Joaquin Fuentes' README

Field CISO

The Field CISO position is a strategic opportunity to avail our institutional knowledge of GitLab to our customers and prospects through enablement and community. Building security into your DevSecOps journey can be challenging, but it doesn't have to be. If you have questions about security, are looking for a sounding board to discuss strategy with, looking for a topic speaker, or just want to chat tech? Let's connect! I'm all about making cybersecurity easy and impactful for everyone!

About me

Hi team! I'm Joaquin Fuentes - a cybersecurity leader, community educator, tech and AI enthusiast with a passion for making the software journey a more secure experience for everyone. By day, I'm focused on everything from learning about current security threat insights, to helping people create more secure software factories, but what I truly enjoy is helping others more easily navigate the complexities of cybersecurity. I believe learning should be engaging, so I'm always looking for creative ways to teach through storytelling, from writing blog posts, to developing demos and hands-on exercises. When I'm not diving into the latest security trends, you'll probably find me exploring AI proof of concepts, or behind a camera, traveling for cultural experiences, new food, human connection, and capturing the world from new angles.

Communication preferences

These are my preferences, but I defer to others to decide how they'd like to communicate. The more transparent we can be, the better, because others may benefit from the lessons we learn together.

Slack - ping me anytime, day or night. Our teams and customers are global. I protect my schedule with notification preferences on my devices, and invite asyncronous messages.
Meetings - Important for introductions, preferred when async isn't efficient or effective.
GitLab Issues/MRs - Please make sure to tag and/or assign me for any To-Do's.
Email - this is my least preferable form of communication, but some situations call for it. If you feel I am delayed in responding to a time sensitive issue, please bring it to my attention through another form of communication.
Phone/Text - for urgent communications. Please leave a voicemail if I miss your call.

Validate assumptions - One notable thing that tends to happen in larger organizations is that you'll hear that, 'security said no', or 'security said we can't.' I encourage you to validate those assumptions at the source. Security should be a business enabler, and in most cases I believe and hope that you'll find that to be the case.

Flaws and opportunities

"Great leaders don't set out to be a leader, they set out to make a difference. It's never about the role, it's always about the goal" - Lisa Haisha

While my intentions are to be the best human I can be, I will sometimes make mistakes and I try my best to learn from them. I hope that listing these creates space for direct feedback to me, and I invite you to do so. Thanks for your patience as these are my faults, and your feedback is a gift.

1. Poker face - I am sometimes told that I often have a poker face and am hard to read. This might be partially because of my formal training as a security auditor early in my career, and partially because I have enjoyed playing poker for many years. Either way it's no excuse. If you're having a hard time reading me, please don't hesitate to check in with me.

2. Suppressing my 'inner fixer' - I genuinely enjoy helping people and solving problems. However, listening well and the art of empathic understanding is something that I am continuously working on. Feel free to let me know when you need my help as a listener or as a solver.

3. Operating level - I'm a highly technical leader and tend to be obsessed with outcomes for customers, sometimes getting into the weeds. It's ok to challenge me and the operating level of my decisions.

4. Working hours - I tend to have a bias for action at any time of day. I'll try my best to use scheduled communications for psychological safety.

Strengths

For over twenty years I have been an award-winning practitioner, a consultant to many customers in various industries, and have built and lead various types of teams. As a result of this, I have a lot of empathy for each unique situation as we innovate and progress in our security journey. I find it rewarding to help others find simple solutions to complex situations. Please let me know how I can best serve and support you.