Expel insider · 4 MIN READ · SCOUT SCHOLES · DEC 12, 2024 · TAGS: Announcement
TL;DR
- Greg Notch, CISO at Expel, is transitioning to his new role as Expel’s Chief Security Officer (CSO)
- From being Expel’s first customer at the NHL to being our CISO, this new title is the natural evolution in his mission to keep our customers secure
- His unique POV will allow him to successfully represent both customer and business needs within the leadership team at Expel
Expel CISO Greg Notch is transitioning to a new role as our Chief Security Officer (CSO). We had the chance to sit down with him and discuss what’s behind the shift, what it means for him, and how he’s going to use his new powers for good (security).
Some long-time Expel employees and customers already know that Greg Notch was Expel’s first customer. At the time, he was working for the National Hockey League (NHL), and had just accepted a role as its first CISO. He had been tasked with securing the NHL in the wake of the massive Sony breach. The mission was to prepare the NHL’s defenses for the age of advancing cyber threats and keep the fans, players, and league’s data secure. The common path at the time was to embrace SIEM and MSSP solutions, but Greg knew from his peers and his own experience that available solutions were expensive, inefficient, and didn’t quite solve the problem he’d defined.
After hearing about Expel’s novel MDR approach through his network of venture capitalist friends, he sat down with our founders for dinner, and by the time dessert arrived, they were finishing each other’s sentences and he was sold. And after being a customer for over five years, he became Expel’s CISO in 2022.
What he’s accomplished as Expel’s CISO
When asked, Greg highlighted three major achievements during his tenure as Expel’s CISO:
- Bringing disparate parts of the organization together to improve customer’s security
- Bringing the perspective of the customer to every part of the organization, from product to engineering, to marketing and sales
- Improving the security of Expel’s products and systems
While these might sound general, he continues, security is about making progress in inches, not yards. It’s a process of looking at those small steps and understanding how they help the bigger business goals. “Good security is about continuous improvement, it’s not a moment or a destination.” While other leaders can define moments of success—like new product launches or a great viral social media moment—it doesn’t work like that in security. Good security is boring; great security is invisible. The key is to remember where you started and how far you’ve come in advancing your security maturity (and knowing how to communicate those “boring” wins to the rest of your leadership team effectively). The main goal is to align security to the outcomes of the business so security feels like a part of the mission.
And as a previous customer, Greg’s transition from Expel customer to Expel CISO allowed him to bring a new perspective to the company that he shared across teams. His experience has bridged a gap that often exists between customers and businesses, and his understanding of securing customer data in everything we do—from marketing to IT—matters. “At a minimum, we have to be good stewards of data for our customers, and it radiates out from there, for our internal teams, too.”
Defining his new role as CSO
Now, the biggest shift in Greg’s priorities is his audience. He’s expanding his audience from internal security stakeholders to also include external customer-facing stakeholders. As his niche moves, he plans to spend more time with customers to understand their evolving needs while improving product delivery.
After spending the last few months preparing for his changing role and getting key leadership and teams in place, he’s already hitting the ground running. This expansion of his focus now makes him responsible not only for our SOC, but also customer success and post-sales too, ensuring that the customer experience is seamless (and secure) from one end to the other.
“This new role lets me achieve the reason I came to Expel in the first place—I wanted to help other companies be more secure. Previously I got to do that back-of-house, but now I get to go to the front lines and ensure we’re delivering high-quality security for our customers. The buck stops with me for providing good customer outcomes, and that’s an exciting opportunity.”
What he’s learned so far, and what he’s planning for 2025 and beyond
In preparing for this new role, Greg shares that he’s learned a lot from the old and new team members around him. “In 2025, I’ll be spending more time with customers. Security is not a static space, and it’s a team sport.” In this full-circle moment, Greg has gone from being the customer to directly working and advocating for customers, making him uniquely qualified for the job.
And he’s using that experience to define what being a successful CSO is—for himself, Expel, and for our customers. “It’s a pretty new role if you think about it, and it’s critical to be able to blend business and technical expertise to execute it effectively—the two can no longer exist in silos.” Greg has always been a proponent of “living in the business tent” and the importance of honing financial literacy for security leaders, and he stresses that expectation even more heading into 2025 and beyond. “Security has to have a seat at the table for businesses to stand a chance against the threats they’re facing. That requires CSOs and CISOs alike to be able to translate security risk into business initiatives, or risk losing already too-strained budgets.”
He’s also learned a lot from his time leading our SOC, as well as takeaways from our customer success teams. “Good customer success management is difficult. It combines the need for very good people skills with strong technical understanding to not only maintain relationships, but walk-the-walk when it comes to the services provided. We have an excellent customer team, and I’ve already learned a lot about the challenges in picking the best path forward for all our customers. It’s not one size fits all.”
He continues, “Meanwhile internally, our SOC is relentlessly mission-focused. These are folks who get up and spend 10 hours a day (sometimes more) looking at a screen where an alert comes in every minute, and are asked to make difficult decisions on behalf of our customers. It’s unbelievable to watch them work, and they do it nights, weekends, on holidays, every day around the clock.”
In closing out his thoughts on this next role, Greg reminds us again that security is a team sport. And since he’s played for both teams, he’s ready to usher Expel—and our customers—into a new era of security, by and for the customers.
