Meet chef-turned-CISO Myke Lyons

What do a kitchen and an IT group have in common? More than one would think, actually.

Myke Lyons, now the cybersecurity and information security officer (CISO) for Cribl, a software company that specializes in data solutions and tools for security and IT teams, started his career in culinary school before realizing he had a passion for cybersecurity and IT.

Lyons said that he loves watching individuals early in their cyber careers “go through these epiphany moments when you could just look in their face and see that they just unlocked a box that they’ve been trying to get unlocked for a while.”

What gets him excited, he adds, is “the human side of seeing people just flourish and grow and do things they didn’t think were possible.”

Lyons sat down with IT Brew to share how he went from serving up deliciousness in culinary school to protecting servers as a CISO.

The conversation has been edited for length and clarity.

Why were you interested in being a chef, and what that was like?

I went to culinary school with the full intent to become a chef. It was very early, and the things like food TV were not that long out, maybe only a couple of years, and I had a great experience cooking. I’ve been cooking since I was 14, 15 in restaurants, [but] I ended up getting a summer job. The summer job was at a large advertising agency, and they had just won the Xerox printer advertising business and the printers they had everywhere were HP printers…Immediately, overnight, these HP printers became the worst printers in the whole wide world, because they weren’t Xerox. I got to move computers around, these giant printers around, in the back of a cart.

There was a woman who was helping me at the time…She taught me some of the very early basics of what a printer driver was, what a three-and-a-half-inch floppy disk was.

My wife…taught me how to copy and paste, so I was not a tech person.

How did you get interested in technology and what was transferable from being in culinary school, if anything at all?

One of the things that I discovered was that so much of the culinary field, oriented around recipes and processes, this has to happen and then that has to happen, started to just map back into the way that technology was deployed.

Very quickly, after moving these printers, within a matter of days people…would ask me for an additional level of help because I was an IT person at that point. Even though I didn’t really know anything about it, I was still part of the IT team. I remember being asked, “Hey, well, since you’re here, can you look at my email?” Something to that effect. I didn’t want to say “no,” because in my interpretation, everyone—because I came out of a service industry—was an executive. It didn’t matter what role they were.

The thing I found pretty interesting when I was looking around on the search engines at the time, which was not Google, I would end up in these forums. It turns out that they were hacker forums and there were people talking about all different stuff…learning how to make a key generator so you could enter a key into a software package that you may or may not have paid for. And they would talk about the algorithms there. Then there was the idea of ports and IT addresses.

[I was] sort of obsessively going after all this information and learning all this information…In the back of my mind, I realized a couple things. If I could just say, do I have my preparedness: [Do] I have the software that I need, I have the hardware I need, I have the program…that I need; these would be what you would equate to as mise en place in the culinary world, which is effectively all your ingredients prepared and ready to go and you could then do whatever the activity was.

So, now you’ve made this journey into being a CISO, what keeps you up at night?

I think I have fairly typical CISO traits. Stuff that keeps me up at night are that attackers are way more persistent than ever. Where we are now, where these are exceptionally large, complicated businesses with CEOs and CFOs and they run tons of different activities like every other business in the world would run, and it’s just unreal. Why I say that’s so concerning is because [bad actors are] dedicated to effectively watching me slip-up or having some weakness.

There’s also a significant amount of stigma attached to the mistake, to getting compromised, and I think what keeps me up at night is that we haven’t been able to detach the stigma from the event.

I feel that people are being attacked in more complicated ways than they could ever imagine. I’m sure you’ve received a million text messages that say things like, “Hey, how are you?” or “Hey, I’m gonna miss dinner tonight,” or some text from a number you’ve never seen. I get 10 a day, so what keeps me up at night is someone clicking on one of those things.

[I] also would say that AI adoption is keeping me up at night. Not me adopting it, not my company adopting it—I couldn’t be more excited and I think that’s going to improve our businesses massively. But the fact that when we adopt AI, as a company, we have to be very thoughtful. These attackers, they’ve been adopting AI way before us, and they are full-on using it day in and day out.