Fred Streefland graduated in 1992 from the Netherlands Royal Military Academy and served 20 years as an Intelligence & Security officer (LtCol) within the Royal Netherlands Air Force (RNLAF). In 2008, he moved to the private sector, received his cybersecurity training in Israel, and has since fulfilled several cybersecurity roles within companies including IBM, Accenture, Exact Software, Leaseweb, Palo Alto Networks, Secior B.V., and Solvinity.
Currently, he is working as the Global Field CISO for Check Point Software Technologies, responsible for the EMEA region. In this role, Fred serves as a trusted advisor and cybersecurity strategist for CISOs and CIOs. Fred holds an Executive Master of Security & Defense (EMSD) from the Netherlands Staff College and a Bachelor title in Management, Economics & Law (Bc.) from the University of Applied Sciences of Amsterdam.
1. Complete this sentence: “Before you buy any new security tool, first...”
Perform a risk assessment.
2. What’s one rule you enforce on your team that other teams would find strict?
Always express your concerns and feelings, good and bad. It’s not strict, but it’s my rule: “Speak up!”
3. What’s a number or ratio that guides how you allocate budget, headcount, or your own time?
The number and prioritization of the risks. My role is to manage the (cyber) risks so that the business can do its business.
4. What’s one line that works when asking the board or CFO for a budget?
The board and CFO are responsible for the overall risk appetite, so: do you want me to mitigate these risks, or will you accept them and not invest in the mitigation?
5. What should a CISO cut from their program tomorrow with zero regret?
Microsoft “security tools.” Microsoft is not a security company but a software company; there are better and more effective security tools than the Microsoft tools.
6. What’s your 60-second test for whether a vendor pitch is worth your time?
Does this vendor really understand our business and my challenges?
7. What’s one meeting, report, or process you eliminated, and what replaced it?
If I eliminate a meeting, a report, or a process, I do that for a reason, not to replace it.
8. In the first 10 minutes of an incident, what’s the one action teams most often skip?
They don’t read the manual or Standard Operating Procedure (SOP), which is exactly what they should do.
9. What’s one question every CISO should ask their team this week?
Do we have full visibility on our IT/OT infrastructure, cloud(s), supply chain, and AI? But they should ask this question continuously.
10. What’s a phrase or framing you use to translate a technical risk for executives?
I translate the technical risk into a business risk. What will happen to the business if you don’t mitigate this technical risk?
11. What’s your best tip for surviving the CISO role in exactly five words?
Get an experienced CISO as your Mentor! (Sorry, 7 words)
These CISOs have shared their tips. There’s plenty to learn:


