Chef to CISO: Empathetic Approaches to Cyber Leadership TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsApplication SecurityAI-Generated Code Poses Security, Bloat ChallengesAI-Generated Code Poses Security, Bloat ChallengesbyRobert Lemos, Contributing WriterOct 29, 20256 Min ReadVulnerabilities & ThreatsOracle EBS Attack Victims May Be More Numerous Than ExpectedOracle EBS Attack Victims May Be More Numerous Than ExpectedbyAlexander CulafiOct 28, 20253 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificRecent in World See AllThreat IntelligenceSilver Fox APT Blurs the Line Between Espionage & CybercrimeSilver Fox APT Blurs the Line Between Espionage & CybercrimebyNate Nelson, Contributing WriterAug 8, 20253 Min ReadThreat IntelligenceIran-Israel War Triggers a Maelstrom in CyberspaceIran-Israel War Triggers a Maelstrom in CyberspacebyNate Nelson, Contributing WriterJun 19, 20255 Min ReadThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsLibraryNewslettersPodcastsReportsVideosWebinarsWhite papers Partner PerspectivesSEE ALLCybersecurity OperationsCybersecurity CareersRemote WorkforceCyber RiskInterviewsCybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.From Chef to CISO: An Empathy-First Approach to Cybersecurity LeadershipFrom Chef to CISO: An Empathy-First Approach to Cybersecurity LeadershipFrom Chef to CISO: An Empathy-First Approach to Cybersecurity LeadershipMyke Lyons, CISO at data-processing SaaS company Cribl, shares how he cooked up an unconventional journey from culinary school to cybersecurity leadership.Kristina Beek, Associate Editor, Dark ReadingOctober 28, 2025Source: Dark ReadingAt a GlanceMyke Lyons prioritizes hiring based on curiosity and hunger for learning.Cybersecurity professionals must continuously learn and leverage AI tools, focusing on getting security right consistently.Mentorship isn't a single relationship but involves learning from multiple people across different roles.Welcome to Dark Reading's "Heard it From a CISO" video series, showcasing advice on breaking into and advancing within the cybersecurity field from those who have been there.In our latest installment, Dark Reading associate editor Kristina Beek interviews Myke Lyons, chief information security officer (CISO) at Cribl, who shares his unique background of working in the culinary world as a chef prior to pivoting to cybersecurity. His journey from culinary school graduate with dreams of becoming a food critic to leading cybersecurity at a major IT and security data pipeline company gave him a unique sense of discipline (mise en place, recipes, service culture), and shaped his approach to security strategy and crisis response.Rather than focusing solely on technical credentials or a formal cybersecurity education, Lyons prioritizes curiosity and hunger for learning as the most critical qualities in potential hires. His approach emphasizes empathy as a cornerstone of security culture, encouraging his team to view security incidents not as failures to be punished, but as opportunities to coach and educate colleagues.Lyons also ladled up a pragmatic perspective on the future of the industry. He acknowledges that artificial intelligence will fundamentally change both offensive and defensive cybersecurity operations, requiring professionals to be more thoughtful about technology adoption while maintaining focus on measurable outcomes. His advice to newcomers remains consistent with his values: perfect your craft, work for organizations you believe in, and never stop learning.Related:NIST Enhances Security Controls for Improved PatchingAlso, check out our other installments in this series: "Fastly CISO: Using Major Incidents as Career Catalysts" with Marshall Erwin, CISO at Fastly; "From FBI to CISO: Unconventional Paths to Cybersecurity Success" with Kaseya CISO Jason Manar; "Cyber Career Opportunities: Weighing Certifications vs. Degrees" with longtime CISO Melina Scotto; and "Male-Dominated Cyber Industry Still Holds Space for Women With Resilience" with Weave Communications CISO Jessica Sica.Cribl's Myke Lyons: Full Video TranscriptThis transcript has been edited for clarity.Kristina Beek: Hi, everyone. My name is Kristina Beek, and I'm an associate editor with Dark Reading. I'm here for another episode of "Heard it From a CISO," and today I'm joined by Myke Lyons, CISO at Cribl. Thanks so much for being here, Myke.Myke Lyons: Nice to meet you, Kristina. I'm glad we're gonna have this conversation today.KB: Awesome. So, let's just start from the beginning. Why don't you tell us about your current role as CISO and what Cribl does?Related:When One Hospital Gets Ransomware, Others Feel the PainML: Fantastic. So, I'm the CISO here at Cribl. At Cribl, we are the IT and security data pipeline and telemetry solution. We are really aware what's important to IT and security folks is trying to learn and manage and deal with the volume of data that is coming out of their systems and their software and their SaaS technologies and trying to help ensure that the right data goes to the right place as quickly as possible to ensure that you're applying the right dollar amounts to the right places, but also getting insight and context around the various threats and disruptions that we see across various businesses, both in IT and security.KB: Awesome. So CISO is kind of sort of like viewed as like a top cybersecurity leadership position. And for some people it takes, you know, it's a long road to get there. What does your education and just career background look like and how did you first get involved in cybersecurity, and I know this is a bit unique for you since you have a background of being a chef.ML: I do. I thought it was so regular. Everybody went to culinary school and they end up being a CISO. I thought that was the path we all took. I guess it is a bit unique. I wanted to be a chef and then I wanted to be a food writer and then I wanted to be a food critic. And so, I went to culinary school. I was fully in the culinary world. I went and got a summer job moving printers for a family company or a friend of family company and I was pretty good at picking things up and putting them down. The woman who I was partnered with was the tech side, and she was smaller than most of these printers that we were moving around at that time. So, I was her muscle and she was the brains of the operation, and probably still is the brains of the operation. Frankly, she taught me how to do things like copy and paste. My wife was actually way more savvy or is way more savvy with technology than I am now, and so I kinda learned how to use a computer by learning how to break them in many ways. So, I would get computers sort of out of the bin or they were getting deprecated and I would start to build little labs and things like this to really get under the hood. Learn about IP and learn about OSI models and application deployment, how automation and workflows worked, how data was moving and was important to us. And so interestingly enough, my first security job was actually in logging and in telemetry. And so that was back a long time ago, like 2003, and now I'm sort of full circle back in a full-time security role, but at a company that does telemetry and deals with logs and traces and metrics and things like that.Related:Personal Liability, Security Become Bigger Issues for CISOsKB: Awesome. Would you say, so you talk about how you were fully in the chef culinary world before transitioning into cyber. Once you were in cyber, would you say that becoming a CISO was like a goal of yours or did it sort of just happen along the way?ML: I don't even know that there were any CISOs in 2003, 2004. Maybe there was, but it would have been like the earliest. So, it was very IT oriented job. So, CIO was sort of the pinnacle of the career for a technologist. I really wanted to be like an architect. I always wanted to be that super technical person and diving in. And then I kind of hit a point at which I started doing some people management for a few years and I realized that there was a broader opportunity within just technology as a market and as a group of people to help others sort of uplift themselves from whatever they were thinking they were doing, a conventional role that they were maybe going after, like doctor, lawyer, plumber, electrician, those types of things. And there was this other really budding space, which was like technology was changing so quickly and there was just a gap. And I think the background of the individual or their experience or what they did was less critical. And what was really important was their sort of eagerness to learn and to take those sort of learnings that they had had about how to learn and run with them. And so, as the CISO, I started to realize that there was a way to tap into others and sort of curate that or grow that or fertilize that or whatever analogy you'd like to use to just get them excited about these things. Or if they were excited about learning, maybe this was an area that was super interesting to them. And so even to this day, I don't necessarily hire people based on where they were or what education that they have. Not that I don't think those things are important, but I think it's the personalities and that eagerness that is the most critical for anyone trying to get into cyber.KB: Awesome. So, in terms of you, you brought up hiring people. How would you say is the best way for someone to enter this field, whether it be like what kind of roles to apply to or what kind of background to have, whether it be like a formal cyber-related, you know, four-year degree or maybe different certificates that they could get. Like what would you advise?ML: I don't know that there's any school out there that has functional practitioners that are teaching all of the subjects. So, I would anticipate that take the learnings that you've had from university, whether it's a cyber learning or just some other learning, could even be a chef's learning or culinary or knife skills or something like that. What I would really start to think about is, is there a better way to do what you're seeing? Like if you're a person who's getting phishing messages, cause you probably are, everybody gets them, whether they're LinkedIn or WhatsApp or Instagram phishing messages, like they're coming. I get text messages from random numbers on a regular basis. Are you curious about that? Like, is that something that would be interesting to you to find out how those things happen, where they come from? Like, what's the etymology of that particular text message that you've received? And then the next thing is we're coming up against arguably the most interesting time in technology, and that is this adoption of AI capability. Which who knows what the limits are there? I don't, and I don't know that anybody does. I think the upside is just so amazing. So, if you're coming out of school, I've met with some more parents of these graduates rather than the graduates themselves that are like, well, they know they graduated and their job that they were going to go for is going to be replaced by AI. It's not. It's not that we're going to hire someone who comes in with these learnings or how to understand how to use these things to automate repeatable tasks or to make things faster or to run investigations differently. So, leveraging what is available to you either free or pay or some sort of hybridized version of that. I think that's the most important thing that I'm looking for a candidate is like their curiosity level. I'd love it to be at like an 11. So, hunger and curiosity are the most probably the highest things that I'm looking for out of anyone that I meet for a role.KB: In terms of the people you work with or manage now currently, what stands out to you? What qualities do they have? And I know you just said like, you know, you're looking for curiosity, hunger in terms of people you're hiring, but you know, in terms of like how people you work with, how they deal with problems that come up or, you know, whatever in that realm, what's what sticks out to you?ML: I think the most important thing for me is empathy for the individuals that are involved in the security thing, whatever the thing is. So, one would be if you're finding application security defects, that you have empathy for the person who perhaps introduced this defect that they didn't do it intentionally. And so that's one. The other one is like maybe a salesperson who's not super tech savvy and clicked on a link or did something and now it's bad having an opportunity to come in and coach them through this scenario sort of like reducing some of the deescalating or reducing the tension attached to this stuff or the stigma in many ways. All the folks on my team, it might be like that person's sus or whatever the case may be. But under the hood, really what they mean is like, "Hey, there's an opportunity for me to help them get better and also deal with the onslaught." I've had executives that have done things. We're very technically savvy and it's you have a weak moment or you get distracted because you're a busy person. Just coming at it and approaching it with a very thoughtful culture-oriented response is very important for me. Probably the top characteristic of my team. I'm super fortunate. And that I have people from ages, from end to end, backgrounds from end to end that are all part of the team. But one of those core principles that they all follow with is empathy and trying to grow culture because culture scales. Culture is the most important thing in any company, whether you're talking about it from an MBA's perspective of culture eats strategy for breakfast kind of stuff, security culture is very easy to lose. Trust is exceptionally easy to lose. It's hard earned and so earning that trust of people that you are a go to team that will help you and make you better and safer and make the company thus better and safer. Maybe make their network better and safer. Those are the things that I think are most critical for me and anyone who's part of my team.KB: And on the topic of, you know, culture and the people you're surrounded with in a company, it makes me think of mentorship. And I wanted to ask if there have been any, you know, notable mentors in cybersecurity in your journey or even in culinary and in this transition, whether it be, you know, personal or career oriented. And what would you advise people to look for in a mentor?ML: Thanks for that. A good question too. I don't think people think enough about what a mentor is, or they think there's some like series of boxes you tick because you have to have a mentor. First off, there's never one. There's going to be numerous folks and depends on what their experience are and depends on how you have chemistry with that individual. I think that's probably the first important thing is having that chemistry, I've learned from people that were board members and maybe they didn't know that they were mentoring me, but I called on them constantly. I call on people that are in sales. I have friends in sales that are in sales roles that are seasoned professionals there. I have CISO mentors and one of the things that I'm looking at is like what is from their experience, can I learn from? Is there an opportunity for them to tell me a story that I can perhaps translate into my own experience so that I can react in ways that are important? I have a CISO mentor of mine. It's very applicable to a CISO type role or a security leader type role. As he said, the last thing that you're going to change when the house is on fire is the security system. And so I think about the fact that like if I'm going to take a role in a company, is this a company that is flourishing or growing or new things are happening or its stable versus the other side like, hey, we're going to hire a CISO because we had a breach and oh, by the way, our financials are currently not doing so strong. And so, if you want a job where you're going to grow and learn, those are the companies. You want to go to the stable companies or the growing companies versus the other. Those are just like key phrases that I sort of really take to heart to this day on the culinary side. I think it was appreciation for people's craft that was most interesting to me. There's a movie about a famous sushi chef in Tokyo. Jiro is his name, and there's a show called Jiro Dreams of Sushi. If you haven't seen that movie, it's a fantastic movie. But it is about how he has spent his entire life, his entire life. He still works a bit and he's in his 90s about making the best sushi ever. And why it's so interesting is because it was the first single food style or single dish style restaurant to ever achieve 3 Michelin stars, which is like the highest ranking for a restaurant. And it was sort of denied initially, like, no way, you can't just have sushi and get three stars. All these other restaurants do courses and white tablecloths and you're in a subway station. And then when they said, you know, challenge us on our opinion, go there. And everyone who went said, "Oh my gosh, this is like the perfect sushi."KB: Awesome. I love that. One of the last questions I have for you, and I would just love to know your opinion, is what does the future of cybersecurity look like to you?ML: It's going to have AI sort of buttered all along the top of it, both from a defense and an offense perspective. And then we're going to have to teach people about adopting the right things or being exceptionally thoughtful. So to the culture or the criteria by which you're going to make a choice as to whether or not this AI is going to be the right thing for a sales leader or an enterprise apps team or an engineering team or a people manager or people like HR folks, they're all gonna have their needs and they're all going to start to look to adopt new technology. So, I think that's gonna be the biggest change in cyber is going to be that like something you did previously is going to now be done faster or different and the potential is just like don't think about that tiny little problem you have every day. But I do have to say that anyone who's looking at adopting new technologies in the cybersecurity world is firstly understand that the attackers have access to just about everything that you have. So, they're going to come fast and they're going to come hard at you and its they can make a lot more mistakes than you have. So, you have to focus and ensure that you're getting right every day what they can have the opportunity to get wrong. And then the next thing is when you're thinking about adopting a technology that has AI in it, make sure the technology has a very solid use where you can measure that particular technology itself. And then as yourself, like always be learning, always be hungry, constantly look for adjacencies within industry that is advancing I think this is one of the first times where cybersecurity is probably caught up or at least on par with a lot of other types of organizations about adopting new technologies and it's great to see that and I think it's in response to the fact that the bad people are coming at us faster and harder and they have these capabilities. Previously, if there was some nuanced, like better engineering thing, it wouldn't necessarily have a direct impact on security now. There is a direct impact for a lot of these newer technologies. So, you've got to stay ahead of it and constantly be learning. It's that it is a subject matter where learning is the greatest part of it. And make sure that you stay true to those empathetic parts that you have within your body in your heart, and remember, like there's a bunch of bad people out there, but there's a bunch of good people on this side too. And create that network and curate that network and make sure you find your friends.KB: For sure. I know we talked about a lot, but any last words of advice to whether it be fresh grads or people who are maybe chefs right now looking to pivot into cybersecurity? Any final words for them?ML: Perfect your craft. You know, stay with it. Put your heart in it. If your heart's not in it, it's not going to be in it because you've worked harder at it. Get a role that you like. Work for a place that you believe in, that you think is doing the right thing. Work with people that you like to work with. Don't just work somewhere because they've got a flashy name and if you're really interested, you know we're always hiring here at Cribl. I'd love to have the opportunity to meet you or connect you with one of the amazing people that I know in the industry to get you a new role because it's a great industry. I look forward to my kids getting out in the workforce at one point and maybe they'll take cyber in. Maybe they'll take culinary. My daughter cooks all the time with me. It's impressive to have a 10-year-old who can make dinner for you. Not just mac and cheese out of a box, but real dinner. My son can also cook too, and it's great. So, I think she's got a mind that I can see where her first couple of roles can be and he has a mind where I can see his roles being in cyber, both of them. So, there's a lot of paths. It's not a big, it's a big wide industry. It's not like cyber means I hack code all day or I repair vulnerabilities all day. It can be a million different things and there's skills I think so many grads are going to come out with, that'll be a great fit for the cybersecurity community.KB: Awesome. Well, thank you so much for this conversation. I greatly enjoyed it, and I know it'll be so helpful for people looking to go into this industry.ML: Excellent. Thank you, Kristina. This has been a good conversation.Read more about:CISO CornerAbout the AuthorKristina BeekAssociate Editor, Dark ReadingSkilled writer and editor covering cybersecurity for Dark Reading.See more from Kristina BeekMore InsightsIndustry ReportsMiercom Test Results: PA-5450 Firewall WinsSecurity Without Compromise Better security, higher performance and lower TCOThe Total Economic Impact™ Of Palo Alto Networks NextGeneration FirewallsHow Enterprises Are Harnessing Emerging Technologies in CybersecurityWorldwide Security Information and Event Management Forecast, 2025--2029: Continued Payment for One's SIEMsAccess More ResearchWebinarsThe Cloud is No Longer Enough: Securing the Modern Digital PerimeterSecuring the Hybrid Workforce: Challenges and SolutionsCybersecurity Outlook 2026Threat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesMeasuring Ransomware Resilience: What Hundreds of Security Leaders RevealedMore WebinarsYou May Also LikeFEATUREDCheck out the Black Hat USA Conference Guide for more coverage and intel from — and about — the show.Edge PicksApplication SecurityAI Agents in Browsers Light on Cybersecurity, Bypass ControlsAI Agents in Browsers Light on Cybersecurity, Bypass ControlsLatest Articles in The EdgeInside the Data on Insider Threats: What 1,000 Real Cases Reveal About Hidden RiskOct 28, 2025|4 Min ReadPwn2Own Underscores Secure Development ConcernsOct 22, 2025|4 Min ReadThe Best End User Security Awareness Programs Aren't About Awareness AnymoreOct 22, 2025|8 Min ReadStreaming Fraud Campaigns Rely on AI Tools, BotsOct 21, 2025|3 Min ReadRead More The EdgeDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2025 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of Use

Myke Lyons, currently serving as chief information security officer at Cribl—a company that designs IT and security data pipelines for handling logs, metrics, and telemetry—opens the episode by outlining the company’s role in helping customers manage the flood of data generated by modern applications, SaaS services, and network devices. Cribl’s platform ensures that the right data reaches the appropriate security or IT teams quickly, aiding both threat intelligence and operational efficiency.

Lyons’s career trajectory is framed as an unconventional shift from culinary school to cyberspace. He recounts his original ambitions to become a chef, food writer, and eventually a food critic, followed by a stint in a logistics role moving printers for a family business. During that period, a partner on his team was tech‑savvy, and Lyons began instructing himself on computers by repurposing discarded machines, learning the fundamentals of IP, the OSI model, and application deployment. In 2003, he landed his first security‑focused position in logging and telemetry—a natural fit for Cribl’s core product. Over time he transitioned from purely technical work to people‑management roles, eventually realizing that his true interest lay in shaping security culture rather than merely coding or patching vulnerabilities.

When asked whether becoming a CISO had been a deliberate goal, Lyons explained that at the beginning of his career the role of CISO was either non‑existent or not yet fully defined. Instead of pursuing a set path, he gravitated towards broader organizational impact, driven by curiosity and a hunger to learn. He emphasized that hiring at Cribl is not about formal education or certifications alone; instead, curiosity, a willingness to experiment, and an appetite for continuous improvement are the most critical indicators. Employees who demonstrate an eagerness to explore why things happen—such as investigating the source of phishing messages or the mechanics behind a new AI tool—are valued.

Lyons described the culture at Cribl as one that prizes empathy. He frames security incidents not as punishable mistakes but as learning opportunities for the entire team. Managers and teammates are encouraged to coach, not blame, after a breach or a security misstep. This approach is intended to de‑stigmatize security failures, build trust, and strengthen team resilience. He also noted that the CISO role in a fast‑moving, data‑driven environment requires balancing technical vigilance with human concern; the "culture eats strategy" idea is central to his leadership philosophy.

Mentorship, for Lyons, is a network rather than a single figure. He cites various informal mentors: board members, sales leaders, and other CISOs each contribute stories and advice that help shape his decision‑making. He encourages aspiring professionals to seek mentors whose experiences align with their own career interests—whether that be building defensive capabilities or understanding the business side of security—and to cultivate chemistry and mutual respect.

Addressing the future of cybersecurity, Lyons views AI as a fundamental driver reshaping both offensive and defensive operations. He urges organizations to adopt AI tools thoughtfully, ensuring that decisions can be measured and that technologies are used responsibly to complement human expertise. In his view, the next wave of cyber threats will be faster, more sophisticated, and more accessible to attackers; therefore, defenders must stay updated on emerging tech, automate routine tasks, and maintain a culture of continuous learning. He also warns that adopting AI should not come at the expense of clear accountability or transparency.

Lyons ends the interview with practical guidance for those seeking entry into cybersecurity, including recent graduates or individuals from unrelated backgrounds such as culinary arts. He reiterates that passion is paramount; one should pursue roles that align with personal values and interests, favor companies that are growing or innovating rather than those that merely react to breaches. His message frames cybersecurity as a diverse ecosystem where a person can be involved in automation, policy, threat hunting, or product development—thereby underlining that the field offers more than traditional hacking or vulnerability remediation.

Throughout the discussion, Lyons emphasizes the importance of curiosity, empathy, and adaptability. His narrative illustrates how a career can pivot from a seemingly unrelated discipline to a high‑level security role by leveraging foundational learning, continuous experimentation, and a compassionate approach to incident management. The conversation serves both as a personal origin story and a practical guide for aspiring cybersecurity professionals, stressing that passion, learning, and a supportive culture are the keys to success.