Marcos Marrero is a recognized leader in Technology Risk and Information Security, with over 20 years of hands-on experience. Known for his expertise in building and guiding top-tier InfoSec initiatives, Marcos is now currently the CISO at H.I.G. Capital, a global private equity firm managing more than $68 billion in assets.
In this interview, we chat with Marcos about how the InfoSec industry has changed over the years, his secret to success in the space, and what he’s most optimistic about for the future.
What was your journey to becoming a CISO?
I'm blessed and fortunate to have started very early in this space – I’ve now been working in cybersecurity for 24 years. Back then, “information security” didn’t exist as a term. At the time, the industry was called information assurance; a term borrowed from the government.
It’s been great to see the industry grow into what it is today.
What do you find to be the hardest part of being a CISO today?
As a CISO, you're responsible for protecting anything that turns on and plugs into a network jack. And that it can be very daunting with the amount of just different devices that an organization can have, right?
At the same time, the cybersecurity industry is still growing. We’re still defining what cyber risk is. We all have a conceptual idea as to what is cyber risk, but how do you really truly measure it when you compare it to other risk disciplines that have been around for a much longer time? It’s challenging to define cyber risk and make sure everyone is speaking the same language.
What is the secret to success in cybersecurity?
You have to have a passion for what is cybersecurity. That is really the only way that you succeed. You cannot see it as just a job. Instead, it has to be a passion that is entertaining to you.
For me, it's never a dull moment. Every day is different. Every day I walk into the office, there's a different challenge. It could be a new business process, a new business service, or a product that's being launched.
What is getting you most optimistic for the future of cybersecurity today?
I'm seeing the pipeline of talent starting to expand much more than where it was three, maybe even five years ago. There are a lot more individuals that are getting into cybersecurity – and for the right reasons.
I mentor a few professionals or young professionals who are just starting off in this career, and I also volunteer with the Microsoft TEALS program, which helps teach computer science in underprivileged and underserved communities.
I can see the actual pipeline starting to widen because of that.
I tell them to watch a couple of YouTube videos and come back to me with what they got out of that video. Depending on their answers, I can tell very quickly if it's something that will work out for them or won't. I can see if they're just seeing it as a job or they're just seeing it as if it's an actual passion.
Beyond that, it’s really up to the individual. There's no one size fits all and everyone learns differently. Even within the cybersecurity space, there are many different avenues you can take, such as management or a technical route.
.png)
.png)