Barak Blima is Chief Information Security Officer at CHEQ, where he leads global information security, governance, risk, and compliance. With experience spanning cybersecurity leadership and operational security, he focuses on building security programs that enable business growth while strengthening trust across customers, executives, and engineering teams. He believes the most effective security leaders spend as much time understanding people and business priorities as they do understanding technology.
1. Complete this sentence: “Before you buy any new security tool, first...”
Make sure you’ve fully adopted the ones you already own.
2. What’s one rule you enforce on your team that other teams would find strict?
Don’t bring me problems without bringing at least one possible solution. It doesn’t have to be the right answer, but it should show you’ve thought through the problem.
3. What’s a number or ratio that guides how you allocate budget, headcount, or your own time?
I try to spend around 70% of my time on business alignment, people, and strategic decisions, and no more than 30% reacting to operational issues.
4. What’s one line that works when asking the board or CFO for a budget?
“I’m not asking you to buy security. I’m asking you to reduce business uncertainty.”
5. What should a CISO cut from their program tomorrow with zero regret?
Security activities that exist only because “we’ve always done them.” If you can’t explain the business value, challenge whether they should continue.
6. What’s your 60-second test for whether a vendor pitch is worth your time?
If they spend the first minute talking about features instead of trying to understand my environment and priorities, we’re probably not a good fit.
7. What’s one meeting, report, or process you eliminated, and what replaced it?
Lengthy weekly status meetings. We replaced them with shared dashboards and shorter discussions focused only on decisions and blockers.
8. In the first 10 minutes of an incident, what’s the one action teams most often skip?
Assigning clear ownership. Teams often rush into technical work before someone is explicitly responsible for coordinating the response.
9. What’s one question every CISO should ask their team this week?
“What are we doing today that adds effort but not security?”
10. What’s a phrase or framing you use to translate a technical risk for executives?
“This isn’t just a technology issue. It’s a business decision about risk, resilience, and priorities.”
11. What’s your best tip for surviving the CISO role in exactly five words?
Build trust before needing trust.
Every CISO carries different rules. Here’s what others shared:
CISO Tips: Fred Streefland on Managing Risk So the Business Can Do Business
CISO Tips: Victor-Andrei Nicolae on Protecting What Keeps Business Running
CISO Tips: Tarik Ustuner on Fixing the Locks Before Buying Alarms
CISO Tips: Dr. Adeel Shaikh Muhammad on Ownership Before Everything
CISO Tips: Shady Shaker on the 70/30 Rule and Discipline That Scales


