A Coffee Chat with Richard Seiersen, CRTO at Qualys

Published:

Richard Seiersen: Navigating Cyber Risk at Qualys

In the ever-evolving landscape of cybersecurity, the role of a Chief Risk Technology Officer (CRTO) has become increasingly vital. Richard Seiersen, who currently holds this position at Qualys, brings a wealth of experience from various sectors, including cyber insurance and cloud communications. His journey through the cybersecurity realm is not just a career path; it’s a mission to enhance the way organizations measure and manage cyber risk.

A Diverse Background in Cybersecurity

Before stepping into his role at Qualys, Seiersen served as the Chief Risk Officer at Resilience, a cyber insurance firm. His involvement with Resilience continues as he remains an advisor, contributing to strategic discussions and initiatives. Seiersen’s expertise is further underscored by his co-authorship of the influential book, How to Measure Anything in Cybersecurity Risk. This work has gained recognition in the industry, even becoming required reading for the Society of Actuaries exam prep for several years.

His previous roles as Chief Information Security Officer (CISO) at Twilio and GE Healthcare provided him with a robust foundation in managing security at scale. Additionally, Seiersen co-founded Soluble, a cloud security firm that was sold to Lacework in 2021. This entrepreneurial experience has equipped him with a unique perspective on the challenges and opportunities within the cybersecurity landscape.

The Vision at Qualys

Having joined Qualys nearly a year ago, Seiersen has embraced the company’s vision for cybersecurity management. He recalls a conversation with Sumedh Thakar, the CEO of Qualys, where they discussed the compelling vision for the future of cybersecurity. This dialogue ignited Seiersen’s interest, leading him to contribute to Qualys’ mission of helping organizations measure and secure their cyber risk effectively.

At Qualys, Seiersen’s role as a global explainer involves simplifying complex cybersecurity issues and driving strategic initiatives. His focus on empirical data and measurable outcomes aligns with his belief that the cybersecurity field can benefit from adopting methodologies similar to those in STEM disciplines.

The Importance of Data for CISOs

Seiersen emphasizes the transformative power of data in the hands of Chief Information Security Officers (CISOs). He advocates for a shift towards measurable and empirical methods to enhance decision-making processes. “By embracing empirical data, we can enhance our ability to make impactful, consistent changes,” he explains.

His collaboration with the Qualys team aims to assist businesses in measuring critical aspects of their cybersecurity posture. This includes applying relevant controls and effectively transferring remaining risks. A notable partnership with Mulberri, a cyber insurance company, exemplifies this effort. Together, they are integrating risk scores generated by Qualys’ enterprise risk management platform into underwriting processes, enabling companies to secure insurance policies at reasonable premiums.

Launching the Risk Operations Centre

At the recent Qualys Security Conference in San Diego, Seiersen discussed the launch of the company’s Risk Operations Centre (ROC). This innovative solution addresses a common challenge faced by organizations: the overwhelming number of security tools and the data they generate. On average, companies utilize around 70 different security solutions, each with its own scoring system for assessing risk. This fragmentation complicates decision-making and risk assessment.

The ROC aggregates and normalizes data across these tools, providing a unified risk assessment that aids CISOs in making informed decisions. Seiersen believes this approach will encourage CISOs to rethink their strategies, focusing on understanding the market and aligning security operations with broader business goals.

Addressing Current Challenges in Cybersecurity

Seiersen identifies several pressing discussions among CISOs today, particularly concerning artificial intelligence (AI) and cloud-native security. As organizations increasingly invest in AI, boards are asking CISOs about protective measures against AI-related risks. The challenge lies in securing AI-driven processes while ensuring scalability and value delivery.

Cloud-native security remains another significant concern, especially with ephemeral assets like container images. Security professionals must navigate the complexities of managing and securing dynamic environments, which often resemble fleeting events rather than stable components.

Collaboration between security teams and developers is crucial in this context. Seiersen stresses the importance of reducing unnecessary burdens on developers, allowing them to focus on creating value rather than getting bogged down by security concerns.

The Financial Landscape of Cybersecurity

As organizations face tightening budgets, Seiersen highlights the need for capital efficiency in cybersecurity. CISOs must prioritize resources toward the most critical risks, optimizing efforts to create value with limited resources. This strategic alignment is essential for navigating the financial pressures that many organizations encounter.

A Personal Touch

Beyond his professional endeavors, Seiersen shares a glimpse into his personal life. He enjoys his coffee black, brewed in a traditional Moka pot, which he humorously refers to as “pilot’s coffee.” When traveling, particularly in the UK, he finds relaxation in sharing a pint with friends, a simple pleasure that helps him unwind from the demands of his role.

Conclusion

Richard Seiersen’s journey through the cybersecurity landscape is marked by a commitment to improving how organizations measure and manage cyber risk. His diverse background, coupled with his current role at Qualys, positions him as a key player in shaping the future of cybersecurity. As the industry continues to evolve, Seiersen’s insights and initiatives will undoubtedly play a crucial role in helping organizations navigate the complexities of cyber risk in an increasingly digital world.

Related articles

Recent articles