Arceo appoints Mike Convertino as CSO

Mike Convertino, the former CISO of Twitter, Crowdstrike and F5 Networks as well as CTO of the Security Product Group at F5, has joined Arceo as Chief Security Officer and he is on a mission.

Mike, and a growing tribe of CISO’s from major enterprises, have begun a self-styled “CISO Revolution” not only to change how CISOs themselves are treated, but also fundamentally to alter the way companies perceive and support cyber security.

Collectively, the global cyber security market is expected to reach approximately $150 billion in 2020 – but hacks and breaches continue unabated and CISO’s are unfairly treated in the process. There are forces coming together that are giving rise to a CISO Revolution:

  • The need to discern fact from fiction in a world where few vendors’ products truly measure up to the hype.
  • There is a lack of acknowledgement of the inevitability of attacks – regardless of good security posture. New attacks form faster than new technologies, yet CISO’s are expected to bring immunity from attacks. This is not realistic.
  • CISO’s have a minimal voice in managing enterprise risk. Knowing that attacks will happen, CISO’s are best placed to define and refine the correct investment in risk management and transfer for their companies – yet are, at best, on the sidelines of the insurance conversation.
  • CISO’s are often unfairly scapegoated when an attack happens. In the majority of cases the CISO has planned well and deliberately pursued the right policies to protect the company, but will still be dismissed after a breach, causing an unwarranted blight on their career.
  • Many CISO’s now believe that insurance should be a key element in their security stack, representing at least 5 percent of the security budget. This would effectively double the cyber insurance market from the projected 2020 market value of $7.5 Billion to $15 Billion.
  • CISO’s want smart policies that are tied to the risks that they foresee and want a fair and accurate assessment of their company’s risk profiles.

“Tackling cyber risk requires cooperation between the security and insurance sectors – they’ve tried it alone – and neither solution is working,” said Mike Convertino, Chief Security Officer of

“CISO’s are in the cross-hairs and they are starting a revolution of sorts, demanding that if they are going to be held accountable, then they need the commensurate authority to drive cyber hygiene and cyber resilience.”

“Mike Convertino has seen first-hand from inside major US companies, the vendor community and the US military, why we need to crack the problem of finding real solutions to manage cyber risk. We are thrilled that Mike has joined us at Arceo on our mission to provide real value to insurers and end enterprises alike,” said Vishaal Hariprasad, CEO of Arceo.

Mike will partner with Arceo’s Insurance carriers, brokers and companies to provide insurance strategies that maximize a company’s resilience in the face of an attack, decrease damage to the business, and reduce losses.

“To assess risk properly there is a need for a fast and scientific approach to understanding an organizations’ exposure,” said Convertino.

“CISO’s are often only engaged in insurance coverage when it comes to filling out a long and meaningless questionnaire. It’s a one-size-fits-all practice that does not take into account the macro threat environment.

“Arceo is the only technology company that I have found with the ability to automatically and continually assess both micro and macro risk for a true risk assessment.”

In his most recent role with Twitter, Mike led the team that protected the company’s infrastructure and users from hacking and other types of compromises. He was an early employee at Crowdstrike and created Falcon Overwatch, Crowdstrike’s managed security service (MSSP) that protected clients from attacks in real time.

Like many in the security arena, Mike is a military veteran and served as the Commander of the US Air Force’s only Information Operations unit whose mission was to provide the US asymmetric cyber advantages.


Subscribe to the Help Net Security breaking news e-mail alerts:

More about

Don't miss