Why I Joined Elisity as Field CTO: Making Microsegmentation Actually Work

When I joined Elisity as Field CTO, the executive team sat down with me to talk about why I made this move, what I've learned over 25+ years in cybersecurity, and what I hope to accomplish in this role. Here's our conversation.

Elisity: You've been in cybersecurity for over 25 years. What's the one thing you find yourself telling CISOs over and over?

For years, I've told CISOs across industries the same thing: "You can't protect what you don't know you have." Simple words, but they capture a problem I've watched security teams struggle with at every organization I've worked with—how do you secure tens of thousands of devices when you barely know they exist?

After working in complex enterprise environments—from healthcare and manufacturing to financial services and critical infrastructure—I knew I wanted my next role to focus on solving this exact challenge. That's why I joined Elisity.

Elisity: Walk us through your background. What shaped how you think about security?

My career took me through roles at PwC, CA Technologies, Deloitte, and KPMG—places where I built security programs for major enterprises across multiple industries and helped organizations tackle complex compliance and privacy challenges. Most recently, I focused on helping enterprises gain visibility into sprawling device inventories and implement practical risk reduction strategies.

Working with CISOs, operational technology teams, and business leaders taught me something crucial: security tools must work in the real world. Critical systems can't go offline for patching during operations. Production environments worth millions per hour can't tolerate disruption. Business operations never get put on hold.

I've helped write control objectives for industry frameworks, worked on standards for operational and industrial systems, and spent countless hours with technical teams figuring out how to protect legacy devices never built with cybersecurity in mind.

At conferences and in podcast interviews, I skip the fear tactics. I talk about what actually works—how to gain asset visibility without disrupting operations, how to segment networks while keeping business workflows smooth, and how to build security programs that boards and executives understand and support.

Elisity: What problems have you seen kill microsegmentation projects?

Over the years, I've seen the same issues kill microsegmentation projects:

Old-school methods don't work. Traditional microsegmentation requires years-long projects, massive hardware investments, complex VLAN redesigns, and—here's the killer—taking systems offline to implement. For organizations where operations can't pause or environments where downtime costs millions per hour, these approaches become non-starters.

I've watched organizations start segmentation projects and abandon them halfway through. I've seen facilities choose no segmentation over disruptive segmentation. I've spent time with security teams who know they need better protection but can't find a path forward that doesn't compromise operations.

Vendors oversell and underdeliver. Security leaders evaluate multiple solutions, get overwhelmed by competing claims, and struggle to understand how different approaches actually work in their environments. Many delay decisions because they can't find a path they trust.

Pressure keeps building from every direction. Regulatory frameworks across industries—whether HIPAA for healthcare, PCI-DSS for financial services, or IEC 62443 for industrial systems—increasingly mandate network segmentation. Zero Trust frameworks like CISA's maturity model explicitly require it. Cyber insurers now make microsegmentation a prerequisite for coverage. Without it, you face higher premiums or reduced coverage—if you can get covered at all.

Data breaches cost organizations millions per incident, with costs varying by industry but consistently climbing year over year. Organizations across sectors lose millions annually to operational downtime from security incidents. These aren't abstract numbers. CEOs and boards want answers about these budget lines.

Ransomware groups target organizations with operational urgency—whether that's healthcare facilities, manufacturing plants, financial institutions, or critical infrastructure providers. Attackers exploit this pressure, using lateral movement to maximize damage. Over 70% of successful breaches involve lateral movement tactics—exactly what microsegmentation prevents.

Elisity: So with all these challenges, why did you choose Elisity? What convinced you?

I've evaluated many microsegmentation solutions over my career. Most promise a lot but can't deliver in complex operational environments. Elisity does something different.

Speed that actually works. Elisity's platform finds every device on a network—including unmanaged IoT, OT, and IoMT devices that other tools miss—and applies identity-based microsegmentation policies in days, not months. No agents. No downtime. No forced network redesigns.

Results I can verify. Organizations using Elisity cut total costs by up to 73% compared to legacy approaches. They've reduced incident containment times from hours to minutes. They've achieved comprehensive segmentation that cyber insurers and regulators demand—without multi-year timelines and operational disruption.

Platform that works across industries. Whether healthcare facilities protecting patient data and medical devices, manufacturing plants securing operational technology, financial institutions meeting strict compliance standards, or critical infrastructure providers protecting essential services—Elisity's approach adapts to each environment without forcing organizations to change how they operate.

Technology I trust. Elisity's identity-based microsegmentation uses existing network infrastructure—no rip-and-replace required. The platform discovers and classifies every device automatically, creates policies based on business context rather than IP addresses, and enforces those policies consistently across the entire network. It's the kind of solution I've wanted to see for years.

Elisity: What does success look like in your new role?

Success means helping security leaders across industries solve problems that have held them back for years.

I want to help CISOs:

• Stop lateral movement without disrupting business operations
• Meet regulatory requirements without multi-year projects
• Reduce cyber insurance premiums through proven controls
• Gain comprehensive device visibility across IT, IoT, OT, and IoMT
• Implement segmentation in weeks using existing infrastructure
• Get board and executive support through clear business outcomes

Security leaders across industries face enormous pressure right now. Threats keep evolving. Regulations keep tightening. Budgets stay constrained. I've been on your side of the table, and I know how hard it is to find solutions that actually work in complex operational environments.

That's what I'm here to help with.

A Note to Security Leaders Reading This

Evaluating microsegmentation solutions or trying to figure out where to start your Zero Trust journey?

Schedule a demo to see how Elisity enables enterprises across industries to achieve comprehensive segmentation in weeks, using infrastructure you already own.

Or connect with me on LinkedIn. I'm always happy to discuss specific security challenges you're facing. I've been where you are, and I've helped organizations like yours figure out what actually works.

Because across every industry, security isn't just about protecting data—it's about protecting operations and enabling the critical missions these organizations serve.