As the CISO for globally recognized brands like Coca-Cola, Royal Caribbean, and Campbell’s, many assumed I led large, robust security teams. However, the reality was quite different. My largest internal team consisted of around 50 full-time employees, with third-party collaborations pushing the total closer to 75. But in most cases, my internal teams were fewer than 30 members. This lean approach allowed us to operate with agility, focusing on maximizing efficiency and outcomes, always mindful of how we used our time and resources.
During the hiring process, I prioritized candidates who demonstrated a deep understanding of network efficiency—not just within their home systems but across the organization. I looked for individuals who avoided duplication, optimized processes, and knew how to leverage both their time and the company’s resources wisely. This expectation extended to our third-party partners as well, who had to be equally committed to efficiency and effectiveness.
Managing Storage Costs and Access Controls
At one organization, I spearheaded a major initiative to evaluate our internal and cloud-based data storage. In the wake of significant personnel changes and rising cloud storage costs, we faced several challenges. The organization had limited visibility into its data landscape, struggled with access controls, and exhibited hesitance around data deletion, fearing that something might be needed later. The problem was compounded by soaring monthly cloud storage costs, which central IT struggled to manage.
We brought in a third-party consulting firm to help define our requirements—a costly but necessary move at the time. This was before solutions like Data Security Posture Management (DSPM) were widely available. Today, DSPM provides the insights and controls needed to manage these kinds of risks much more effectively. Solutions like DSPM help organizations understand their data landscape, track sensitive data across environments, and enforce access controls without the need to rely solely on external resources. Many of the risks we encountered—uncontrolled storage growth, unclear data ownership, and access vulnerabilities—are exactly what DSPM addresses today.
Data Security Informed by Research
Now, organizations have access to research and guidance from industry leaders and solution providers, which can inform their approach to DSPM. While third-party consultation can be valuable, I believe starting with the right resources can help shape the direction before bringing in external help. There are plenty of comprehensive guides available—many of which I’ve reviewed—that provide clear direction for implementing DSPM solutions.
Evaluation Tools
One such resource is the DSPM Buyer’s Guide produced by Normalyze, which is vendor-neutral. Even though it was created by Normalyze, it incorporates the combined insights from every RFP they received over the last 12 months. This comprehensive approach makes it a highly valuable tool for any organization looking to evaluate their data security posture management needs, regardless of which vendor they ultimately choose.
In full transparency, I consult with Normalyze, ensuring their go-to-market is aligned with real-world needs of CISOs. Take a look at the Buyer’s Guide and share your feedback!
