From the top

CSO Spotlight: Justin Berman, Zenefits

Being wrong is good, embrace it, learn from it and grow from it, advises Berman. Being an effective security leader is about recognizing that "your job is to get the best answer, not to have it."

justin berman zenefits

Justin is the CISO at Zenefits, where he leads all security and IT efforts. He brings more than a decade of security and technology experience from high-profile organizations. Previously, Justin served as Vice President of Information Security of Flatiron Health. Prior to that he led security architecture at Bridgewater Associates and served as a Principal Security Consultant at Aspect Security. Here he shares his thoughts on some of the worst trends in cybersecurity and his advice for future security leaders.

What was your first job? A long time ago, I was a cashier at Target. My first technical job was in engineering at an email server company, but my first security job was as a consultant for a bespoke application security consultancy called Aspect Security. It was an awesome place to transition from thinking predominantly about software engineering challenges to security challenges and gave me a huge opportunity to grow.

How did you get involved in cybersecurity? It was more about luck than anything else. I was fascinated in college, but I had no idea how to break in then. I was lucky to make friends with someone at the consultancy when I was at OSCon a long time ago.

Tell us about your career path. My career path was remarkably straightforward from my perspective. I've always been aggressive about getting feedback and growing, so I shot up at my consultancy and built out a number of different businesses within it. I went in-house because I felt that the work I was doing at a consultancy was not having the impact I wanted. I ended leading a team quickly due to circumstance, and my boss didn't want to manage anymore, so I got a battlefield promotion. From there, I got to lead security from such an early point at Flatiron Health. I was the 60th employee and had leadership that really cared about security. Taking the CISO role at Zenefits was a natural next step for me as I wanted to continue to work with companies whose mission resonates with me, and that really understand that information security impacts their business and their customers.

Was there anyone who has inspired or mentored you in your career? I have had so many really amazing mentors in my career at different stages and phases. It took me a long time to develop toward having more of a community of people outside the company I was at to rely on though. Jeff Williams was my early on mentor at Aspect. He was always measured, thoughtful and cared about his people. Paul Wood was my CISO at Bridgewater Associates and he taught me a lot about what it means to really be practical in making risk decisions. Going to a startup after that and leading security, my mentors started to move outside the company, though I want to give Gil Shklarski (the CTO at Flatiron Health) a shout out for really teaching me what it looks like to care AND hold people accountable. My mentors now are my peers and people I respect immensely, people like Geoff Belknap, Adam Ely, Mike Johnson and a host of other people who give freely of their advice and time.

What do you feel is the most important aspect of your job? The fast, trite answer here is "hiring." There is nothing as important to me as building a truly amazing team of really high-quality people. The real complex answer is balance. I have to balance my time between guiding the tactical and driving the strategy. I have to balance risk practically. I have to balance security for defense vs. how it can facilitate revenue generation. That balancing act is a constant for me.

To continue reading this article register now

Microsoft's very bad year for security: A timeline