I'm focused on cybersecurity risk management – as a modern enterprise practice and leadership skill. My books, speaking, and work support security leaders who need to align security practice with business goals. That alignment is at the heart of cybersecurity risk management. As the Chief Risk Technology Officer at Qualys I help customers and the broader security community measure, communicate, and eliminate risk. With over 10 years of experience as a CISO, I have led and supported security strategy, operations, and governance across various industries and orgs, including Twilio, GE, and LendingClub. I am also a published author and a faculty member at IANS, where I share my insights and knowledge on security metrics and risk management. My books, "How To Measure Anything In Cybersecurity Risk" and "The Metrics Manifesto: Confronting Security With Data", provide practical and innovative approaches to quantifying and reducing security risk.