Governing Body Spotlight

Co-Chair of the Toronto CISO Community

Mike Melo

VP Technology Shared Services & CISO


Mike Melo is a multi-award-winning leader with 15+ years of expertise in building and optimizing enterprise cybersecurity programs, specializing in post-breach transformation programs. Melo is a visionary who translates evolving industry risks into achievable roadmaps and robust security programs. Melo excels at synergizing people, process and technology around proactive defence capabilities.

Learn more about leaders in the Toronto CISO community here.

What is one of your guiding leadership principles?

It's hard to pick one, but I would lean towards the concept of servant leadership. It is based on the idea that leaders should prioritize the needs and development of their team members above their own interests. This approach involves empowering team members, creating an environment that fosters collaboration and creativity and actively listening to and seeking out the ideas and perspectives of others.

There are also many other principles such as authenticity, integrity, transparency, and the ability to inspire and motivate others. It is also important for leaders to have a clear vision and the ability to communicate that vision effectively to their team. Ultimately, effective leadership involves finding a balance between assertiveness and collaboration and being able to adapt and respond to the needs of the team and the organization.

With disruption being a key theme of the past few years, where do you see your role as a CISO going in the next 1-2 years?

It is likely that the role of the CISO will continue to evolve in response to disruptions and changes in the business landscape. As organizations increasingly rely on technology and digital platforms to conduct business and interact with customers, the need for effective cybersecurity measures will continue to be a top priority.

In the coming years, it is likely that CISOs will need to be proactive in identifying and addressing potential cyber threats, and be able to adapt their strategies and approaches as needed to respond to the changing security landscape. This may involve embracing new technologies, such as artificial intelligence and machine learning, to improve threat detection and response, and collaborating with other departments and external partners to ensure a coordinated approach to cybersecurity.

Effective CISOs will also need to be able to anticipate and prepare for future trends and disruptions, and be able to identify and implement new technologies and approaches to improve the organization's security posture. They will also need to be able to communicate the importance of cybersecurity to a wide range of stakeholders and be able to explain technical concepts in a way that is easy to understand.

On top of this, CISO's will have to balance cost vs service. With potential recessionary times ahead, CISO's will have to navigate unchartered territories. If that wasn't enough, they will have to now manage the crashing waves of product and service cost increases as an outcome of COVID challenges including the surge in talent costs across the industry.

Buckle up, the next 2 years will be a wild ride.

What advice would you give to someone just starting out in the role as a CISO?

My 5 step approach for any leader starting as a new CISO or new to an organization:

  1. Understand the organization's security posture: It is important to have a clear understanding of the organization's current security posture, including its vulnerabilities and strengths. This will help you to prioritize your efforts and identify areas where improvements can be made.
  2. Build relationships and establish credibility: As a CISO, you will need to work with a variety of different stakeholders, including IT staff, business leaders, and external partners. Building strong relationships and establishing credibility with these stakeholders will be key to your success.
  3. Communicate effectively: Good communication is essential for any leader, and it is particularly important for a CISO. You will need to be able to clearly articulate the importance of cybersecurity to a range of different audiences and explain technical concepts in a way that is easy to understand.
  4. Stay up to date with industry trends and best practices: The field of cybersecurity is constantly evolving, and it is important to stay up to date with the latest trends and best practices. This will help you to identify potential threats and to implement effective defences.
  5. Develop a comprehensive security strategy: As a CISO, you will be responsible for developing and implementing a comprehensive security strategy that aligns with the organization's overall business goals. This will involve conducting risk assessments, implementing controls and safeguards and continuously monitoring and reviewing the effectiveness of the organization's security posture.

Tell us 3 fun facts about yourself.

  1. I am an avid guitar player, electric/acoustic/classical, and enjoy playing all types of music, mostly lead guitar in the rock and metal genre.
  2. I'm terrified of flying, but I still do it - the longest flight I've been on was 16 hours.
  3. I enjoy cooking, bbqing and smoking foods. One of my hidden passions.


Evanta Governing Body members share their insights and leadership perspectives to shape the agendas and topics that address the top priorities impacting business leaders today.

by CISOs, for CISOs

Join the conversation with peers in your local CISO community.