Ross McKerchar, CISO at Sophos, has built and led the company's security team for almost 17 years, overseeing all aspects of cybersecurity posture, including corporate, infrastructure, and product security. He emphasizes the importance of authenticity and transparency in a security program, taking an approach that focuses on addressing issues and demonstrating continual efforts with facts and actions rather than just words. McKerchar believes that security is never 'done' and that organizations must work hard to maintain their security posture. As CISO, he prioritizes building trust both with customers and vendors, using methods such as bug bounty engagements to evaluate vendor security. He also advocates for a "zooming out on risk" approach to see the bigger picture, reducing overall risk and becoming more secure by leveraging multi-layered attack surface management strategies.