Embracing Change and Growth in Cybersecurity Leadership: Insights from a CISO - Exabeam

Embracing Change and Growth in Cybersecurity Leadership: Insights from a CISO

June 02, 2023


Reading time
6 mins

The CISO role is challenging, but it’s also one of the most important positions in organizations today. CISOs must be prepared to embrace challenges, learn from experiences, and continuously grow. In episode 81 of The New CISO, Steve Moore interviewed Sandy Dunn, Lead Consultant and Founder at Quark IQ and CISO at Shadowscape, with more than 25 years of experience in the field. In this insightful conversation, Sandy shares her journey, the lessons she’s learned, and the importance of passion, curiosity, and resilience in the world of cybersecurity. This blog post highlights key moments from the interview, where Sandy discusses her career trajectory, the value of networking, her experience with a startup, and her thoughts on the evolving role of a CISO.

In this article:

Sandy’s career path and passion for cybersecurity

Sandy Dunn began her career journey as a software developer at Hewlett-Packard (HP). Reflecting on those early days, she says, “I started working on cybersecurity way back when I was at HP in the ’90s and working on firewalls and VPNs.” Over time, she transitioned into the healthcare sector, where she became a CISO at Blue Cross Blue Shield. According to Sandy, joining the “Blues” organization was a fantastic opportunity: “I had a great team. And the other thing about being part of the Blues system is you really have a whole group of other CISOs and people that are there to help you.”

The rewards and risks of joining a cybersecurity startup

In her career journey, Sandy took a leap of faith and left a stable position at a health insurance company to join a cybersecurity startup so she could grow and learn at a faster pace. Reflecting on this experience, she says, “I just wasn’t growing at the level I personally wanted to grow. And so a startup offered me the perfect opportunity to do that.” She admits that she put too much trust in the startup, though, and advises others to be more cautious. She says, “Give me confidence that…you have a great idea… And don’t just trust, get some evidence that the plan is a good one and it is well thought out and they are capable of taking this [on]. Any startup is risky, but there’s risk and then there’s suicide missions.” She admits that she “jumped out of the airplane, grabbed a parachute, and didn’t even really think.” In hindsight, she would have asked for more evidence and done more research to ensure that the startup was a viable opportunity.

Despite the eventual failure of the startup, Sandy embraces the lessons she learned along the way. When discussing the importance of examining a startup’s plans and capabilities, she says, “I would’ve picked up earlier that, ‘Oh wait a minute, I’m not 100% sure they understand how software development goes.'” Sandy also recognizes the value of embracing failure, stating, “I think that you don’t want to think that you’re beyond all of it. It’s good to remember what it takes to grind and go through it… Go show that you can win.”

Overcoming shame and embracing the realness of failure

Although she faced setbacks, Sandy sees the value in embracing challenges and learning from failure. She says, “I mean, there is some sort of…shame. I’m embarrassed. Like, ‘Hey, I just got laid off.'” But she believes it’s necessary to view failure as an opportunity for growth, adding, “People keep saying, ‘Oh, I’m sorry you got laid off.’ I’m like, ‘No, it’s awesome. I had a great experience. It’s business, it happens.'” 

Sandy believes that these experiences have allowed her to grow both personally and professionally. She explains, “I met some people that will be part of my tribe forever. I wouldn’t trade the experience for anything. It was fantastic. I’m kind of embracing the fact it’s okay to fail.”

Sandy encourages others to embrace failure as a part of life and not let it hold them back. She emphasizes the importance of running towards challenges rather than avoiding them, as these moments foster personal and professional growth. Sandy acknowledges that people have different comfort levels when it comes to embracing challenges, and it’s important to find the balance that works best for each individual.

The importance of diversity and inclusion in cybersecurity

As cyberthreats become more sophisticated and pervasive, the need for diverse perspectives and skills is more pressing than ever. Sandy recognizes the value of diversity and inclusion in the cybersecurity field, saying that diverse teams are better equipped to address complex challenges and develop innovative solutions. She encourages organizations to prioritize diversity and inclusion efforts and foster an environment where all team members feel valued and empowered to contribute their unique insights.

The continuous evolution of a new CISO

Sandy believes that being a new CISO involves constant growth and adaptation. She explains, “Being a new CISO to me is constantly evolving. Theory of constraints, always try to figure out how to make it better, more efficient, a better experience for your end user, a better experience for your customers, keep turning the notch up.” She emphasizes the importance of contributing to the cybersecurity community and staying informed about industry advancements, such as the MITRE D3FENDTM and MITRE ATT&CK® frameworks, and the CISA RedEye solution.

For those looking to build a successful career in cybersecurity, Sandy stresses the importance of continuous learning, networking, and staying informed about industry trends. Moreover, she encourages individuals to seek out mentors and build a support network of like-minded professionals who can help them grow and navigate challenges.


Sandy’s journey in cybersecurity demonstrates the importance of passion, curiosity, and resilience in the face of challenges. Her experiences underscore the value of building authentic relationships, learning from failure, and staying adaptable in an ever-evolving industry. As the role of a CISO continues to evolve, it’s crucial for professionals to embrace change, seek growth opportunities, and contribute to the broader cybersecurity community. In doing so, they not only advance their own careers, but help create a safer and more secure digital landscape for everyone.

Listen to the Podcast

To hear more of Sandy Dunn’s insights and experiences, listen to the full episode or read the transcript.

Similar Posts

Human Connections in Tech: A Dialogue With Brad Sexton

From Unassuming Beginnings to CISO Excellence: A Journey with Andrew Wilder

10 Essential Episodes of The New CISO Podcast

Recent Posts

Human Connections in Tech: A Dialogue With Brad Sexton

Generative AI and Top Honors: Highlights from Google Cloud Next ‘23

Defending Against Ransomware: How Exabeam Strengthens Cybersecurity

See How New-Scale SIEM™ Works

New-Scale SIEM lets you:
 • Ingest and monitor data at cloud-scale
 • Baseline normal behavior
 • Automatically score and profile user activity
 • View pre-built incident timelines
 • Use playbooks to make the next right decision

Request a demo of the industry’s most powerful platform for threat detection, investigation, and response (TDIR).

Get a demo today!