Security Leadership with a Business Mindset

I'm Lenny Zeltser. I came to cybersecurity leadership through an unusual path: advanced technical work followed by product management. This progression shaped my perspective on security, enabling me to help the business succeed, rather than just protect it. I've learned to collaborate with colleagues across teams and ask the right questions to further the company's objectives.

My experience allows me to take on a variety of roles in security program and product leadership. I draw on over 25 years of in-the-field experience, a Computer Science degree from the University of Pennsylvania, and an MBA from MIT Sloan.

Building a Security Program

As CISO at Axonius, I built and led the security and IT program through multiple growth stages, from winning the RSA Innovation Sandbox through recognition on Forbes Cloud 100 and Deloitte Technology Fast 500. I initially joined as VP of Product before creating the CISO role. That gave me a strong vantage point: I understood the business before taking responsibility for protecting it.

That experience shaped my approach to security leadership:

• Build lasting trust in the security of the company's products.
• Enable the business to grow while managing risks.
• Find ways to say "yes" to business initiatives while managing risk.
• Know when to apply pressure on security priorities and when to pull back.
• Calibrate acceptable insecurity to enable business velocity.
• Adopt new technologies, including AI, practically and responsibly.
• Minimize the attack surface to strengthen defense and lower costs.

Creating Security Products

Before leading security programs, I built cybersecurity products and services in roles that taught me to think like a business owner. I led product management at an endpoint security startup that was acquired by Rapid7. At NCR, I developed a managed security service for businesses that didn't think they could afford protection. Earlier, at a company that's now a part of Lumen, I led security consulting during the early days of cloud computing, helping organizations navigate unfamiliar risks.

I created REMnux, the go-to toolkit for malware analysts worldwide. I'm also a Faculty Fellow at SANS Institute, where I created the malware analysis course that has shaped the field. (You can read more about these and other projects.)

Learn More and Connect

Want to know how I got here? You can watch me reflect on my career journey in these short videos. Perhaps you'll glean insights that'll help you chart your own path in cybersecurity.

You can learn about my perspectives by reading my blog. If you want to wander around, click here to read a random article.

To connect, find me on LinkedIn, X, BlueSky, and Mastodon. You can also send me an email at my first name at my last name dot com.