# Opener

Risk Journeys with Dale Gonzalez | Episode 1

Published by Axio

This week we got to chat with Axio’s Chief Product Officer, Dale Gonzalez.

In this extensive conversation we discuss Dale’s background,  our current  shift in cybersecurity culture, and some interesting projects Axio is currently working on.


From Programming on the Apple II to Leading Dev Teams

Axio

How about we begin by going back in time a little bit. Can you tell us a little bit about your background and how you got started in technology?

Dale

I’ve been around computers all my life, ever since my dad brought home an Apple II when I was growing up. By the time I entered High School I had taught myself how to program. I never saw computers as a career, it was much more than that. I really loved working with technology. When I was in college, I worked at the Carter Center as a programmer and even did technical support.

Axio

That’s fascinating. How did you get that job while in college?

Dale

Well, I walked and told one of the managers,  “I know more about computers than you do.”

And he said, “You’re probably right, you’re hired!”

To be truthful,  I didn’t know anything about the technology they were using when I started, these were the IBM PCs of the 1980’s.

Axio

Obviously you figured it out and continued working in the technology world.

Dale

I’ve been in software development since the 90s and have a broad variety of tech experience. In the early days of my career, I was building systems for inventory control, salesforce  automation, and mobile. I would usually start as a developer and end up managing the team.

A Passion for Cybersecurity

Axio

How’d you first get into the world of cybersecurity?

Dale

My foray into security happened at Secureworks (now part of Dell Computer). They were a managed security service provider (MSSP). So, imagine us acting as an outsourced security organization, replacing a CISO. My job was to not only build the infrastructure that protected attacks but create the underlying platform that allowed multiple tenants to manage and monitor their security infrastructure. We were one of the few companies at the time that supported co-management, allowing organizations greater flexibility in selecting what would be monitored internally versus externally.

Axio

And you’ve stayed in security ever since.

Dale

Yes, well besides being a CTO of a public company servicing the industrial defense sector, I’ve stayed in information security. I’ve been involved with just about every single part of security, except for academic research.

Axio

What gravitated you to stay in this space?

Dale

I love working in security because of the idea of contributing to a greater good every day.In these times the internet has become a core thread in the fabric of our society. Imagine if you couldn’t trust the websites you visited, or safely use your credit card, or believe the people you were interacting with were truly your friends. We can’t let the bad guy ruin this experience. Lack of security cheapens society for everyone. There’s so much going on behind the scenes that enables us to safely work remotely in these uncertain times.

Axio

And now you lead Axio’s development and product team!  Actually, you’re one of the very first Axions. How do you feel Axio fits into the current security conversation?

Dale

Here at Axio, I feel we’re solving a broader problem in security that up to now has gone unsolved and never received the appropriate attention.

As our world rapidly changes with Covid19 and remote work, the security conversation is shifting to focus on whether an organization is using the correct  security technology in the appropriate manner. Axio360 allows a continuous model for improvement in security posture, you get much richer information about what your security organization has to do to accomplish its mission. 

Axio

As opposed to talking about cybersecurity as the simple binary decision of whether to implement a security technology or not? That reminds us of Scott’s interview, when he talked about the fort mentality of cybersecurity. It’s almost as if many professionals are still accumulating technology like bricks for their fort.

Dale

Yes, that’s true. Some security professionals are  focusing on particular pieces of technology for detection and monitoring for example, but very few that look at cybersecurity as a business problem.

It’s changing though because now a security leader has the power to say with a level of clarity and objectivity if what they are doing is effective and put a number on it.

Axio

You are seeing this change of thinking?

Dale

Yes, we’re still in the beginning stages of this transformation in cybersecurity culture.

A good parallel is the divide of sales and marketing teams in the early days of technology platforms. I remember when sales tech and marketing tech were distinctly managed by separate teams and people. There was no collaboration, insight, or effective communication. But the teams clearly needed each other to thrive!  These days just about any Martech stack has both the marketing and sales team collaborating.

The information security space has a similar type of divide. We see security technology and compliance technology treated as two distinct and separate things. The functions are dealt with by different people. And sometimes there’s antagonism between the groups. But we are seeing this slowly changing and these two very interconnected functions working together, as they should.

The best type of compliance is a reporting function generated by your day to day operational activity. This gives the best knowledge, that is not only poignant in the now, but can be leveraged to understand and plan for the future. What makes Axio360 unique is that it’s one of the first platforms to take that point of view. Treating compliance as just a test and memorizing the answers to pass the test  is not the right approach. You have to do the work, and gain a level of understanding, and then only take the test.


This concludes episode 1 of Risk Journeys with Dale Gonzalez. Subscribe to be the first to know when we release episode  2, where we discuss security control initiatives and better understanding the impact of cyber incidents.