Mike Czumak

I'm a CISO, father, servant leader, and lifelong learner.
[Views are my own]

My Why:
To invest in the success and well-being of others, so that they never have to settle for anything less than great

Mike Czumak

12 minute read

Whether its’s for a bug bounty or a penetration test, it’s very important to demonstrate the impact of a vulnerability. Not only do most organizations have limited resources and competing priorities (so turning over a report with a long list of low impact vulnerabilities isn’t very helpful), but in the case of bug bounties, it also dictates payouts.

Mike Czumak

14 minute read

In Part 1 of this series, I talked about what I see as two equally important components of a security program – To Protect and To Enable. The Protect component is what many people probably think of when they consider the role of a security program. But CISOs and business executives alike should also consider how an enterprise security program can enable an organization in meeting its strategic objectives. For that, a CISO should align the security program with the needs of the business and…

14 minute read

I’ve had the amazing opportunity and privilege as a CISO to lead a team charged with designing, managing, and growing a successful security program. I realize that many don’t get the opportunity to design a security program from scratch and I’ve learned a lot along the way so I wanted to create this series of posts to share that knowledge. I don’t have all of the answers and the approach I took is certainly not the only viable one – but whether you’re tasked…

11 minute read

Over my career and certainly during my time as a CISO, I’ve come to value the importance of authentic, purpose-driven leadership. These days I spend just as much time thinking about how I can improve my leadership skills to better serve those around me as I do on the functional and technical aspects of my job.

Recent posts



More about me ...