Name: Franciny Salles Rojas

Title: Information Security Specialist and CEO at Yachay

Organisation: Yachay

I have over 15 years of experience as an Information Security Specialist, working across various fronts, from blue team operations to specialized engagements in the purple team. Throughout my career, I have led significant pentesting projects, where I have overseen teams in identifying and exploiting vulnerabilities in complex systems.

My expertise also extends to the field of reverse engineering, where I have developed skills to analyze code and identify potential security threats. Additionally, I am proficient in threat modeling, a critical area for anticipating possible attack scenarios and implementing proactive security strategies.

Another aspect of my work has involved creating custom vulnerability scanners tailored to the specific needs of the systems I protect. This skill has allowed me to develop highly effective security solutions, swiftly identifying and mitigating vulnerabilities.

Furthermore, I have been involved in in-depth investigations related to security incidents, applying my expertise in digital forensics to identify attack origins, trace malicious activities, and assist in implementing corrective measures.

My passion for information security and my commitment to staying updated with the latest technological trends are constant driving forces in my career. I am always seeking challenges that allow me to apply my knowledge and experience innovatively, contributing to a safer and more secure digital environment.

Thank you to the 2,000 leaders who’ve generously done the 7 Questions on Leadership!

I hope Franciny's answers will encourage you in your leadership journey. Enjoy!

Cheers,

Jonno White

1. What have you found most challenging as a leader?

As an information security leader, my greatest challenge arose when we faced a highly sophisticated security incident that threatened the integrity of our organization's data. It was a multifaceted challenge that involved not only containing the attack but also managing existing vulnerabilities and effectively coordinating a dedicated technical team.

Additionally, a crucial part of my role was helping the client understand the complexity of the issue at hand. Communicating clearly and transparently about the faced threats and the necessary measures to protect their data was a challenging yet essential aspect. It required translating technical language into understandable terms, ensuring the client was fully aware of the situation and the proposed solutions.

In this scenario, coordinating the technical team to implement immediate solutions while managing long-term vulnerabilities became a complex task. The ability to lead and motivate the team while simultaneously assisting the client in understanding their security challenges was a significant test of my leadership and communication skills.

This experience reinforced the importance of preparedness, effective team collaboration, and empathy when dealing with clients in crisis situations. The ability to manage not only the technical issues but also the human dynamics involved was crucial in overcoming this challenge and strengthening our information security posture.

2. How did you become a leader? Can you please briefly tell the story?

I became a leader in information security through a dedicated journey of continuous learning and practical experience. I started my career as a security specialist, tirelessly working to enhance my technical skills and knowledge in various areas of cybersecurity.

Over the years, I faced complex challenges, which allowed me to develop a deep understanding of the nuances of information security. I invested time in leadership and interpersonal skills, recognizing that the ability to lead a team effectively is as crucial as technical expertise.

My commitment to excellence and my desire to make a difference led me to take on increasingly larger responsibilities in challenging projects. I shared knowledge with colleagues, mentored teams, and gradually gained the trust of others as I demonstrated consistent leadership and positive outcomes in our security efforts.

Throughout this journey, I learned from my mistakes, sought guidance from mentors, and remained always adaptable to changes in the security landscape. Taking on leadership was not just a natural progression but also a constant commitment to personal and professional development. This journey shaped me as a leader, empowering me to tackle complex challenges and guide teams to success in information security.

3. How do you structure your work days from waking up to going to sleep?

My workdays follow an organized routine to ensure efficiency and productivity. Upon waking up, I usually spend some time meditating or engaging in relaxation exercises to mentally prepare for the day. Then, I review emails and team updates to stay informed about important developments.

In the morning, I focus on strategic tasks and significant meetings. This period is reserved for activities that require deep concentration and creativity, such as project planning, data analysis, and developing security strategies.

After lunch, I allocate time for more operational activities, such as responding to emails, coordinating with the technical team, and reviewing security reports. I also use this time for team interactions, encouraging collaboration and addressing any challenges that may arise.

In the afternoon, I often participate in meetings with clients, partners, or other internal teams to ensure everyone is aligned regarding ongoing projects. During these interactions, I emphasize effective communication and provide clear guidance to ensure everyone is on the same page.

Before wrapping up the day, I review completed tasks and plan priorities for the next day. This helps me maintain focus and organization for upcoming challenges. Before bedtime, I set aside time for relaxation activities, such as reading or meditation, to unwind from work and ensure a good night's sleep, preparing myself for the next productive day.

4. What's a recent leadership lesson you've learned for the first time or been reminded of?

Recently, an important leadership lesson I learned, or was reminded of, was the ongoing need for awareness in building a security culture across various teams. Sometimes, in the hustle and bustle of daily activities, it can be assumed that everyone understands the importance of information security in the same way. However, that is not always the case.

The task of raising awareness became particularly evident in a recent project involving multiple teams within the organization. While interacting with different departments, I realized that perceptions about security varied widely. Some teams were deeply engaged, while others needed a clearer understanding of how their daily actions impact the overall security of the company.

This experience emphasized the importance of communicating effectively and tailoring the security message to meet the specific needs and concerns of each team. I learned that building a strong security culture requires an ongoing effort in education and awareness, ensuring that everyone is aligned with best practices and understands their role in protecting the organization's data and assets. This lesson highlighted the constant need to reinforce awareness at all levels of the company to ensure a robust and resilient security posture.

5. What's one book that has had a profound impact on your leadership so far? Can you please briefly tell the story of how that book impacted your leadership?

One book that had a profound impact on my leadership is "Corporate Anthropology: How Companies Use Anthropology to Understand Consumers" by Brigitte Jordan. This book provided a fresh perspective on understanding the dynamics within organizations and how people interact in a corporate context.

Through the lessons of this book, I learned the importance of applying ethnographic methods in the workplace to grasp the intricacies of relationships between colleagues, clients, and stakeholders. It gave me a deeper insight into the needs and motivations of the people I work with.

By adopting corporate anthropology approaches, I was able to foster a culture of mutual understanding, respect for differences, and effective collaboration within my team. I learned to value different perspectives and experiences, creating a more inclusive and innovative work environment.

This book not only expanded my knowledge in corporate anthropology but also transformed my approach as a leader, helping me build more cohesive and adaptable teams in a diverse and ever-changing corporate landscape. It inspired me to delve deeper into studies and research in ethnography, enriching my leadership style and enhancing my ability to navigate the complexities of the modern workplace.

6. If you could only give one piece of advice to a young leader, what would you say to them?

If I could give only one piece of advice to a young leader, I would tell them to focus on the human aspect, understand the cultural keys of behavior, and learn how to leverage that knowledge to their advantage. In an increasingly complex corporate world, interpersonal skills and an understanding of cultural dynamics are crucial.

By focusing on the human element, a leader can develop empathy, understanding the needs and concerns of the people around them. This lays a solid foundation for building relationships based on trust and collaboration. Furthermore, by understanding the cultural nuances of behavior, a leader can anticipate reactions, make more informed decisions, and promote an inclusive and respectful organizational culture.

Remembering the importance of individuals, their emotions, and values, and using this knowledge to lead with compassion and emotional intelligence is a powerful strategy for guiding a team successfully and building a positive and productive work environment.

7. What is one meaningful story that comes to mind from your time as a leader, so far?

A significant experience as a leader occurred during a challenging project where we faced an extremely complex and critical technical issue for the client. The team was under intense pressure, and the solution seemed to be out of reach. It was in this moment of crisis that I learned a valuable lesson about teamwork and collaboration.

Given the complexity of the problem, we decided to gather the entire team in an unconventional brainstorming session. We opted for an informal setting where everyone felt comfortable expressing their ideas without fear of criticism. It was a space where hierarchies were set aside, and creativity was encouraged.

During this meeting, each team member shared their perspectives and suggestions. It was remarkable how the diversity of experiences and knowledge allowed for a multifaceted view of the problem. Amidst the discussions, innovative ideas and creative solutions emerged that we would never have reached individually.

What makes this experience so significant was the learning about the importance of mutual trust and valuing individual contributions. We learned that in moments of extreme difficulty, genuine collaboration and respect for each team member's ideas are crucial to finding innovative solutions and overcoming complex challenges. This experience reinforced the belief that when minds come together in a spirit of true collaboration, even the most intricate problems can be solved.