Podcast Summary: CyberWire Daily – Christian Lees: It's not always textbook. [CTO] [Career Notes]

Host: N2K Networks
Guest: Christian Lees, CTO of RE Security
Episode Date: March 15, 2026

Episode Overview

In this insightful Career Notes episode, CTO Christian Lees (RE Security) shares his unconventional journey into cybersecurity. Moving from early dreams of farming to C-level leadership, Lees recounts how curiosity, serendipity, and resilience shaped his path. This conversation offers practical wisdom for aspiring cybersecurity professionals, emphasizing the importance of adaptability, continuous learning, and embracing opportunities—even when they don’t look exactly as planned.

Key Discussion Points & Insights

1. Early Aspirations and Unconventional Beginnings

Lees’ childhood dream was to become a farmer, drawn by heavy equipment and unique use cases, offering a refreshing contrast to the typical tech origin story.
- Quote: “I'm assuming not many people on this show say they want to be a farmer...” (00:55)
Identifies as a "late bloomer," not attending college immediately, instead working a variety of jobs before realizing higher education was essential to progress.

2. Discovering Technology & The Power of Curiosity

His entry into computing came through a hand-me-down, outdated 486 DX computer.
- Initial struggles, like unable to print, led to an important ‘aha’ moment when a friend simply pressed F10 to fix the issue.
- Quote: “I marveled within like 10 seconds, he's like, oh, dude, you just got to hit F10. And I'm like, really? But it was at that moment where I'm like, oh, this is something good.” (02:12)
This sparked Lees’ switch to computer science—a turning point leading him to never look back.

3. From Entry Level to Career Growth

Started professional journey at IBM Global Services in desktop support—a significant leap from student jobs, both in responsibility and pay.
Fully aware of being at the “bottom,” Lees recognized the importance of hard work and learning on the job.
Exposure to media outlets during college shaped his interest in information security.
- Quote: “I just, I knew that I wanted to work towards information security. So I put in my time, I worked and I got exposure to a lot of different things.” (03:35)

4. Defining Moments: Dotcom Bust and Adaptability

Transitioned from IBM to Level 3 Communications, where working on colocation services and private lines provided hands-on networking experience.
- Quote: “I would pay them to be here and learn this and have exposure to this enterprise networking gear.” (04:24)
During the dotcom bust, Lees was shifted into change management—a move he initially resented but later recognized as foundational to effective security.
- Quote: “By pure luck again, I was introduced to something that is so crucial in security. That's change management, right? Understanding the impact, making sure that it's been burned in.” (05:15)

5. Lessons from Setbacks and Serendipity

Even when roles didn’t seem ideal, Lees kept his perspective: stay neutral, keep working, and things stabilize.
- Quote: “When you don't get what you want, it doesn't mean it's over.” (07:35)
A recurring theme: perceived setbacks (like layoffs or less-preferred assignments) often exposed him to pivotal growth opportunities.

6. Specialization and Security’s Many Facets

After roles at Level 3 and Trustwave (PCI compliance and pen testing), Lees realized the breadth of information security:
- “Are you focused on web application security? ...network security? There’s just so many different layers... find what it is that you love and go after it.” (07:19)

7. Leadership and Innovation at InfoArmor

Ascended to CISO at InfoArmor around the 2010 banking crisis—despite a rocky start, it became “like green fields.”
Helped diversify offerings, especially in dark web alerts, and practiced what he describes as fearless opportunity-seeking.

8. Advice for Aspiring Security Professionals

Be relentlessly curious—break things, fix them, don’t fear friction points.
Accept that you will do “stuff that you don't really want to do”—do it well anyway, and new opportunities follow.
Main Takeaway Quote: “It's not always textbook... you may join security field not knowing what you’re going to do, but by being that curious person and breaking things and putting it back together, you'll find you're the right way and just never stop being curious.” (08:00)

Notable Quotes & Memorable Moments

“If I get 50% of what I want, I'm lucky. You don't always get what you want and when you don't get what you want, it doesn't mean it's over.”
— Christian Lees (07:35)
“Use every moment you have and every opportunity to the best of your ability. It's not always textbook. Define friction points in it, you may join security field not knowing what you're going to do, but by being that curious person...you'll find you're the right way and just never stop being curious.”
— Christian Lees (08:00)
“There's just not enough of us understand that you have to cut your teeth on things and sometimes you get stuff that you don't really want to do...just do it really well and the world will be your oyster.”
— Christian Lees (08:40)

Segment Timestamps

00:55 - Christian Lees shares his early career journey and initial dreams
02:12 - Discovery of computing through a donated computer, embracing curiosity
03:35 - First job at IBM Global Services and pivot to information security
04:24 - Career-defining exposure to network engineering at Level 3 Communications
05:15 - Learning the value of organizational change management post-dotcom bust
07:19 - On the diversity of roles in cybersecurity and finding one’s passion area
08:00 - Career advice for those entering or growing in the security field

Summary

Christian Lees’ story is a testament to the unpredictable and rewarding nature of a cybersecurity career. His journey—from prospective farmer to CTO—underscores the power of hard work, curiosity, and embracing life’s detours. He encourages newcomers to be adaptable, seek learning in every role, and remain curious. Above all, Lees insists that even when your path isn’t “textbook,” perseverance and openness to unexpected opportunities will serve you well.

Transcript

A (0:02)

You're listening to the Cyberwire Network powered by N2K. AI is changing how enterprises operate and how they stay protected. It's time to eliminate risk and protect innovation. From March 23rd through the 26th, join Trend AI for actionable AI security insights. Catch impactful sessions at RSAC, then unwind and grab a bite at their lounge in Trapa Sueno. Experience industry leading AI security in person. Engage with the experts and get your chance to win $500,000. San Francisco lets AI fearlessly. Learn more@trendmicro.com RS.

B (0:55)

Hello, my name is Christian Lees. I'm the CTO of RE Security. My earliest recollection of what I wanted to be is I actually wanted to be a farmer. Believe it or not. I'm assuming not many people on this show say they want to be a farmer, but I guess I was fascinated by kind of like the heavy equipment and like they all had this very unique use case, but that did not take place. I'm not a farmer now. You know, as a young person, I actually consider myself to be a bit of a late bloomer. For example, I did not go to college immediately after graduating from high school. I actually waited until I was roughly 23 and worked a lot of jobs and worked. I quickly realized I'm like, man, if I'm going to get ahead, I need to go to college. Of course, like any other freshman, I was not sure what I wanted to do. I thought I wanted to be in medicine of some sort. A family friend gave me my first computer in college and I was stoked, man. I'm like, oh my gosh. Believe you me, this computer that was given to me is like completely outdated. I believe it's like a 486 DX. I did not know how to work on it and I could not get it to print. And so I was forced to ask the person that gave it to me, why is it not printing? You know? And I marveled within like 10 seconds, he's like, oh, dude, you just got to hit F10. And I'm like, really? But it was at that moment where I'm like, oh, this is something good. I immediately went to computer science and I've never looked back. I was actually offered a job from IBM Global Services. And I was like, wow, this is like three times more than I make as a student or four times more living on nothing. So I was really lucky to go directly into the workforce and it was the entry level position. In fact, it was desktop support. But I loved it. I was so Proud. From that point, I fully knew that I'm at the bottom, right, I gotta climb. And it took me a while to find my way, but I was stoked just by pure luck. In college I, I was introduced to media outlets and I just, I knew that I wanted to work towards information security. So I put in my time, I worked and I got exposure to a lot of different things. And when I left IBM Global Services, I knew that I really had a passion for telephony or network engineering. I got offered a position at a new company called Level 3 Communications. I was on like Cloud 9 at that point. I mean, of course we have to earn a salary, but I'm like, it doesn't even matter. I would pay them to be here and learn this and have exposure to this enterprise networking gear. So I took a position and I primarily helped companies or individuals turn up their colocation services or their dedicated private lines. So that's really where I cut my teeth on network engineering. I owe everything to that opportunity. From that role, I always kind of followed my North Star. Ironically, right about that time we hit the dot com bust, all of a sudden it happened. 50% of the company was cut. And I was just thankful to have a job, you know, But I was forced to take a role in change management and I was just beside myself, you know, I'm like, ah, I'm so overqualified for this. But in retrospect, oh my gosh, by pure luck again, I was introduced to something that is so crucial in security. That's change management, right? Understanding the impact, making sure that it's been burned in. To this day, I think it's. Change management is a very difficult thing for organizations to comply with or do successfully. Listen, at that time I was, I was just kind of like really bummed out. I'm like, wow, I took a wrong turn. What happened? But like everything else, this too passes, right? Stay neutral, stay calm, keep working upwards and onwards. And sure enough, everything stabilized and I was just by pure luck again recruited in Level 3 to Security Engineering. Took a role in security engineering. I just kept hungry. And eventually I took another role at Trustwave, leaving my favorite place on Earth, Level 3 communications and even Trustwave. You know, I found myself all of a sudden I'm like, did I make another wrong turn? Because I was really just focusing on PCI compliance for Fortune 100 brands and kind of a hybrid of pen testing, right? So my job was to grind on the infrastructure and convey to the brand, why are they not TCI compliant? And it was Just grinding on infrastructure over and over. I mean I could spend three or four days just finessing some sort of cross site scripting, knowing it's there. Sometimes you don't find it and sometimes you do. From Trustwave it was the banking collapse in 2010 and I took a position at Infoarmor and I was like delighted I was going to be the ciso. Shortly after taking the job, we lost our largest client essentially under a seed fund from WaMu. And I was like, wow, oh did I make another mistake. But it turned out it was amazing. Like what a great opportunity. I went to Informa. It was like green fields. I became the CISO and helped diversify the products and offer largely dark web alerts. For some reason when I came on at Informer as a ciso, I just felt not afraid of anything. And I would pick up the phone and just explore opportunities with companies, you know, and learn like you know what's going on and fortunate enough to be able to apply that to our products and, you know, hopefully it made a difference. If I get 50% of what I want, I'm lucky. You don't always get what you want and when you don't get what you want, it doesn't mean it's over. For those of us that are pursuing a career in information security, I always found it kind of interesting that gosh, when you get there there's so many flavors of security. Are you focused on web application security? Are you focused on network security? There's just so many different layers of security and just so find what it is that you love and go after it and don't let anyone be a naysayer and use every moment you have and every opportunity to the best of your ability. It's not always textbook. Define friction points in it, you may join security field not knowing what you're going to do, but by being that curious person and breaking things and putting it back together, you'll find you're the right way and just never stop being curious. There's just not enough of us understand that you have to cut your teeth on things and sometimes you get stuff that you don't really want to do. You might think you're better, but just do it really well and the world will be your oyster.