Cybersecurity Leadership and Relationship Management

: A Conversation with Michael Calderin at CISOMeet

At CISOMeet, Michael Calderin, Chief Information Security Officer (CISO) at Yagio, shared his journey into cybersecurity leadership, key lessons learned throughout his career, and how mentorship and relationships play a crucial role in navigating the ever-evolving cybersecurity landscape. His path from freelance IT roles to leading security in a global manufacturing company offers valuable insights for CISOs and cybersecurity professionals seeking to thrive in their roles.

An Unconventional Path to CISO

Michael’s career journey into cybersecurity was anything but linear. Early on, he sought a career that combined his interests in technology and law, initially gravitating toward intellectual property law. However, after discovering that IP law wasn’t his calling, Michael transitioned into IT, working as a freelancer, developer, and system administrator before settling into cybersecurity roles.

In the early 2000s, Michael worked at the University of Miami Health System, where he collaborated closely with the privacy office, sparking his interest in security. He later moved into security leadership for a global insurance company, before transitioning to a tech startup and, eventually, a manufacturing company. His journey took a major turn when the company was acquired by Yagio in 2020, expanding his role and responsibility in managing the security program across a larger enterprise.

Michael’s story highlights the flexibility and adaptability required to succeed in the cybersecurity field, especially as the role of a CISO continues to evolve.

The Shift from Consultant to In-House Security Leader

When Michael transitioned from freelance consulting to an in-house security role, the adjustment was surprisingly smooth. The "love ’em and leave ’em" consultant approach, where he would often complete a project and move on, didn’t provide the stability or long-term impact he sought. In contrast, his in-house role provided a steadier income, the opportunity to contribute more deeply to the company, and a chance to build lasting relationships within the organization.

For Michael, the key to adapting successfully to the in-house role was identifying where he could add value that wasn’t already being done by the team. By doing so, he was able to integrate into the company culture and make a meaningful impact, setting the stage for future growth in his career.

Tough Lessons for CISOs: Risk Management and Building Relationships

As a CISO, Michael has learned several valuable lessons that he believes other security leaders should know. One of the most important lessons is understanding that the CISO role is fundamentally about risk management. While CISOs may have the technical expertise to address security threats, they do not control all aspects of the organization. Building strong relationships across departments and with key stakeholders is crucial to successfully managing and mitigating risk.

Security is a team effort, and a CISO’s ability to collaborate with IT, application development, and business leaders is essential for success. Michael emphasized that it’s not just about implementing security tools, but about fostering a culture of security within the organization. When something goes wrong, the relationships built over time allow the CISO to step in and offer solutions that can be effectively executed.

The Need for Boundaries and Delegation

Another key lesson Michael shared is the importance of establishing boundaries—both within the organization and personally. As a CISO, it’s easy to feel responsible for everything, but it’s crucial to delegate tasks and rely on the team. Effective delegation ensures that the security function runs smoothly and prevents burnout, allowing leaders to recharge and provide long-term value to the organization.

Michael also acknowledged that it’s easy to overextend oneself, especially in a high-stakes role like cybersecurity. Setting boundaries is not just about managing work but also about taking care of personal well-being. By trusting his team and building a strong support structure, Michael ensures that both he and his team can operate at their best.

Education and Advocacy: Building Awareness Across the Organization

One of the ongoing challenges Michael faces is educating executive leadership and the broader organization about the importance of cybersecurity. In the past few years, awareness of cybersecurity risks has grown significantly among executives and board members, but the challenge still remains to communicate the importance of proactive security measures.

Michael uses real-world examples of high-profile security incidents to illustrate the potential risks and how they could impact the business. He believes that using case studies and dissecting real-world breaches helps executives understand the relevance of cybersecurity in the context of business operations. By being proactive in education, CISOs can establish themselves as trusted partners in the business, much like legal advisors or other departments.

Mentorship: A Two-Way Street

When asked about mentorship, Michael emphasized the value of both being mentored and mentoring others. While he’s had formal mentorship relationships, he noted that much of his growth came from observing others around him and emulating their successful behaviors. Whether in times of crisis or day-to-day operations, he’s learned from leaders who demonstrated calm under pressure, effective delegation, and how to balance long-term strategic thinking with immediate action.

Michael also recognizes the importance of mentoring others. As a leader, he strives to be a mentor to those in his organization, providing guidance and support to help them navigate their careers. He also mentioned his openness to providing mentorship outside of his organization, noting that he’s always willing to meet with young professionals who seek advice, whether through informal coffee meetings or LinkedIn connections.

Global Leadership: Navigating Time Zones and Cultural Differences

Michael’s role in a global organization comes with its own set of challenges, particularly when it comes to managing relationships across different time zones and cultures. With leadership teams spread across the globe, Michael has learned the importance of relationship management and meeting people where they are. This includes adjusting his working hours to accommodate international teams and ensuring that communication flows smoothly despite time zone differences.

He also highlighted the importance of understanding different cultural perspectives and adapting leadership styles to different contexts. Building rapport and trust with international teams is essential, especially when security concerns arise and fast decisions need to be made.

Creating a Community for CISOs

When asked how CISOs can best learn from each other, Michael emphasized the importance of peer networks and open communication. While cybersecurity is often seen as a siloed function, it’s essential for CISOs to connect, share experiences, and discuss challenges. This open exchange of ideas fosters a collaborative approach to solving common problems, and the support from fellow professionals helps mitigate the isolation that can sometimes accompany the role.

Michael also acknowledged that while the CISO role can be isolating, particularly in smaller organizations, building strong relationships with peers and colleagues is key to overcoming this challenge.

Michael Calderin’s conversation at CISOMeet highlighted the importance of relationships, continuous education, and mentorship in the cybersecurity field. His journey from a technology consultant to a global security leader is a testament to the power of adaptability, collaboration, and strong leadership. His insights into the evolving role of CISOs offer valuable lessons for those navigating the complex and high-pressure world of cybersecurity leadership.

For more information on CISOMeet, your exclusive ticket to CISO connections, integration and advancement, Contact Harshil Shah at any time. We have new conferences all over the country where CISOs come together to collaborate, discuss and navigate the ever changing world of technical and security information.