Is the security skills shortage affecting your organisation? What roles or skills are you finding the most difficult to fill? At Logicworks, we have been fortunate to have success in such a tight talent market, in part because of the innovative technology-forward nature of my current employer, independent recognition of a thriving corporate culture, strong diversity, and perhaps also because of the thought leadership our team demonstrates in the market. The Metrics Manifesto is changing my opinion on those measures. Before our efforts in Cyber Risk Quantification, I would have said simple efficacy measures like % of agent coverage for services designated as Crown Jewels, or adherence to internal SLOs for vulnerability mitigation. What metrics or KPIs do you use to measure security effectiveness? Most recently, a loss exceedance curve that features Exposure to Loss by Yearly Probability. What do you feel is the most important aspect of your job? Matching the control environment to our stated risk appetite by influencing others and aligning with key value drivers. Inspiration: I’ve been inspired by many: Malcolm Harkins, Mark Weatherford, Jeff Weeks, Rich Seiersen, Jay Leek–not to mention Gary Fish, and the late Rick Dakin. Was there anyone who has inspired or mentored you in your career? Mentor: Tony Truschel, who hired me into the helpdesk at Coalfire, has been a consistent mentor over many years. So, I joined Logicworks just over five years ago now. Our fund manager informed us that their portfolio took a hit, and they couldn’t afford to take the risk on our venture. Unfortunately, with term sheets fully negotiated, we received a call the night before we were supposed to sign. Then, in 2016, I attempted to co-found an MDR company. That led to a brief consulting engagement in the Bahamas. Five years later, I indulged in a multi-month trip to South America after completing my MBA coursework. I had several detours–namely a 15-month round-the-world trip in the middle of my tenure with FishNet. From there, I moved into an operator role to run the global security program for Crocs, and most recently I moved to NYC to build a robust cyber program at Logicworks, a leading software-driven public-cloud operations company. Eventually, I transitioned into a sales role with Optiv (formerly FishNet Security). That later led to roles in GLBA assessment and PCI audit. I was hired at Coalfire and eventually transitioned into a pen test role. Did you take any detours? If so, discuss. I never completed the course work.Įxplain your career path. I decided after a solo flight and a cross-country flight that it was too expensive and risky for my taste. For a time, I trained for a private pilot certificate. I’m also certified as a bartender, spin instructor, yoga teacher, and as a PADI Master Scuba Diver™. I’m currently pursuing NACD Directorship Certification. Along the way, I was certified many times over, including: CISSP, CCSP, AWS SA – Associate, Microsoft Certified Azure Admin Associate, C|CISO, PCI QSA, PCI PA-QSA, CISA, PMP, CIPP, EnCE, DDN QTE. Years later I got an MBA from Colorado State University. What was your education? Do you hold any certifications? What are they? I obtained a BS in computer electrical engineering with a certificate in embedded systems from the University of Colorado, Boulder. At the time I was interviewing at Chili’s for a server position, and with Coalfire as a helpdesk manager. I didn’t love writing code, so I decided to make a change. After I graduated from college, I worked for a 3D animation company building websites. ![]() How did you get involved in cybersecurity? I stumbled into cybersecurity by accident. It certainly taught me the value of money. I carried a golf bag for 4 ½ hours to earn 14 dollars. ![]() What was your first job? I was a golf caddie at Green Gables Country Club when I was 12. Sharp is also a best-selling author featured in the Forbes Executive Library. Sharp currently advises several security organisations including Coalfire, CyberGRX, NopSec, and YL Ventures, and is an Official Member of the Forbes Technology Council and former Advisory Board Member of the Ithaca College Cybersecurity Program and Cavirin Systems. He combines his business acumen and robust background in cybersecurity operations, sales, consulting, and management to harvest tangible business outcomes and promote enterprise cyber resilience. Sharp is a business-savvy cloud executive bringing stakeholders together in a commitment to cybersecurity best practices that balance mission, risk, and regulation. Matthew Sharp is the Chief Information Security Officer at Logicworks, responsible for information security governance, risk management, strategy, architecture and compliance.
0 Comments
Leave a Reply. |