I didn't want to be a CISO - Sounil Yu joins JupiterOne

By

I didn't want to become a CISO.

Over the past year, I thoroughly enjoyed my time at YL Ventures as their CISO-in-Residence, meeting brilliant entrepreneurs and brainstorming creative approaches for solving wickedly hard problems in cybersecurity. The team at YL Ventures is truly world class and I learned a lot about venture capital through the decisions that the partners made and the discipline that they showed in a red-hot market with rocketing valuations. I also had the chance to test my Cyber Defense Matrix to see if it can be used to find gaps in the market and promising investment opportunities. (It worked in finding gaps, but it'll be a few years before we see if the gaps were actually good investments.) Although the partners at YL Ventures graciously gave me the opportunity to serve longer, I felt that the CISO-in-Residence role is one that, in my humble opinion, deserves someone with fresher ideas and more recent scars from hard fought battles. And so, as I approached the end of a self-imposed one-year term, I kept an eye open for opportunities that would align well with my long-term interests...

... which didn't include becoming a CISO.

My interests did include finding more use cases for the Cyber Defense Matrix and the DIE Triad, but the longer that I stayed away from the heat of the battle, the more intense the feeling that my ideas were becoming more theoretical and less practical. Although the Cyber Defense Matrix and the DIE Triad were originally born out of practice, many of the newer use cases that I developed really only lived on PowerPoint and had not been tested in the real world. While many CISOs were excited by the possibilities when I shared these use cases with them, they simply did not have the time or engineering resources to put them into practice in their environment. My fellow practitioners needed an "Easy Button" so that they could put the use cases of the Cyber Defense Matrix and the DIE Triad into immediate practice. However, I realized that I cannot make it easy until I put the use cases fully to practice myself.

And so, I decided to become a CISO.

But not just at any company. I needed a way to turn my slideware into software. So, I wanted to join a company that had a working product flexible enough to incorporate my many use cases. I wanted to ensure that they would agree to open-source the use case implementation. I wanted to make sure that the founder shared the vision that I had. And most importantly, I wanted their product to be capable of automating the bulk of the CISO work for me so that I could spend more of my time doing what I really enjoy: discovering new use cases and exploring repeatable patterns/anti-patterns that can advance our field of practice.

I have found that company and it is JupiterOne.

Sounil Yu
Sounil Yu

Before Sounil Yu joined JupiterOne as CISO and Head of Research, he was the CISO-in-Residence for YL Ventures, where he worked closely with aspiring entrepreneurs to validate their startup ideas and develop approaches for hard problems in cybersecurity. Prior to that role, Yu served at Bank of America as their Chief Security Scientist and at Booz Allen Hamilton where he helped improve security at several Fortune 100 companies and government agencies.

To hear more from Sounil, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.

Keep Reading

What’s new in JupiterOne: Reducing time to value with the new Query Builder (Part 2)
February 6, 2023
Blog
What’s new in JupiterOne: Reducing time to value with the new Query Builder (Part 2)

The new JupiterOne Query Builder streamlines your querying experience by eliminating errors, simplifying query builds, and reducing time to value.

The top 10 questions that every engineering leader should be able to answer
February 2, 2023
Blog
The top 10 questions that every engineering leader should be able to answer

We polled some of our engineering leaders to see what it takes to succeed. In part two, we see if their answers align with the CISOs we talked to.

Identify compromised versions of Github using JupiterOne
January 31, 2023
Blog
Identify compromised versions of GitHub apps using JupiterOne

As a preventative measure, Github will be deprecating the Mac and Windows signing certificates used to sign Desktop app versions 3.0.2-3.1.2 and Atom versions 1.63.0-

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.