April 8, 2021

Announcing the M12 CISO Network

Image that reads M12 CISO Network



In November 2020, we announced the creation of the M12 Advisory Board, a group of world-class authorities in their respective fields, assembled to forecast what’s on the horizon, provide guidance on investment opportunities, and coach portfolio companies on strategic direction. In addition to that important mentorship, we’ve had ambitions to collaborate more deeply with our advisors.

Today, I’m proud to partner with Ann Johnson—M12 cybersecurity advisor and Microsoft corporate vice president of security, compliance and identity business development—to announce our first milestone in that pursuit: the founding of the M12 CISO Network. Yesterday, we hosted our inaugural quarterly meeting of 15 top industry-leading CISOs, representing global enterprise and mid-market companies across professional services, financial services, healthcare, retail, food and beverage, energy and more.

A photo of Microsoft Corporate Vice President of Security, Compliance, & Identity Business Development Ann Johnson

Our goals in establishing the M12 CISO Network were threefold: 

  1. Learn from CISOS: cultivate peer-to-peer conversations, capture the latest trends that have their attention, and understand their most significant business opportunities and challenges. 
  2. Influence M12 investments: identify the cybersecurity startups that have captured the mindshare of this group of experts. 
  3. Facilitate customer connections: expose this network of cybersecurity business decision makers to impactful M12 portfolio company solutions. For example, yesterday, the founders behind M12 portfolio companies Aqua and seed investment Authomize had the opportunity to pitch their technology to attendees.  

In the arms race of cybersecurity, we know that CISOs have many commitments and priorities to juggle.

Aqua CEO Dror Davidoff pitched his company's solution at our inaugural M12 CISO Network meeting.
Dror Davidoff | Co-founder and CEO | Aqua Security

In the arms race of cybersecurity, we know that CISOs have many commitments and priorities to juggle. We’re humbled by the audience we were able to gather at the kickoff, and excited about the insights that emerged from the conversation. Here are some highlights from the session:

  • Microsoft principal architect Hyrum Anderson shared a presentation on Securing Machine Learning Models from Adversarial Attacks. While the conversation about ML security is really about risks and not threats at present, he shared that security posture for AI and ML for most organizations is close to zero; that lack of security is actually preventing some organizations from adopting AI and ML solutions. Anderson predicts that when it comes to AI risk management, security needs to be a third pillar of the equation—next to model operations (reliability, predictability) and responsible AI (fairness, ethics).
  • KPMG Global CISO Brian Geffert facilitated conversation on his presentation, How the SolarWinds Attack Shifted Industry Thinking. Geffert pointed to the increasing risk of shadow IT and shadow procurement, especially in the wake of this supply chain infiltration. He suggested that the future will require that companies have deeper relationships with suppliers—looking at them not just as vendors, but as partners in security. Geffert promoted the goal of consolidating security technology—a strategy of simplify and fortify—and painted a future-state vision of the CISO office: like a cargo ship, there’s a very light crew leveraging centralized controlled technology to guide their attention. 
  • Aqua, pure-play, cloud native security, achieved unicorn status last month in the wake of incredible customer momentum. CEO Dror Davidoff explained how their solution enables companies to use containers without compromising their application and security data. As the adoption of the public cloud continues to accelerate, complex environments of multi-cloud architectures introduce new opportunities for data breaches. Davidoff emphasized that securing your cloud workloads at run time and having strong preventive capabilities are keys for your cloud security.  
  • Authomize, a cloud-based authorization management solution, emerged from stealth just last year. CTO Gal Diskin shared the company’s response to the chaos of industry-standard Identity Governance and Administration (IGA) tools. The co-founder flagged the issue of “permission sprawl”—when employees have access to company assets beyond the requirements for their job function, and the manual approval of hundreds or thousands of permissions and identities. Authomize’s solution constructs an optimal set of access policies for any identity-asset relationship, automating identity management and minimizing access risk.
  • Our attendees flagged their top of mind to be address in our programming in future sessions: the merging of privacy and security in the CISO role, reduction of product complexity, organizational structure in the cloud—the merits of centralized vs. devolved approaches, and business continuity in the wake of ransomware attacks.  

Yesterday’s meeting was an energizing kickoff. I’m proud of what we’re building with the M12 CISO Network and look forward to sharing more takeaways from our next session this summer. Thank you to Ann Johnson for your partnership on this initiative, to Dror and Gal for sharing more about your technologies, to Hyrum and Brian for presenting at this inaugural event, and to our network members for your active engagement. 

For more M12 news, follow us on Twitter.