Day in the life of a food giant CISO

Snyk’s Vandana Verma Sehgal sat down with Sherif Mansour, the Director of InfoSec at JustEat, for a “Day in the life of a CISO” session to learn more about his day-to-day experience as a security leader.

Mansour got his start with Dr. Sherif Hosni, whom he met in Cairo after returning from university. While in England, he studied a mix of engineering, software engineering, and economics. Dr. Sherif Hosni’s company specializes in providing outsourcing for core banking systems and gave Mansour his start in the security industry. 

He then went on to complete a Masters at the University of Royal Holloway, then worked for CX Loyalty, Expedia, and JP Morgan Chase, before transitioning to Just Eat, where he is now the Director of information Ssecurity. 

How does Just Eat approach information security? 

Just Eat takes a three-line approach to information security. The first line (which reports to the CTo) is the team that implements controls and protects the firm. The second line (reporting to the CFO) provides a level of assurance and articulates the risks to the firm, and the third line performs internal audits and provides an additional layer of independence. 

Mansour manages the teams that look after platform security, including the infrastructure and cloud, and product security, which is a combination of application security, culture and awareness, and security engineering, where they build their own tools and work with the community. 

How to run a CISO team

Mansour believes the key pillars to running any organization are the following: corporate governance, strategy and marketing, and leadership and finance.

Mansour credits his methods for organizational management to Jack Dorsey, who simultaneously served as CEO to both Twitter and Square. Jack told people he could dedicate equal time to both businesses, theming his days around what was a priority at any given day, week or month. For example, Jack Dorsey’s themes (as mentioned in Inc, 2015) were:

Monday: Management
Tuesday: Product
Wednesday: Marketing/communications and growth
Thursday: Developers and partnership
Friday: Culture and recruiting

While he mentioned there are interruptions “all the time,” the schedule allows him to quicly address them and refocus on the most importnat tasks for the given day ot week, rather than getting caught up in the noise. 

Sherif has taken that into his teams, with his 5-day splits looking like this: 

Monday: Roadmap
Tuesday: 1-to-1’s and figuring out people's blockers
Wednesday: Overall risk to the firm, progress, and threats
Thursday: Coders
Friday: People and culture

His teams are agile and go through sprints working on a daily basis, but similar to Jack Dorsey, Mansour likes to assign themes to each day to know where he needs to give his focus and attention for maximum effectiveness. 

The most important CISO requirements

Regardless of where your focus or attention is that day, ensuring you’re moving in the same direction of the company is critical for each and every action. 

Mansour puts a strong emphasis on his team and people. When meeting with his teams, the first question he generally leads with is “How are you doing?” This allows his colleagues to give a deeper, more personalized response to a relatively open-ended question. You learn a lot more about people by allowing them to speak broadly, and can learn anything from personal issues or problems to things they’re struggling with professionally, building a much deeper connection with your team. 

Another extremely important thing we have all experienced at one time or another is fires. How do you deal with fires? How do you help stamp out fires instead of fanning the flames? Sherif believes it all comes down to focusing on the right things. It’s important to make sure people understand the risks of not being able to take care of every fire and that deviations in focus are driven by the highest impact issues.

If you haven’t already, check out our Day in the Life of a CISO video with Sherif Mansour!