INTRODUCTION

Meet Nico Waisman

Nico Waisman began his career as a penetration tester, having learned how to hack in Argentina’s early cyber community. Before long, he was a key player in an exceptional wave of cybersecurity talent originating from Buenos Aires. As his skills grew, Nico took on offensive security roles at global and US-based companies, becoming responsible for all Latin American client engagements at Immunity, Inc. Eventually, he moved into consulting and then operational leadership – a big leap – as the CISO at Lyft.

“Honestly, I was not looking for external support. But as soon as I started talking with Yael, I was clear: ‘This is exactly what I need.”

 

CHALLENGE / WHY YASS

Perspective needed

When he arrived at Lyft, Nico had plenty of experience working closely and well with executives. What he didn’t have was experience dealing with a board. It was up to him to educate and engage the board about Lyft’s cybersecurity profile: what their current posture was, where he intended to take it, and how he planned to get them there. With limited opportunities to get those messages across – one fifteen-minute presentation per quarter – he wanted to get it right.

One option for Nico was to consult his CISO community. And he did that, meeting with partners and friends. They were all in the same position he was: unsure. What Nico really needed was to talk to someone who had a broader perspective. Someone who had worked with boards at a variety of companies and industries. Someone who could say, “This is what the industry is currently doing, and this is where you should be.” When Nico came across Yael, he immediately knew that he had found that person.

 

THE YASS EXPERIENCE

Two roles. Countless insights

When Nico first engaged Yass Partners, his goal was to sharpen his skills in interacting with the board. One of his main concerns: Was he in line with industry expectations? Yael explained that for board communication, it’s not about following the rules (there aren’t any). Instead, it’s about finding the overlap between what’s important to you as the CISO and what the board wants and needs to know.

That understanding helped Nico focus. ​​​​From there, Yael gave him a pivotal insight: There’s more than one way to be a successful CISO. Nico was a technical CISO, with the unique perspective of having done offensive work. Put another way: Nico had been hired for the skills he already had. It was his job to communicate them – and the vision he drew from them – clearly.

Until that moment, Nico had been prioritizing compliance frameworks and industry statistics because he believed the board would want to see them. Now he pivoted to explaining risk as someone who’d been in the trenches and understood them first-hand.

In Nico’s early consultations with Yass, it became clear that to effectively implement his vision for security at Lyft, he needed support on the inside. He was already working closely with Michelle Shin, a Technical Product Manager. Yael encouraged Nico to invite Michelle to take on more responsibility for shaping his messaging. Michelle was extremely accomplished, with strong technical chops, but she had never worked in security per se. That meant she had to play catch-up – fast.

As Michelle assumed work on the board presentation, she collaborated closely with Yass. Those sessions gave her the opportunity to consult about her own role, asking Yass for help defining her job and understanding how to excel.

“A Chief of Staff is almost a team of one,” Michelle says. “And the role can be ambiguous. It was helpful to have someone who could affirm whether I was on the right track.”

As Michelle worked with Yass to tell Lyft’s security story through Nico’s unique point of view, she developed the clarity to draft an information security strategy document that’s still in play at Lyft today.

“I was surprised by how few edits were made to that document,” Michelle says. “Everyone felt that yes, this is exactly the story, these are the goals, this is the vision, and we’re on board.”

Michelle also sought counsel from Yass on how best to communicate with Nico and with the various board members. “I wanted to understand how we should tell our story to the various personalities in the room,” Michelle says. “Yael is great at summarizing the personas in a way that’s really digestible.”

 

POST-YASS / RESULTS

An impressed board, a loyal team

After the initial board presentation, the feedback couldn’t have been more positive. The board reported that it was the best and most informative presentation they had ever seen from a security team.

“I am not lying here: The board said it was the best presentation they had ever heard from a security team.”

And the board wasn’t the only entity that responded positively to Nico and Michelle’s efforts. When the pandemic hit, cost-cutting was widespread. Nico was in a constant battle to preserve budget and resources. He also had to convince the product engineers to work on the security projects that had been approved. In the end, he was able to keep his budget, team, and vision in place – a testament to the power of his improved storytelling.

 

CONCLUSION

Yass Partners is here for every CISO, at every stage

Succeeding as a CISO begins with understanding what you uniquely offer – and what has to happen to support your vision. That includes figuring out how to light up the resources around you to add the most value. You may already count on a trusted staff leader or product manager; what if you enabled them with the skills, knowledge, and resources to make your office hum? Yass can help you empower a Chief of Staff to structure and operationalize the rhythm of your office and function.

Ready to CISO like the authentic leader you are? Let’s chat.

Schedule a complimentary evaluation