Jonathan Fischbein is the Chief Information Security Officer for cyber security vendor Check Point Software. He has more than 25 years’ experience in high tech security markets, shaping security strategies, and developing ad-hoc solutions to help large corporations mitigate security threats.
What was your first job? I spent several years in the Israeli army specializing in law enforcement, but my first cyber security job was in 1999 as the security operations center (SOC) founder and manager at Bank Leumi. My mission was to build a 24/7 operation that would guard all the financial secrets and assets of the new digital world and it is still there today, and has continued to work for all those years without interruption.
How did you get involved in cybersecurity? From a very young age, 11 or 12, I started playing with computers, so I had an interest even then. It was while I was in the military though that I was also given the opportunity to work in data security. This was around 1996.
What was your cyber security education like? My education is based on almost 25 years’ experience dealing with cyber security, but with regards to university, I studied Computer Science with Business Management, although I only finished about 60% of the degree. I do, however, hold various certifications in network management and cyber security, and I also have a certification in pragmatic product management. At the age of 25, I was a part-time IT Security instructor in a technology college.
What do you feel is the most important aspect of your job? I think the most important aspect is the responsibility that I carry in making sure that we are delivering the highest standards of cyber security to protect Check Point Software from the evolving and evermore sophisticated external threats or even internal threats. It is a 24/7 responsibility, and not only as a cyber security leader, but also as a business executive driving positive change and supporting new tech.
Cyber security is constantly changing – how do you keep learning? To be a CISO or to deal with cyber security on the mitigation side, on the blue team, it’s not a 9-5 job. It’s almost 24/7. There can be new discoveries at 11pm or 4am, and it pushes you and your teams to always keep up and stay relevant against the threats. The positive to this is that it’s never boring. Sometimes there will be things that you find very hard to understand, which is why you need allies within your organization. Check Point’s threat intelligence team – which are of course the people who are investigating new threats and campaigns – will help me. They’ll say “look Jony this is not relevant for you, or this is relevant for you because you have two servers that might be vulnerable”. They are a bit like a team of doctors advising on Covid-19 safety precautions. With the same types of indications, the threat intel team can help us to understand the level of risk and how urgently we need to treat it.