Gary R. Hayslip, Director of Information Security, CISO

Gary Hayslip brings over 25 years of information technology, security leadership, and risk management experience to his role as the Director of Information Security, CISO, for SoftBank Investment Advisers. Hayslip’s previous executive roles include multiple CISO, CIO, Deputy Director of IT and Chief Privacy Officer roles for the U.S. Navy (Active Duty), the U.S. Navy (Federal Government employee), the City of San Diego California, and Webroot Software.

Hayslip is a proven cybersecurity professional; he has established a reputation as a highly skilled communicator, author, and keynote speaker. Hayslip co-authored the CISO Desk Reference Guide: A Practical Guide for CISOs – Volumes 1 and 2 and recently authored The Essential Guide to Cybersecurity for SMBs, which are considered among the leading books on enabling CISOs to expand their leadership and business expertise. Hayslip is currently on four security and technology advisory boards and writes for Forbes Technology Council. Hayslip is an active member of the cyber community, with memberships in the professional organizations ISC2, ISSA, ISACA, and InfraGard. He currently holds several professional certifications, including CISSP, CISA, and CRISC and has earned a BS in information systems management from University of Maryland University College and an MBA from San Diego State University.

Why I chose Cybersecurity as my field: In many ways it was a destination I found myself in after walking a long convoluted path through software development, network engineering and audit. I started out in IT because I loved computers and over time gradually moved deeper into how they were used in network environments and one day in helping triage a security incident I got the chance to troubleshoot and cleanup a breach. It was while working as part of a security team that I became fascinated about how to protect networks and I enjoyed serving my organization, it was then I felt like I had found my place.

CISO Desk Reference Guide Books

CISO Desk Reference Guide Volume 1

Volume 1 of the CISO Desk Reference Guide® provides a basis for any CISO — experienced, new to the role, or aspiring — to baseline their program and confidently assert strengths, weaknesses and next steps. In this book we pioneered the tri-perspective style to provide three distinct viewpoints on each topic.

CISO Desk Reference Guide Volume 2

Volume 2 of the CISO Desk Reference Guide® again uses the tri-perspective style to deliver a blueprint for CISOs to elevate their program and achieve excellence across all critical information security domains. It concludes with an exercise to assist the CISO in developing their own strategic information security plan.

Executive Primer

The CISO Desk Reference Guide: Executive Primer culls the executive and board relevant material from the two-volume set, and presents it in a concise form designed to educate the senior leadership team. The information is presented as a CISO’s eye view so the board or company executive can better understand the unique challenges the CISO faces and how to best support them.

Develop Your Cybersecurity Career Path

The CISO Desk Reference Guide: Develop Your Cybersecurity Career Path will show you how to enter the cybersecurity field at any level. Whether you are looking for an entry level position or want to translate years of experience to an entry at the right level, this book will help you explore the options for a career in cyber, and help you chart a path right for you.

Cyber Crisis Response introduces the SONAR Method™

Cyber Crisis Response introduces the SONAR Method™, a proven, proprietary framework for responding to and managing a range of cyber incidents, from singular events to the most complex cyber breaches and crises. Crisis response is complex, using the SONAR Method™ will help any practitioner take control of the incident before it escalates out of control.

A Comprehensive Guide to Application Security for CISOs

In today's world, cybersecurity is more important than ever. Application-based attacks are on the rise, and organizations of all sizes are at risk. Legal, regulation, customer demands, and business requirements push organizations to create trustworthy software while improving the process transparency to the stakeholders.

Case Studies

In the CISO Desk Reference Guide: Case Studies, we will present a dozen or so high-profile breaches from the perspective of what controls and best practices could be deployed that would help prevent a similar breach from happening again. The objective is to learn from our adversaries and improve our collective defenses.

Vendor Management

From meeting regulatory requirements for assessing third-party risk, to understanding where your data resides externally, to understanding who has access to your data and your systems, vendor management has become an essential discipline for managing enterprise risk. The CISO Desk Reference Guide: Vendor Management will be the foundation of your vendor management program.

The Essential Guide to Cybersecurity for SMBs

The Essential Guide to Cybersecurity for SMBs is book one in the CISO Desk Reference Guide small business series. The essays included in this book provide both security professionals and executives of small businesses a blueprint of best practices to protect themselves and their customers.


Webroot CISO Gary Hayslip Discusses Differences Between Public and Private CISO Roles in Techwire Articles

Gary Hayslip, VP and CISO of Webroot and NTSC Advisory Board Member, recently published a pair of articles in Techwire that discuss the nuanced differences between a public and private sector CISO’s roles and responsibilities. His commentary, So, You Want to Be a CISO, taps into Hayslip’s experience as both a federal government and large municipality CISO. He talks about public sector CISO budgeting, working with the CIO, maneuvering through existing departmental relationships, procuring, and dealing with lags in technology investments. His other article, A Career CISO’s 7 Observations on...

read more

Smart Cities: How Data and Visibility are Key

ISACA recently conducted a smart cities research survey in which it asked approximately 2,000 security and risk professionals questions focused on smart cities and their management, risks, and future technology initiatives. As a recovering city CISO, I can tell you that many of the survey questions were typical ones asked about smart cities. One question that caught my eye regarded what technologies were believed to be essential for the “security/resilience preparedness” of smart municipalities. This question was of interest to me because city environments are collections of disparate...

read more

CISO Manifesto

Q3 2017 CISO Manifesto is a destination for chief information security officers (CISOs) to share their observations, thoughts, and frustrations. The manifestos are written by CISOs, for CISOs. POINT OF VIEW 10 Rules for Cybersecurity Vendors Why marketers fail at selling to CISOs… and what to do about it. – Gary Hayslip, VP & CISO, Webroot San Diego, Calif. – Aug. 8, 2017 So as businesses today focus on the new opportunities cybersecurity programs provide them, CISOs like myself have to learn job roles they were not responsible for five years ago. These challenging roles and their...

read more

More About Gary

Gary Hayslip Never Stops Giving Back

Gary Hayslip is a prolific contributor and has generously lent his time in support of the startup culture.

1.… – Articles published in Forbes as a member of Forbes Technology Council.

Gary has been a featured speaker at RSA for several years

1.… – RSA Conference profile, lists 5 keynotes given between 2015-2019.

Gary is a prolific writer on a wide range of topics:

1.… – National Technology Security Coalition includes two articles about a CISO’s first 100 days and the differences between a Public and Private Sector CISO role.

2.… – ISACA blog on how data and visibility are key for securing smart cities.

3.… – CIO Review article about the life skills I have learned from mentors.

4.… The Top Five Life-Skills I Have Learned from Mentors in My Career as a CISO