In this insightful episode of The New CISO, host Steve Moore sits down with Sanju Misra, Chief Information Security Officer (CISO) at Alnylam Pharmaceuticals, to explore the pivotal moments that have shaped her impressive career in cybersecurity leadership. Sanju shares her strategies for navigating career transitions, the importance of aligning with a company’s mission, and how to identify the right time to move on from a role.

Listeners will gain valuable insights into:

• How Sanju built her career by embracing challenging projects and maintaining authentic professional relationships.
• The decision-making processes behind her moves from GE to Praxair, and eventually to Alnylam Pharmaceuticals.
• The evolution of her leadership style from a technical expert to a business risk executive.
• Why aligning with a company’s culture and mission is crucial for long-term success.
• Tips for aspiring CISOs on taking initiative, growing their networks, and articulating risk in business terms.

Sanju’s reflections on imposter syndrome, professional growth, and the rewards of working in a patient-focused organization offer both inspiration and practical advice for leaders at every stage of their careers. Tune in to hear her story and discover actionable strategies for thriving as a modern CISO.

0:00 - Introduction and Show Overview

1:10 - Sanju Misra’s Career Path: From GE to Praxair

4:00 - Building Security Programs and Leadership Growth

6:30 - Navigating Mergers and the Role of Culture

10:00 - Transitioning from Technologist to Business Risk Leader

15:50 - Career Advice for Aspiring CISOs

22:00 - Key Takeaways: Communication and Leadership Evolution

Links: LinkedIn

In this episode of The New CISO, host Steve Moore is joined by Sanju Misra, CISO and IT Risk Leader at Alnylam Pharmaceuticals. Sanju shares her journey from a college side hustle on a typewriter to becoming a security leader in the pharmaceutical industry. Along the way, she reflects on the importance of taking risks, embracing roles outside of your comfort zone, and the power of transferable skills.

Listen to Steve and Sanju discuss career transitions, building diverse teams, and why not checking every box on a job description might be the best career move:

00:00 - Meet Sanju

06:15 - The Start of a Tech Journey

18:30 - Taking the Leap

27:00 - Advice for Job Seekers

39:45 - Hiring from Within

51:15 - Networking and Career Growth

Links: LinkedIn

In this episode of The New CISO, host Steve Moore welcomes Ryan Shaw, Director of Information Security at Bond Brand Loyalty. Ryan shares his unique journey from working in kitchens and warehousing to becoming a leader in cybersecurity. He reflects on the importance of career change, battling imposter syndrome, and the challenges candidates face in a tough job market where companies often hunt for "unicorn" candidates.

Listen to Steve and Ryan discuss the transition into IT security, why hiring practices need to evolve, and the importance of mentorship for both personal and professional growth:

00:00 - Ryan Shaw’s Journey: From Warehousing to InfoSec Leadership

03:00 - Career Pivot: Entering Technology

06:00 - Overcoming Imposter Syndrome in IT

09:00 - The Importance of Mentorship and Support

13:00 - Navigating the Challenges of Job Hunting

17:00 - Advice for Better Hiring Practices in Security

20:00 - Building Visibility and Breaking Into InfoSec

24:00 - What It Means to Be a Security Leader

Links: LinkedIn

Summary:

In this episode of The New CISO, host Steve Moore speaks with Nicola Sotira, Head of CERT at Poste Italiane, about his journey from technical expert to business leader, all while following his dreams. Nicola shares the importance of mentorship, the value of building strong teams, and how he applied a Viking mentality to overcome challenges in his career. Listen in as Nicola reflects on leaving a prestigious role in Italy to embrace new opportunities abroad and what aspiring leaders can learn from his story. Whether you're thinking about making a career change or simply looking for advice on leadership, Nicola’s insights will inspire you to take action and move toward your dreams.

Listen to Steve and Nicola discuss:

00:00 -Nicola Sotira's Career Journey and Mentorship

03:37 - Balancing Business and Technical Roles

06:40 - Adapting to Technological Disruption

08:47 - Taking Risks: Moving to Sweden at Age 40

15:12 - Leadership Lessons from Peter: The Viking Mentality

18:17 - Hiring and Building a Strong IT Security Team

23:23 - Making Work Fun and Following Your Passion

28:52 - Advice for Aspiring CISOs: Follow Your Dreams

Links: LinkedIn

Episode Summary: In this episode of The New CISO, host Steve Moore is joined by Nicola Sotira, head of CERT at Poste Italiane. Nicola shares his journey from working on cryptographic devices in the pre-internet era to leading security teams today. His early work with assembly language, hardware security, and cryptanalysis offered unique challenges, but it also taught him the value of persistence, creativity, and mentorship. Steve and Nicola discuss the evolving role of hardware in cybersecurity and the importance of securing the supply chain. Listen in to hear about the lessons Nicola learned from breaking hardware before it was sold and how they continue to inform his approach to security today.

Listen to Steve and Nicola discuss the importance of hardware security, debugging code, and supply chain risks:

00:00 - Nicola Sotira: Career in Cryptography

04:46 - The Realities of Debugging Without Modern Tools

07:58 - Key Lessons from Early Hardware Security Work

12:43 - The Importance of Hardware in Cybersecurity

16:26 - Supply Chain Security Risks and Real-World Examples

23:00 - Criminal Collaboration and Emerging Cyber Threats

Links: LinkedIn

In this episode of The New CISO, host Steve Moore sits down with Larry Pfeifer, CEO and President of Metrics That Matter, for a deep dive into the evolving role of the CISO and the increasing importance of cybersecurity insurance. Larry offers valuable insights drawn from his unconventional career in cybersecurity, sharing advice for CISOs and entrepreneurs alike. From the need for CISOs to shift from awareness providers to business decision-makers, to the surprising connection between cybersecurity and insurance, this episode is packed with thought-provoking discussions.

Listen to Steve and Larry explore the intersection of risk, metrics, and cybersecurity decision-making, and how customer service strategies from the Ritz-Carlton are being applied to improve client relations in cybersecurity.

00:00 - Introduction: Board Level Metrics in Cybersecurity

01:02 - Larry Pfeifer's Journey in Cybersecurity

01:56 - Cybersecurity’s Future: Insurance and Risk

03:56 - The Challenges of Cybersecurity Insurance

08:04 - Key Lessons for CISOs and Risk Management

12:00 - Client Management Post-Breach

17:30 - Optimizing Cybersecurity Investments

21:05 - Entrepreneurship: Realities and Advice

Links:

• Larry Pfeifer on LinkedIn

In this episode of The New CISO, host Steve is joined by Larry Pfeifer, CEO and President of Metrics That Matter. Although Larry is not a CISO, he has worked in many adjacent fields, including the US military, university IT research, sales engineering, and more. As a result of his vast experience, Larry has a unique lens on cybersecurity. Listen to the episode to learn more about Larry’s fascinating career journey, what salespeople and IT professionals have in common, and why he decided to start his own business.

Listen to Steve and Larry discuss what makes working in IT at a university invaluable and when to talk about the vendor selection process:

Meet Larry (1:39)

As a CEO and entrepreneur, Larry does many different things in his daily life. His professional origins started in his high school Apple IIe classes, and later, he worked with new computer technology in the military. 

Overall, Larry compares his career journey to Forest Gump, acknowledging the exciting and extensive path he’s taken.

After Service (6:39)

Larry details his next moves after completing his military service. He helped run an educational network at a university, which led to him being interviewed on Leonard Nimoy’s technology show.

Although there was no position like “CISO” at the time, Larry also led a checkpoint on Salaraboxes, among other cyber-related projects.

Sound Advice (11:30)

Steve presses Larry on whether it is worthwhile for students to work in education networks at a university. Larry believes that if you have the opportunity, you should take advantage of it. After all, it’s high-paying, flexible, and allows you to do real, hands-on work.

Becoming an Entrepreneur (15:04)

Larry shares how he broke into sales engineering and started working for the Philadelphia Stock Exchange, among other places. He went from a career in IT research to sales engineering to becoming a salesman, adding another layer to his professional skills. 

He also stresses the importance of discussing vendors and helping his peers determine what they like about their services, what they don’t like, and their costs. This interest led him to become the CEO of his own information-sharing business.

Building a Brand (26:27)

Reflecting on the beginning of his entrepreneurial journey, Larry shares how he worked with potential clients and narrowed in on his focus.

Now, Larry is the CEO of a business that serves as a cyber-security platform. To do this job well, he understands the industry thoroughly.

The Right Metrics (33:32)

Through Metrics That Matters, Larry aims to simplify the cyber-security process by providing information that reports on a business’s weak points and what they could do better.

Larry’s company fills in the technology gaps of CISOs, though he also knows there is no silver bullet to perfect cyber security. You must understand your environment and what your environment needs to secure your business properly.

Links:

LinkedIn

In this episode of The New CISO, Steve is again joined by guest Grant Lockwood, Comedian, DJ, and the Chief Information Security Officer at Virtus Health. Today, Grant returns to explain how his approach to effective communication has evolved since becoming a security leader. Listen to the episode to learn the difference between safety and security, how stand-up comedy gave Grant an efficient framework for his CISO role, and the importance of having balance outside of work through hobbies.

Listen to Steve and Grant discuss how to maintain confidence in work and life and how to optimize your message to make the best first impression: 

Comedy and Cyber Security (1:34)

Steve asks Grant why stand-up comedy has made him a better CISO. To Grant, stand-up helped him learn how to operate in a degraded state, which he finds comparable to dealing with cyber programs.

Like when a joke bombs, sometimes the most protected security programs can get hacked. Grant shares why these two mediums are similar and how both have given him the confidence to succeed in challenging situations.

Comfort and Confidence (4:12)

Grant shares how he determines his stand-up set lists and how to use that to get the audience on his side. He finds these lessons to also help in the workplace and understands the confidence that this framework provides.

Studying Delivery (6:45)

Grant reflects on the resources he’s utilized to become a better comedian, including listening to comedy podcasts. Ultimately, Grant expresses the importance of being economical with words—whether at work or on stage—to become an effective communicator.

Good Advice (9:22)

Steve presses Grant on what advice he would give his younger self, especially reflecting on his journey from an admin role to where he is now. Grant advises listeners to stay curious and teachable since there is much to learn.

He also reveals why people should be well-rounded, T-shaped individuals and how hobbies can provide transferable skills.

Getting There (12:31)

Reflecting on his career, Grant explains what he meant when he said, “The thing that got you there isn’t what will keep you there.” He clarifies how his measures of success have changed as he’s learned more about how running a business works.

Learning From Community (27:12)

As both a comedian and a CISO, Grant explores how the security community could learn from the stand-up comedy community. Both communities are very supportive, but comedy is entirely audience-dependent. 

Therefore, comedy can teach security professionals to have better communication by “knowing your audience.”

The New CISO (19:09)

To Grant, being a new CISO means being adaptable, learning both the business and security side, and improving those around you.

Links mentioned:

LinkedIn

Comedy Podcasts/Resources:

Dissecting the Frog

The Comedian’s Comedian Podcast

In this episode of The New CISO, Steve is joined by guest Grant Lockwood, Chief Information Security Officer at Virtus Health.

After starting his career in an administrative position, Grant found himself getting bored. After being urged by his wife, Grant turned things around and is now a DJ, comedian, and, of course, a successful CISO. Listen to the episode to learn more about Grant’s impressive career journey, how to make your content compelling, and the transferable skills from performing comedy.

Listen to Steve and Grant discuss how hobbies can make you a better security leader and the importance of adapting to your surroundings:

Meet Grant (1:33)

Before becoming a CISO, Grant was a health sector chief information officer for a health department. Although his current role is very different, he can see the similarities between the two positions.

Before these two roles, Grant had spent years in an administrative position. Not sure what he wanted to do, his wife encouraged him to take up some hobbies, leading him to become a more well-rounded security professional.

Being a DJ (7:18)

Grant explains what people don’t know about being a DJ. He understands that what makes him a strong DJ is that he’s good at computers, demonstrating the similarities between cyber security and music.

Besides being a stress relief, Grant feels that being a DJ helps him with timing and being present, which he applies to his CISO role.

The Funny CISO (11:40)

Becoming a stand-up comedian has proven to be a transferable skill set for Grant. He reflects on how comedy helped him with his presentation skills and the ability to compel an audience. 

Truth to Power (18:55)

Steve presses Grant on whether doing comedy has improved his ability to deliver truth to power. Grant understands how stand-up has expanded this skill set because he learned to hold others’ attention.

Grant also shares his feelings on the “lizard brain” and how this influences how we interact with others. Comedy taps into people’s lizard brains because it's an involuntary reaction that can bond us.

Being Adaptable (23:18)

Grant explains how stand-up forces you to adapt to your environment and use it to your advantage. This mentality also applies to presentations because you can shift gears based on your audience’s reaction.

When you can adjust your performance to the mood of others, you can hold their attention long enough to communicate your ideas effectively.

A Better Training (27:12)

If Grant could advise a security training leader, he would suggest they ask themselves, “Would this be entertaining to my mom?” Teaching potential CISOs how to make their work captivating to a wider net will make them better security leaders overall.

Links mentioned:

LinkedIn

In this episode of The New CISO, host Steve is joined by returning guest Sándor Incze, CISO at CM.com.

In part two of his interview, Sándor shares his strategies for boosting team productivity. As a long-time security leader, Sándor understands how to get the best out of his team. Listen to the episode to learn more about the difference between nervousness and excitement, the benefits of his CM model, and how running a cyber security staff is like soccer.

Listen to Steve and Sándor discuss how software development is like an F1 race and how to make a candidate confident during an interview:

In the Interview (1:33)

Sándor and Steve discuss high-stakes, stressful job interviews and how they can make candidates nervous. Although some security professionals are proud to make someone fumble during the interview process, Sándor and Steve share how to bring out the best version of someone to see if they are the right fit.

CM Squared (8:56)

Sándor shares the CM (or CM Squared) Model, a document he uses when auditing different companies' security systems to find their faults. With this model, Sándor can simplify technologies for business leaders and enhance their protections.

Like an F1 Race (15:30)

Like F1 racing, Sándor believes software development is a team effort. To help emphasize this metaphor, Sándor explains how different members of security teams mirror the roles of a racing crew.

Team Strategies (19:49)

When Sándor evaluates his role as a leader, he thinks of his staff as a soccer team. His team needs to score “goals,” and as their “coach,” it is his job to guide them.

He also shares his motto, “Do something you like, do something you’re good at, and contribute.”

The New CISO (27:12)

To Sándor, being a new CISO means “keep it simple.” 

Making things too complicated does not stop cyber crimes. However, learning to talk to each other does.

Links:

LinkedIn