Secret CSO: Carlos Batista, BetterCloud

Secret CSO: Carlos Batista, BetterCloud

Name: Carlos Batista

Organisation: BetterCloud

Job title: CISO

Date started current role: March 2019

Location: Atlanta, GA

A 20-year veteran in the information security space, Carlos Batista oversees all aspects of security and information technology (IT) for BetterCloud including, strategy and program management, product security, risk & compliance, user application & infrastructure support, and physical security. Batista joined BetterCloud from SunTrust Bank, where he served in numerous cybersecurity leadership roles, most recently as SVP, Secure Design & Engineering.

What was your first job? My first job was bagging groceries at the age of 12 for a summer. I worked in a supermarket owned by my uncle in the Bronx, NYC. I would bag groceries and walk the shopping cart back to the customers' apartments. I worked on tips only, but it taught me the importance of managing what few bucks I made at an early age.

How did you get involved in cybersecurity? My first true foray into cyber was when I was promoted to Network Services Manager at Alston & Bird, LLP, a prominent international law firm. There, I was responsible for network infrastructure, servers, databases, and security — which at the time included little more than a firewall, anti-virus software, and some e-mail security services. Things have changed quite a bit there since then, and in the security space overall.

What was your education? Do you hold any certifications? What are they? I have a B.S. in Criminal Justice from Georgia State University. I originally wanted to be a federal agent but decided law enforcement really wasn't for me. Interestingly, I've come full circle in a way, as I've had the opportunity to work with numerous law enforcement and government agencies over the course of my career. I hold several certifications, including the CISSP, CSSLP, and CISM.

Explain your career path. Did you take any detours? If so, discuss. I've taken a couple! When I left Alston & Bird in 2008, I was the firm's head of information security, but became really interested in the cyber challenges that financial services firms faced. So, I left Alston & Bird for SunTrust to take a role as an individual contributor and ended my stint there as a Senior Vice President. I later left SunTrust to take a year-long sabbatical where I took some much-needed time to do many of the things I've always wanted to do — to rest and reflect on how I wanted to spend the rest of my career.  I took that time to go back to France for a bit. I also travelled abroad, did lots of reading and, sometimes, enjoyed doing absolutely nothing. Eventually, I became eager to get back into the game, which is how I landed at BetterCloud.

Was there anyone who has inspired or mentored you in your career? I've been lucky enough to have a number of people who inspired and mentored me throughout my career.  The most prominent include Jeff Allaman, who was my boss at Alston & Bird. He showed me the value of emotional intelligence and compassionate leadership. Another leader who I learned a lot from was Anna Brackin at SunTrust. Her consistent, thoughtful and genuine feedback, which I carry with me to this day, made me a better leader.

What do you feel is the most important aspect of your job? My number one job at BetterCloud is ensuring that cyber continues to enjoy business-wide visibility as both an enterprise risk and business enabler, so that initiatives which protect our customers, our product, or our business receive adequate buy-in / support from the start.

What metrics or KPIs do you feel are most important to measure security effectiveness? Two measures any organisation should rely on to determine security effectiveness include: 1) how long it takes you to identify, contain and remediate a threat in the environment, or what many in the industry are ultimately referring to as "dwell time", and 2) your ability to quickly address vulnerabilities — either in your infrastructure or your product(s) — over time, once identified.

Is the security skills shortage affecting your organisation? What roles or skills are you finding the most difficult to fill? Probably the hardest skillset to find in the industry right now are talented software security engineers and architects who are familiar with embedding security into cloud-native DevOps and CI/CD pipelines. Top talent in this space can largely write their own ticket.  

Cybersecurity is constantly changing - how do you keep learning? You have to keep learning in our profession or risk career stagnation, or worse, a data breach. In addition to keeping up with many security sites such as Dark Reading or CSO Magazine, one of my best sources of "open source" intelligence is my own network on LinkedIn. I learn so much from what my peers and others post, like, and share on that platform. It makes it easier for me to stay connected with current cyber security events and trends.

What conferences are on your must-attend list? Everyone seems to have a love / hate relationship with RSA, and I'm no exception, but it's tough to find another venue that brings together so many top security leaders under one roof for a single event. There are other vendor-specific, or topic-specific conferences that can be very valuable as well.

What is the best current trend in cybersecurity? The worst? I think the best current cyber trend right now is the industry has finally embraced cloud (IaaS, PaaS, and SaaS) as a way of doing business. It's the realisation that it may actually be more secure than performing those services "on-premises". The worst trend I see right now is how so many vendors are touting how "AI and Machine Learning" will solve all of our problems.  

What's the best career advice you ever received? A woman whose company I used to temp for, who later spoke at the commencement for my college graduation, said in that speech, "If your boss is a fool, move on."  It always resonated with me that sometimes you can't change things, and sometimes the best thing to do indeed is to move on.

What advice would you give to aspiring security leaders? Make the effort to refine your communication and presentation skills. Your effectiveness as a leader depends so much on your ability to convey and challenge ideas, with both clarity and confidence.

What has been your greatest career achievement? Being able to take a year off, then get back in the game and feel like I never missed a beat.

Looking back with 20:20 hindsight, what would you have done differently? I would've learned to code earlier in my career. Security, along with almost everything else, has become software-defined, and the ability to design, build, and maintain security services through code are vital skills for both security professionals and leaders alike.  

What is your favourite quote?"It's not the tool, it's the fool."

What are you reading now? "The Mote in God's Eye" by Larry Nevin & Jerry Pournelle. I love good science-fiction every now and then, and this is considered one of the genre's all-time best. I'm almost done, and it's absolutely fascinating. The last non-fiction book I read was "A Higher Loyalty" by James Comey. Politics aside, this book is an insightful read that illustrates the importance of having a moral compass in decision making which affects others, regardless of whether that decision was the right one or not.

In my spare time, I like to… play tennis two or three times a week, and love it! It's a great way to get my competitive juices flowing. It's also a fantastic workout.

Most people don't know that I… like to draw! I used to draw comic books as a kid. I got back into it during my sabbatical, only now I combine drawing on paper with digital software. I have actually sold some work...something I never did as a kid.

Ask me to do anything but… root for the Red Sox. I prefer to watch my Yankees play instead!


« CIO Spotlight: Elizabeth Hackenson, Schneider Electric


CTO Sessions: Robert Neave, Nlyte Software »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail


Do you think your smartphone is making you a workaholic?