“I stick out like a sixth finger, don’t I?” says Larry Whiteside, Jr. He gestures around the W Hotel Bar opposite the Moscone Center on the first day of the RSA Conference 2022. “I’m a six-foot-something black man in a sea of white males, mostly 40-something or over.” He smiles, he’s not complaining. In fact, he tells me, “it has often worked to my advantage. People know who I am,” he says. “As a person of color in this industry, I have two choices, I could be all ‘woe is me,’ or I can become a people person and utilize that to start a not-for-profit.” Of course, Larry has chosen the latter option.
Choices are something he refers to a lot during the interview. “Everyone has choices,” he insists. “When my father was murdered, I had a choice. I chose not to let it defeat me.” More on choices later.
“Infosecurity Created a New Socio-Economic Reality For Me”
Sticking out like a sixth finger led Larry to co-found Cyversity, a not-for-profit that exists to create a representation of the diverse candidates in cybersecurity. “We want to figure out ways to offer more opportunities for diverse candidates. Seeing people that look like you representing in the industry is really important.”
Larry reflects that the cybersecurity field enabled him to create a life for his (seven) children different from the one he experienced growing up. “The cybersecurity industry has created an opportunity for me to provide for them.” Cyversity aims to tackle the socio-economic factors that so often create barriers to entry into the industry. “The field created a new socio-economic reality for me, and I want it to do the same for others.”
Representation matters repeats Larry. “You need to see people who look like you in successful roles. It makes people think about what is possible. I wear President Obama’s presidential cufflinks to remind me of what is possible.”
Social change happens when everyone stands up to make a difference, not just those impacted and affected by lack of representation, but allies too. At Cyversity, awareness, assessment, training, mentoring and leveling up are the pillars of creating opportunities for diverse candidates.
“Cyversity creates opportunities to level the playing field,” Larry tells me, “I feel fortunate, I made choices and I want others to be able to do the same.”
“CISO Burnout is Real”
Larry estimates that he spends 30-40% of his time on Cyversity. He spends the rest of his professional hours taking on the increasingly challenging role of CISO, a role he declares to be “the most thankless job in the whole industry. People think it’s all high pay, suits and talking to boards,” says Larry, “but it is so much more than that.
"CISO is the most thankless job in the whole industry"
“CISO burnout is real. You can go 364 days without a breach, but the day you have one, the CISO is considered neglectful, when in reality, it’s likely another part of the business that has not respected the policies or rules put into place by the CISO,” Larry explains. “The role of CISO is always on, even during vacations and weekends. That’s why burnout happens.”
The sharp increase in the average salary of a CISO over the past decade is partly responsible for the burnout experienced by so many CISOs. “In 2012, the average CISO was paid $175,000. Today, it’s $400k. That increases contributes to the value of the CISO, the expectations and importance to the business,” explains Larry. “Today’s CISO needs to be a business leader, which differs from being a tech leader. It’s tougher.” Consequently, he reflects that many CISOs have sadly turned to alcohol as a “reality of stress. The burnout is real,” he states once again. “If you think about the pressure that males have to provide, trying to cope with the stress and worry of potentially losing their job if they suffer a breach is a lot to cope with,” he says. I would argue that this pressure isn’t exclusive to men. Female and non-binary security professionals are also subject to the pressure of providing.
Those that have been in the field for 15 or more years, Larry adds, are looking for the opportunity to move to board-level seats to add maximum value. “Many also look to transition to CTO or CIO roles, but I’ll always be a security guy, it’s my mindset and that comes from childhood,” he says, referring to house break-ins that influenced his mindset from early days.
I ask what advice Larry would give to an industry n00bie with aspirations of a CISO role. “Be realistic, understand the totality of the role and understand it for what it is – an educator. People just talk about CISOs controlling strategy, but it’s so much more than that.” Larry is adamant that CISOs should sit on the board, even though he concedes that happens less than 1% of the time in reality.
At the beginning of our conversation, Larry referred to choosing to be a people person, and I can unequivocally agree that he is. Several times during our conversation, various peers stopped to shake his hand. As he says, he sticks out like a sixth finger, but a sixth finger that is impeccably dressed with a friendly grin and faultless manners, and what’s more, a sixth finger that has used his differentiator for positive. Larry is a man that has made many incredible choices that have landed him an aspirational career and, more importantly, have led him to happiness.