Secret CSO: Ryan Weeks, Datto

Secret CSO: Ryan Weeks, Datto

Name: Ryan Weeks

Organisation: Datto

Job title: CISO

Date started current role: January 2017

Location: Norwalk, CT

As Chief Information Security Officer (CISO), Ryan Weeks is responsible for directing and managing Datto's Information Security program. Weeks spent 11 years securing enterprise applications, systems and sensitive customer financial data at FactSet Research Systems, where he orchestrated all facets of the global information security program.

What was your first job? My first ever job was working on a farm in high school. I credit my work ethic and tenacity to that job. It certainly built character. After college, I was contracted to design and deploy a vulnerability scanning sensor network for a higher education institution in upstate New York. That was where I was introduced to the concept of risk management.

How did you get involved in cybersecurity? I was curious how networks and IT systems worked, where they failed, and seeing how they could be improved. I was also exposed to the concept of network intrusion detection at a young age and knew that I wanted to do something in the field of network security.

What was your education? Do you hold any certifications? What are they? I hold a B.S. in Computer Information Systems from Ithaca College, an M.S. in Information Assurance from Northeastern University and have industry security certifications including the Certified Information Systems Security Professional (CISSP) and the Certified Information Security Manager (CISM).

Explain your career path. Did you take any detours? If so, discuss. After the consulting job in upstate New York, I moved to Connecticut and started a full-time role in network engineering. That may seem like a detour, but I credit that role for giving me a solid foundation to building my career in information security (InfoSec). I worked my way into the network security team and over time grew my knowledge, experience and acumen in InfoSec.

Was there anyone who has inspired or mentored you in your career? I am self-motivated and goal oriented. I blazed my own path with hard work and dedication to continuous learning and improvement.

What do you feel is the most important aspect of your job? Growing others. The shortfall of qualified InfoSec candidates is a real problem. If I can work closely with my team and those in supporting functions to expand their potential and grow their capability then that pays dividends for the cybersecurity programme and ultimately keeping data and systems safe from intrusion.

What metrics or KPIs do you use to measure security effectiveness? I believe in a threat-informed risk-based cybersecurity programme. Most of what I focus on is finding and objectively measuring risk. I view security effectiveness as a measure of how well you are doing enumerating the full set of risk and managing that appropriately.

Is the security skills shortage affecting your organisation? What roles or skills are you finding the most difficult to fill? I have been able to build an exceptional team at Datto, but it took a long time to find the right talent (around 18-24 months). I find qualified Intrusion Analysts and Experienced Penetration Testers to be difficult roles to fill, taking on average six months to find a suitable fit. I have built relationships with universities that have cybersecurity programmes and find that building a pipeline of talent from universities through mentoring, internships, and onsite engagement has been helpful in compensating for the shortage.

Cybersecurity is constantly changing - how do you keep learning? In cybersecurity you can never stop learning. We have to stay aware of the latest trends and attacker tactics. I find podcasts, news articles, on-the-job experience, career development events, and peer groups to be a large source of continuous learning.

What conferences are on your must-attend list? I do not maintain a must-attend list. I look at what challenges I or my teams are facing and look for the best conference that will help us expand our thinking and identify solutions to that problem.

What is the best current trend in cybersecurity? The worst? I'm a fan of broad threat intel sharing within security communities and the concept of building cyber resilience. I find it disappointing that there are still companies that persist in the belief that cybersecurity incidents or breaches will not happen to them.

What's the best career advice you ever received? Managing people is ‘real' work. A friend, who knew my propensity for individual contribution, challenged me with this statement and it helped me to focus on growing those around me as much as achieving outcomes independently. It gave me perspective that created balance at a key time in my career.

What advice would you give to aspiring security leaders? Be pragmatic, iterate toward maturity, focus on real security improvement and never give up.

What has been your greatest career achievement? I enjoy building high performing teams. When you have a high performing team, the list of achievements take care of themselves.

Looking back with 20:20 hindsight, what would you have done differently? Everything I've done has led me to where I am. I would not do anything differently.

What is your favourite quote?"Change before you have to, not because you have to."

What are you reading now? Emotional Intelligence: Why It Can Matter More Than IQ by Daniel Coleman.

In my spare time, I like to… Read. I love reading.

Most people don't know that I… have a dream of becoming a surf bum and learning to surf well.

Ask me to do anything but… repeat myself.


CTO Sessions: Mathias Golombek, Exasol »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail


Do you think your smartphone is making you a workaholic?