Matthew Rosenquist is a Chief Information Security Officer (CISO) CISO, cybersecurity strategist, and evangelist actively working with the industry to identify emerging risks and opportunities. Rosenquist is formerly the Cybersecurity Strategist for Intel Corporation with 30+ years in security and is currently the CISO of Eclipz.io., A trusted board advisor and security expert for governments, organizations, and academia, Rosenquist is one of the industry’s most well respected cyber security evangelists. He advises boards, executives, industry groups, tech companies, consumer audiences, and the media on the risks and relevance of cybersecurity issues and how to achieve an optimal level of security.
Matthew Rosenquist began his career in retail before he chanced upon the security industry. He then began his ascent into the world of cyber-security and landed his first role securing assets while being a part of a world-class team that focused on loss prevention, internal investigations, and building criminal cases for theft, fraud, and embezzlement.
While working in this upcoming industry, Rosenquist became very attuned to understanding the intelligent threats, their creativity, and motivations that could help understand the most likely methods of attack and targeted assets. During that time, he specialized in charge fraud cases, which gave him a head start in becoming one of the most trusted leaders on the topic of our time.
He says, “This was during a time before cybersecurity or its predecessor, ‘Information Security’, existed.” But that did not stop him from discovering new avenues and researching how security could evolve to better protect against fraud cases and tackle one of the most significant challenges companies face today as technology improves.
After discovering his new passion for Cybersecurity and how he could help disrupt this industry, Rosenquist moved to Intel Corporation, where he worked in Information Technology. However, Rosenquist got his big break when he proposed the creation of Intel’s first Security Operations Center. He recalls the life-changing incident, “My justification succeeded where the previous attempts from others had failed. I must have impressed senior management as they not only approved my proposal but also wanted me to build and lead it, which was not part of my proposal. I accepted and dove in with everything I had.”
However, it did not come without its fair share of challenges; Rosenquist had to do intense research, trial and error to succeed in building Intel’s first Security Operations Center at a time when there were no templates or best practices to help guide him in the process.
The success of setting up the Security Operations Centre soon turned out to be the catalyst of his career that launched him into the realm of protecting digital assets. Shortly after, Rosenquist was promoted to many new ‘first’ roles, such as establishing and leading the company’s IT Crisis Response which was entirely new and responsible for all attacks against one of the most recognized tech companies. He also became the first Cybersecurity Strategist to address attacks against global manufacturing, integrating M&A Cybersecurity into acquisitions and divestitures, and many other roles. However, with his exceptional prowess, he succeeded in growing the organization’s cyber security beyond their expectations and leaving white papers and best practices for others to follow.
Talking about the challenges of leading a team in an upcoming industry, he says, “Throughout my professional career, I have always sought to be challenged and tackle obstacles that were viewed as impossible. I have strived to make fundamental improvements in the industry for well over 30 years. I proved that a Return on Security Investment (ROSI) could be calculated when the consensus among the security community was that it was impossible.”
Rosenquist even established M&A cybersecurity protocols and defined the focus areas before the industry was riddled with risks. In addition, he even led a team that developed security software a decade before its time after viewing the gap in the market.
He adds, “I championed and created a methodology (TARA) to blend threat agent aspects into risk assessments when the industry only focused on internal vulnerabilities.” But all these firsts came with immense hard work, resilience and pushing past boundaries to develop solutions for prevailing problems.
Rosenquist was also one of the early advocates to engage widely across adjacent domains, including physical security, privacy, governance, product development, information technology, regulatory compliance, legal, and ethics, to drive communication and collaboration among stove-piped verticals across industries.
Talking about the qualities you need to succeed as a CISO, he adds that while technical skills are essential to succeed in the role, he emphasizes the need to do three things:
- Understand the Enemy. Everything can’t be protected equally, so focus on the most likely methods from the types of attackers that will target your organization.
- CISOs must understand how Cybersecurity fits the business’s overall value proposition.
- Security leaders must foster teamwork across the organization. A security-savvy workforce is one of the most powerful capabilities to protect a company’s digital assets and capabilities.
He adds that in order to form a security-savvy workforce, it’s vital to follow two rules. Firstly he says, “Cybersecurity is about balance. It is one of several priorities that the organization pursues. Understand where it fits in and how it supports corporate goals. Collaboration is critical, and it starts with understanding the needs of the groups that are being protected.” He continues, “Secondly, “Win over your employees; Cybersecurity should not be the secret police. It is about collaboration and gaining support from employees who can be your most significant liability or most significant asset. Win them over by showing them how good security practices help protect their work and time and enable them to succeed. The CISO is an advocate, Subject Matter Expert, and coach. Focus on building a solid team that includes every employee in the company. ”
Due to his exceptional skill and prowess in the industry, he has been conferred with numerous awards, including Engatica Top 50 Cybersecurity Influencers, Mazebolt Top Six DDoS Security Influencers – 2022, Engati Top 222 Influencers for 2022, Top Cyber News Magazine Who’s Who in Cybersecurity!, 2021 HMG Strategy Global Leadership Institute Award, Thinkers360: Top10 Cybersecurity Thought Leaders, Top Business Strategy thought leaders, Top Cryptocurrency Thought Leader & Influencer, Medium as a Top Writer in Privacy, ADA Outstanding and LinkedIn Top 10 Technology Voices for 2018.
In conclusion, his advice to budding leaders is, “Learn the skills necessary to succeed, but have the passion and focus on executing them. Realize that a motivated, organized, and resourced community is truly powerful and capable of incredible feats. Leadership is key. Good leaders can transform a rabble into razors, while poor Leadership can undermine a world-class team. Continually learn from experience, history, and others. Have the humility to know your limits, admit mistakes, and learn from them. Be strong and know that real Leadership is what emerges and makes a difference in times of crisis.”