Determining Risk Tolerance for a 100-Million-User per Month Organization
Episode 254th June 2020 • The New CISO • Steve Moore
00:00:00 00:49:22

Share Episode


Tune in as Steve Moore talks with Christopher Hymes, the CISO of Riot Games, about acceptable risk and the parallels between anti-cheat teams and threat hunting.

Security Within The Gaming World

The video game market is massive, there are a ton of games and a ton of gamers out there. Like any large industry, the gaming industry is not immune from security threats. Games are fun because they are competitive, you have to build the gaming skills over time. This opens up an entire market for cheating scams within the gaming industry. The game developers have anti-cheat teams to help combat this problem, cheating in the games is not only unfair, but it makes the experience less enjoyable for all the other players and poses a threat to the developers as well. If the game becomes less desirable then people won’t want to play, in turn ruining the developers market. 


Advice To A Younger Self

In the security industry everything can seem critical all the time, every issue can seemingly need to be solved immediately.  A strength of an effective CISO is being able to step back with a calm perspective and look at the bigger picture. Remaining calm in a crisis is a way to avoid causing panic and effectively solve the issue at hand. Especially when you are new to a company or position there is an innate desire to please those above you in the company, but being able to lead by example and remaining calm will make dealing with the problem an easier process. Going full steam ahead 24/7 leads to burnout, so prioritize your moves and what you consider a major crisis. The security industry is a high-pressure industry, so being able to recognize that and alleviate the pressure where you can, can make for a better working environment. 


Necessary Roles Of Security Leadership 

Security is often overlooked by startups as a necessary position from the beginning, most companies establish themselves then add a security team later. This puts the security team and CISO at a disadvantage from the start, because they are often brought in to solve an issue that is already present, instead of being hired in a proactive way. Security within companies needs to be culturally embedded into the organization ethos, it needs to be built in from day one. Security teams build trust and need to be viewed as an essential building block to any company. Building a security team takes time, but when a team is built with consideration and the strongest values have been instilled in every team member, the team should sustain many years and last after the CISO has left. Being a CISO is a leadership role, so build the team you want your name attached to for years to come. 


What Being A New CISO Means

Being a new CISO is not about the technology. It is about the mindset, about building the teams, and being a calming voice of reason for the organization. When you as a CISO are seen as a leader within the company, it benefits everyone. 



The New CISO: Linkedin

Christopher Hymes: Linkedin

Riot Games: Website

Exabeam: Website