” —Will Ferrell

What are you reading now? Truth from the Valley: A Practical Primer on IT Management for the Next Decade by the legendary Mark Settle.

In my spare time, I like to… Play golf.

Most people don't know that I… Am from Grand Rapids, Michigan.

Ask me to do anything but… Write SOPs.