Understanding Professional Roles

Last month, I shared my observations about lawyers who successfully transitioned to business roles. Many of you resonated with one of the points that I made: that these lawyers tend to be great at issue spotting, but "with an eye for opportunity—not risk." Today I’ll share four ways that have helped me calibrate my issue spotting skill for the business world: 1. Be aware of the bigger goals. Without knowing what my company’s goals were, I would always default to issue-spotting for risk. It’s just how lawyers are trained, I guess. Understanding our top priorities helped me also figure out what our CEO/execs needed, and where our company could find unexpected ways to achieve them. Seeing the bigger picture gave me a framework for understanding how to make tactical, day-to-day type of decisions. 2. Focus on how to “get lucky” instead of “being correct.” There was something comforting about pointing out risks because even if bad things didn’t end up happening, I felt like I was “correct” in warning my teammates about them. Eventually I started using my ability to process fact patterns to quickly visualize multiple unexpected paths to achieving company objectives. Leadership appreciates when you come up with new ways to help them hit their goals. 3. Recognize the hidden costs of the status quo. Your lawyer brain may scream “don’t sign that contract” but what are the consequences of not bringing on that customer? As a startup person, I eventually realized that if we didn’t hit certain revenue milestones in time, it would put fundraising at risk—which would lead to the company running out of money. It dawned upon me why the status quo was unacceptable—even if that path was safer from a legal perspective. 4. Get comfortable acting with incomplete information. Lawyers, especially those of us who come from the law firm world, are used to researching thoroughly before recommending a course of action. However in the business world, speed often matters just as much as accuracy. Which means you have to move quickly and adjust/iterate over time as you learn new information. This can be very uncomfortable for lawyers—but the good news is that it gets easier over time. Would love to hear your thoughts, especially if you’re a business person who works with ex-lawyers, or if you’re a lawyer who’s successfully made the transition! 

As AI rapidly transforms our industry, I've been thinking about which tech roles will survive – and which won't. Testing code used to require specialized skills. Today, AI can write test scripts that rival those created by mid-level engineers. Tomorrow? 𝗕𝗮𝘀𝗶𝗰 𝘁𝗲𝘀𝘁 𝗮𝘂𝘁𝗼𝗺𝗮𝘁𝗶𝗼𝗻 𝘄𝗶𝗹𝗹 𝗯𝗲 𝗮 𝗰𝗼𝗺𝗺𝗼𝗱𝗶𝘁𝘆 𝘀𝗸𝗶𝗹𝗹. This isn't fear-mongering. It's our new reality. The engineers who thrive won't be those who simply write test code, but those who architect entire testing environments, design integration strategies, and optimize the full delivery pipeline. I recently watched this transformation happen in real-time with Rody, a test automation specialist with 13 years of experience. He recognized the shifting landscape and made a critical decision: to rise above the commodity skills and master DevOps. His journey began with a challenge: implementing test automation for a company without a test environment. Instead of treating this as "not my job," he collaborated with a DevOps engineer to build a Kubernetes-based testing environment from scratch. This experience sparked something profound: the realization that the most valuable engineers aren't just coders – they're architects and problem solvers 💡 Over 18 months (while balancing a new baby, a move, and job changes), Rody transformed his skill set. He now creates Flask applications deployed in Kubernetes clusters, builds Terraform projects integrated with Jenkins, and automates server configuration with Ansible. The AI revolution creates two distinct career paths for engineers: 1. 𝗧𝗵𝗼𝘀𝗲 𝘄𝗵𝗼 𝗰𝗼𝗺𝗽𝗲𝘁𝗲 with AI at tasks it will inevitably master 2. 𝗧𝗵𝗼𝘀𝗲 𝘄𝗵𝗼 𝗹𝗲𝘃𝗲𝗿𝗮𝗴𝗲 AI while focusing on skills AI struggles with: system design, integration strategy, and holistic problem-solving Rody chose the second path. He's no longer at risk of becoming another replaceable test engineer in a sea of mediocrity. This pattern will repeat across our industry. The engineers who survive won't be those writing the most code – they'll be those who 🟢 understand how systems connect 🟢 can architect solutions across multiple domains 🟢 continually adapt to change Read his full story here: https://lnkd.in/dXEUBFmP 💬 What skills are you developing that AI can't easily replicate? 💬 How are you ensuring you stay on the right side of this divide?

Microsoft just admitted the CISO role is “no longer humanly possible.” And they’re right. I’ve watched security leaders wrestle with this reality for years. The burnout is real. The scope creep is relentless. The anxiety is palpable. This isn’t just a reorg — it’s a reckoning with how complex enterprise security has become. Microsoft has effectively dismantled the traditional CISO role, dividing it into 14 specialized Deputy CISOs (dCISOs) — each owning a specific domain. Why? Because the modern CISO job has expanded into a multidisciplinary ecosystem no single person can sustain. Think about it: Governance, Risk, and Compliance (GRC) Product and Platform Security Engineering Integration & DevSecOps AI and Data Strategy Global Operations & Executive Alignment Crisis Management That’s not one role — that’s a cabinet of experts. Large banks have long used Business Information Security Officers (BISOs) to align security with business units. Microsoft’s dCISO model is a natural evolution — a distributed leadership framework built for the speed and complexity of the cloud era. The message to every enterprise security leader is clear: * Stop expecting one person to master every domain of cybersecurity. * Start building distributed, specialized leadership models aligned to your business and product areas. The alternative? Burnout, blind spots, and ballooning risk exposure. The future of enterprise security leadership is distributed. Microsoft just made it official. How is your organization adapting? What would your specialized domains look like?

The CISO role is fundamentally broken. Having been in cybersecurity for over 12 years, I've seen the CISO position evolve into an impossible job. The expectations placed on CISOs today are completely unrealistic: - Be an expert in every area of security (impossible with the pace of change) - Translate complex technical risks into simple business terms (easier said than done) - Influence change across the org with limited authority (constant uphill battle) - Evaluate hundreds of new solutions a year (not enough hours in the day) - Hire and retain talent when everyone is fighting over the same people - Keep up with a tsunami of new compliance requirements like NIS2 - Do it all on a shoestring budget (good luck) No surprise the typical CISO tenure is under 2 years. I've seen countless security leaders crash and burn from the overwhelming pressure of this unmanageable position. Worse still, they're often scapegoated when breaches occur. My frank advice to CISOs: 1. Ruthlessly prioritize based on risk. You can't boil the ocean. 2. Build a strong team and a culture of delegating. You can't do it all yourself. 3. Focus on risk management, not risk elimination. No such thing as 100% secure. 4. Make your own mental health a priority. Take time off, unplug, exercise, meditate. Companies must acknowledge these challenges and properly support their CISOs. Provide sufficient budget, staff, and compensation. Include CISOs in key strategic planning. Stop using them as fall guys when incidents happen. What's your perspective on this?

Most CDPs never become Sous Chefs — not because of skill, but because of their mindset. 👨🍳🔥 There are plenty of CDPs in every kitchen, but only a few actually grow into dependable leaders. My turning point came when I faced my own shortcomings and changed those to my strengths. Here’s what truly prepared me for the Sous Chef role ⬆️ And here’s how you can do the same: 🔥 1. Stop behaving like a “section machine” If you only focus on your station, you’ll stay stuck. Start looking at the entire kitchen as your responsibility. 🔥 2. Make your section run without you Train your juniors to handle the section smoothly in your absence. A future leader shouldn’t be tied to one corner of the kitchen. 🔥 3. Become the Chef’s “solution person” Don’t just report problems — fix them. Be the person who stabilises prep, boosts service flow, and reduces wastage before it becomes an issue. 🔥 4. Work on your calmness, not your volume Anyone can shout. Only a leader can stay composed in pressure. Communicate clearly and respectfully — that’s real authority. 🔥 5. Learn costing, ordering & planning Understanding food cost, yield, portioning, and inventory is what separates a CDP from a Sous Chef. Build a manager’s mindset, not just a cook’s mindset. 🔥 6. Make training your daily habit Your growth depends on your team’s growth. Train your commis in techniques, hygiene, tasting, speed, organisation — every single day. 🔥 7. Take full ownership When things go wrong, don’t blame. Ask yourself: “How can I fix this now and prevent it next time?” That’s the mindset of a real leader. 💡 A lesson for you: If the same mistake repeats, don’t just fix the dish — fix the system, the prep, the setup, and the skill gap behind it. That’s how you shift from CDP thinking to Sous Chef thinking. Becoming a Sous Chef is not just a promotion — it’s a transformation. Change your mindset before you change your title. 💪👨🍳 #KitchenLeadership #CDP #SousChef #ChefJourney #CulinaryCareer #ProfessionalKitchen #ChefLife #CulinarySkills #KitchenDiscipline #HotelIndustry #CulinaryManagement #KitchenCulture #KitchenMindset #ChefGrowth #LeadershipInKitchen #CulinaryLeadership #ChefCommunity #KitchenTeamwork #FoodProduction #RestaurantIndustry #GrowthMindset #CareerInKitchen #CulinaryProfessionals #Chef #Chefs

🌟 2025-2028: An era of transformation for #CISOs Based on discussions with numerous cyber professionals in the #US 🇺🇸 and #Europe 🇪🇺, I believe the next three years will be defining for my #CISO friends and clients. The role of Chief Information Security Officers will undergo profound changes. Let's delve into four pivotal shifts: 1️⃣ Skyrocketing salaries 💵: The ongoing talent shortage and the still-less-than-glamorous appeal of the #cybersecurity sector will drive salaries through the roof. The job's immense pressure and the need to prepare for personal cyber-liability insurance coverage (when not covered by D&O insurance policies) will further fuel this trend. Additionally, expect increased scrutiny by regulators around CISO equity and bonuses💰 to ensure CISOs remain motivated to report incidents transparently. 2️⃣ Splitting the #CISO Role 👥: The system of lines of defense is gaining popularity across all sectors, not just finance. Many CISOs are shifting to a second-line role focused on strategy, risk management, and assurance/testing 🔎. Consequently, we're seeing the emergence of technology-focused CISOs under the #CIO, responsible for execution. For years, we've debated whether the CISO should report to the risk officer or the CIO. Now, it's both... with two distinct individuals 📈 3️⃣ #CISO Stratification 🧭: Companies are increasingly choosing their CISOs based on their current cybersecurity posture. Post-incident? They call in crisis CISOs to manage the fallout🔥 Facing regulatory pressure? They hire remediation CISOs to build large-scale cybersecurity plans. In stable times, BaU CISOs keep things running smoothly. This shift is creating clear tiers within the profession, with distinct profiles emerging 👥 - and driving faster turnover as organizations switch leaders to fit the moment. It’s especially true in U.S. banks, where the average CISO tenure is now just 30 months! 4️⃣ Evolution to #CSO: Cybersecurity functions are increasingly overlapping with other security domains like product security, e-fraud, IT risk, and operational resilience 🌐. Businesses are demanding more coherence in security practices, and some areas like #InsiderThreat are managed inconsistently. In the next three years, we'll likely see key services extending beyond cybersecurity, such as Fusion Centers (an evolution of SOCs🔎) and Business Intelligence (an extension of #ThreatIntelligence). The good news is that the CSO is now perfectly positioned to integrate #IAM, which has been neglected for years in the organization ;-) These predictions are not just about salary or minor changes but signal a paradigm shift in how we perceive and value the role of cybersecurity leaders 📈. #CISOs are not just tech guardians; they are strategic business enablers and risk managers! Let's watch these predictions unfold in the next three years and prepare to support our CISO community! 🎯 #GetReady #Transformation

I can tell in 20 minutes whether someone will become a CISO. Over the years, I’ve sat with everyone in the hierarchy. ↕ SOC analysts on night shifts. ↕ L2 incident responders. ↕ Security architects. ↕ Risk heads. ↕ CISOs reporting to CIOs. ↕ CISOs reporting to boards. Patterns repeat. And promotion to CISO is rarely about technical depth. It’s about altitude. The typical path (in India): SOC Analyst → 3–5 years Security Engineer / IR Lead → 4–6 years Security Architect / Risk Lead → 3–5 years Deputy CISO / Head of Security → 2–4 years If done traditionally, it can take 12–18 years. But I’ve seen people compress that into 6–8. The difference is not certifications. It’s perspective. Here’s how I know someone is ready for CISO. 01. They stop talking about tools. And start talking about exposure. Junior security professionals say: “We need EDR.” Future CISOs say: “Our identity layer is weak. That’s our biggest attack surface.” 02. They understand money. Should be able to explain security in terms of: • downtime cost • regulatory penalty  • revenue disruption • insurance impact 03. They escalate with clarity, not emotion. A junior analyst escalates alerts. A future CISO escalates risk narratives. They can say: “If we don’t fix this in 30 days, here is the business consequence.” That language gets promotions. 04. They manage sideways, not just downward. CISO is not a technical role. It is a political role. You must influence:  • DevOps  • HR  • Finance  • Legal  • Product Without authority over most of them. 05. They design secure behavior, not just controls. Analysts watch logs. Architects deploy tools. Future CISOs redesign processes so the secure path becomes the default path. And that shift from reaction to design is what changes timelines. I’ve been asked this so many times. How to compress the journey? If you’re early in your career:  • Sit in board meetings, even if silently.  • Learn financial statements.  • Study breach reports like business case studies.  • Volunteer for cross-functional projects.  • Stop hiding behind technical jargon. Technical excellence gets you hired. Business fluency gets you promoted. I’ve seen security professionals remain brilliant engineers for 15 years. I’ve also seen analysts become CISO in under a decade. The ones who accelerate understand one thing early: Security is not about preventing attacks. It’s about protecting business continuity in language the business understands. And once you start thinking at that altitude, the promotion becomes inevitable. Seqrite #CISO #Cybersecurity #InformationSecurity #CybersecurityLeadership #SecurityLeadership #CyberRisk #Leadership #Infosec

AI winter is not coming. If anything, the heat is just turning In my last post, I argued that the AI race will not be won by the biggest model, but by the most adaptable infrastructure. The last few days show how fast that is moving on the coding side. I am not a coder or an engineer. I am an operator. What stands out this week is how quickly coding is shifting from autocomplete to what the community calls “vibe coding” and what enterprises will soon know as agentic coding and AI native development. It is starting to feel like a new software operating model. Coding benchmarks now look like real work New suites such as SWE Bench Verified are built from real GitHub issues. They test whether a model can read a code base, generate a patch, and pass tests. The best models are now solving many of these tasks and pulling ahead on newer agent benchmarks. Vibe coding is turning into agentic coding Early users describe a different feeling of work. They hand a hard problem to an agent, come back later, and find clean code that usually works. In enterprise terms, this looks like agents that plan, write, test, and refine code, while humans focus on intent and review. Economics are catching up Token prices for frontier coding models have dropped while efficiency has increased significantly. This shifts the conversation from research novelty to unit economics: cost per bug fix, cost per feature, and cost per refactor. For leaders closest to delivery, the agenda for 2026 is clear: • Treat coding agents as teammates. Redesign roles so humans own intent, architecture, and security, while agents take on migrations, plumbing, and tests. • Use your own repositories as the benchmark. Do not rely on public charts. Run leading models on your code bases and judge them on time to fix and quality. • Stand up one agent-first squad. Give a small team a real project and clear guardrails. Their job is to learn how to run long lived agents safely against your data, then feed those lessons back into your operating model. The gap will not be who has access to coding models. It will be which organizations can redesign their operating model so humans and agents work together.

AI-assisted coding isn’t just about autocomplete anymore. It’s becoming a full lifecycle - from planning to building to reviewing. Developers are no longer just writing code, they’re orchestrating systems of agents that generate, test, and refine it. The shift is from “write code faster” to “build and ship systems end-to-end.” Here’s how the generative programmer stack is evolving 👇 𝗕𝗨𝗜𝗟𝗗 - 𝗖𝗼𝗱𝗲 𝗚𝗲𝗻𝗲𝗿𝗮𝘁𝗶𝗼𝗻 & 𝗘𝘅𝗲𝗰𝘂𝘁𝗶𝗼𝗻 Full-Stack App Builders: Turn ideas into working applications quickly by generating frontend, backend, and integrations in one flow. CLI-Native Agents: Work directly from the terminal to generate, edit, and execute code with tight control and speed. IDE-Native Agents: Integrate inside development environments to assist with coding, debugging, and real-time suggestions. Async Cloud Coding Agents: Run tasks in the background - writing, testing, and iterating on code without blocking your workflow. 𝗣𝗟𝗔𝗡 - 𝗣𝗹𝗮𝗻𝗻𝗶𝗻𝗴 & 𝗙𝗲𝗮𝘁𝘂𝗿𝗲 𝗕𝘂𝗶𝗹𝗱𝗶𝗻𝗴 Spec-first Tools: Start with structured specifications that define what to build before writing any code. Ask / Plan Modes: Break down problems, explore approaches, and validate logic before jumping into implementation. Design-to-Code Inputs: Convert designs or structured inputs into working code, reducing manual translation effort. 𝗥𝗘𝗩𝗜𝗘𝗪 - 𝗥𝗲𝘃𝗶𝗲𝘄, 𝗧𝗲𝘀𝘁𝗶𝗻𝗴 & 𝗩𝗲𝗿𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻 Code Review Agents: Automatically analyze code for issues, improvements, and best practices before deployment. Testing & Verification: Generate and run tests to ensure reliability, correctness, and stability across different scenarios. Benchmarks: Measure performance and quality using standardized evaluation frameworks. What this means: Coding is shifting from manual effort to guided execution. The developer’s role is moving toward direction, validation, and system design. The edge is no longer just writing better code. It’s knowing how to use these tools together to ship faster and more reliably. Which part of this workflow are you using AI for the most today?

I've worked in-house for nearly my entire career. Some observations for those who want to be effective in-house lawyers: 1) Stop leading with disclaimers. When executives seek guidance, they're looking for pathways, not barriers. Quantify impacts, propose alternatives, and frame discussions around business outcomes. Your credibility grows when you speak the language of metrics rather than maybe. 2) Legal judgment divorced from business context is inherently flawed. Witness your company's customer interactions firsthand. Observe how products evolve from concept to market. Understand the competitive pressures your colleagues navigate daily. These experiences will reshape your counsel more profoundly than any legal treatise. 3) Business moves at the speed of incomplete information. Develop the courage to make calculated recommendations without perfect clarity. Document your reasoning, advance the objective, and stand behind your judgment. Curiosity matters—but not when it becomes an excuse for inaction. 4) True value comes from integration, not isolation. The most impactful legal professionals don't wait for invitations—they actively engage, anticipate strategic needs, and become indispensable to business outcomes. #legaltech #innovation #law #business #learning