Out with the Fortune 500s, government agencies, and multinational conglomerates, in with the startups.
Over the course of Michael Levin’s more than 20-year stint in the IT and cybersecurity industry, he has held leadership positions at all types of large companies, from the US Department of Health and Human Services to health insurance company UnitedHealth Group. However, earlier this year, Levin switched gears and started a new chapter in his professional career: serving as the CISO of Arizona-based healthtech startup Solera Health.
Levin, who has been CISO at Solera since September, told IT Brew that he has been enjoying the change of pace and helping the startup “drive and identify risks.” His advice to security professionals contemplating a startup organization as their next career move? Start it up.
“You can always go back to a larger organization, but these opportunities rarely present themselves for the smaller ones,” Levin said.
IT Brew caught up with Levin to discuss what life as a CISO outside of Fortune 500s looks like.
The conversation below has been edited for length and clarity.
What’s the difference between being a CISO at a startup as opposed to an enterprise business?
Speed. That is the biggest change. The second biggest change is resources. When you’re a large class organization, you get large, colossal budgets and a different caliber of salesperson and tools coming to you. In a startup, everything has to be strategic and it’s a zero-sum game, so if you do A, you can’t do B. There’s also very little margin for error. There’s no safety net. At large corporations, there’s always a safety net because there’s always more resources if necessary.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
The other benefit is it’s a lot more nimble. There’s no secret vetoes. There’s no person in some department that you never heard of that will come up and raise an issue and suddenly throw a wrench into your work and basically cause a three-month delay. None of that happens here.
For a person who is stepping into the CISO role for their first time, would you recommend startups as their entry point?
I think the large organization helps you actually understand and build a core expertise in one functional area. Then you can move over into a small organization and basically become a generalist. I think it’s much harder to be a generalist and focus down because if you go the startup route and you’re successful and transition to a larger organization, you know a little bit about a lot of stuff versus a lot about one or two things.
What is the most important thing a security professional should ask themselves to determine if the move to a startup may be one that’s a good fit for them?
Comfort with ambiguity. The ability to juggle. Every job has some juggling, but like I said, there’s generally a safety net at other jobs where if you drop one of the balls, somebody else will catch it. Here, if you drop one of the balls, it sits on the floor until you pick it up.