Why a former CISO belongs in biotech

Perhaps it’s no surprise that a former chief information security officer like Jim Foote, now CEO of biotech startup First Ascent Biomedical, compares cybercriminals to cancer.

“They’re parasitic. They want to evade detection. They’re constantly evolving. They’re constantly changing their tactics,” Foote told IT Brew.

Truly leaving the security world (and security lexicon) behind might be difficult. But don’t count Foote as one of the CISOs leaving the field amid the fatigue of liability chills or never-ending battles with cyber adversaries.

Foote’s transition from malware to medicine is far more personal. In 2006, Foote’s son Trey, diagnosed with bone cancer, died at the age of 16, leading his father to start the Trey Foote Foundation and ultimately shift to a new career—one that has at least a few helpful echoes of his IT days.

“Don’t ever let anybody tell you just because you’re a director of IT or chief security officer that you can’t solve complex problems outside of what you’re doing today,” Foote said.

Flipping a switch. Noah Berlow, co-founder and CTO of First Ascent, met Jim Foote in 2014 when Berlow was a grad-student researcher. Berlow later went to Children’s Cancer Therapy Development Institute, a lab supported by the Trey Foote Foundation.

Ever a fan of a good metaphor, Foote appreciated the young scientist’s engineering approach to treating cancer. Berlow thought of the cancer cell like a bunch of electrical circuits: switches on a wall that could be turned off, one by one. Berlow’s approach? To deactivate the right circuits, by finding markers and drugs to switch-off the markers.

“Having an IT and engineering background; that really resonated with me,” Foote said. He ultimately teamed up with Berlow and Diana Azzam, a doctor, to form First Ascent.

Foote’s former positions included stints as VP and CISO at the payment-tech company InComm and VP of global and technical services at the vehicle-systems provider ADP, where he set up IT infrastructure, call-center operations, and customer-support tech.

Though First Ascent formed in 2018, and Foote became the startup’s CEO, he still remained a tech pro in the IT and security profession—until 2021, when he left his global chief security technologist position at the IT automation firm Micro Focus to fully zero in on First Ascent.

“I realized that this is something that I can’t do part-time anymore. I’ve got to go all in,” Foote said.

Beginning the Ascent. To put a complex treatment technology way too simply: First Ascent uses machine learning (ML) to identify patient-specific treatments. A drug screening tests hundreds of FDA-approved drugs against a patient’s biopsy, and the ML approach finds the best combinations for the individual.

Given the need for funding as well as clinical-trial results, Foote and Berlow often have to pitch to both investors and the medical community. The scientifically minded Berlow frequently communicates to the latter; the enterprise pro Foote usually talks to the former.

“It becomes a fairly well-woven tapestry. We can collaborate very easily, putting together this story from two very different perspectives,” Berlow said.

An April 2024 study published in Nature Medicine highlighted Ascent’s combination-implementation of genomic profiling and drug sensitivity testing, also known as functional precision medicine. In a subset group of patients, the research “demonstrated a significant increase in progression-free survival and objective response rate.”

Foote sees parallels between his two career paths and finds his IT experience as a valuable guide at First Ascent. Both IT and advanced medical tech requires a level of persuasion according to Foote—a security pro may need to convince the board and the CEO that a particular cyber risk can cause major disruptions, a medical pro may need to convince both investors and the scientific community of a new approach to cancer treatment.

“You have to understand and develop a strategy to address each one of these gatekeepers,” Foote said of both professions.

One final IT/medical-field comparison: Both fields require determination.

“When you’re dealing with cybersecurity, you have to have this tenacious attitude of not giving up, of constantly worrying about the small little thing that you may be overlooking, that could ultimately be the thing that takes your company down,” Foote said.

In his colleague’s story, Berlow sees a special determination, one that goes beyond any comparison to the cybersecurity experience.

“It’s a story of somebody who had something taken from him that should never have been taken, and refusing to give up,” Berlow said.