Security Leader: Ryan Weeks, Datto

Credit: Ryan Weeks

How did you end up in your current role, and what attracted you to the industry? 

A combination of education, determination and luck over many years led me to my current role as CISO at Datto. I have always aspired to run information security programs and was able to demonstrate success and competency in this area early in my career. I accepted the position at Datto for many reasons, but mainly because I want to keep driving the message of the devastating impact that data corruption and disaster can have on an organisation. I believe strongly in the importance of business continuity and wanted to put my skills and experience to use by delivering enterprise grade security to businesses, in a way that ultimately benefits society as a whole. 

 What makes a CISO most effective, and what typically prevents them from achieving that?

An effective CISO is agile, knows their organisation’s security posture well, understands their adversaries and maintains a bird’s-eye view of the constantly evolving threat landscape. Just as a robust business continuity and recovery solution is imperative for a business, so too is a CISO who is resilient to multiple types of common failures. An effective CISO can respond to changes in their business’s ecosystem quickly. They understand the what, when and how of continuously improving their security posture – but also recognise the importance of communicating the why. There are finite resources and time to accomplish these improvements in an environment that is non-static. 

How has the increasing climate of governance and compliance changed your approach to security, and changed your engagement with board members and executives?

It hasn’t changed my approach all that much. There is nuance to new compliance regulation that needs to be understood, but at the end of the day it still calls for an understanding of what data you have, where it is, how you use it, who has access to it and providing transparency into that. These are all things that an effective security program that will protect data from varied threats. Changes in governance and compliance just creates more rigour around these practices and raises the stakes.

Is the security industry getting better at using tools like threat intelligence and collaboration policies to work together against a common threat?

Yes! I am personally working with my peers to establish an information-sharing community for more collaboration within the IT channel. Everyone understands that working together to foster intelligence sharing will help our customers – and ultimately society as a whole – combat common threats and become more resilient.