“Beyond technical skills, success hinges on cultivating a mindset of continuous learning and collaboration,” says Greg Crowley, CISO at eSentire.
Greg Crowley is an accomplished executive with over 20 years in Information Technology and Cybersecurity with extensive experience in managing enterprise security and mitigating risk for global hybrid networks.
Prior to joining eSentire, Greg oversaw the overall cybersecurity function as Vice President of Cybersecurity and Network Infrastructure at WWE (World Wrestling Entertainment). He spent over 17 years in various leadership roles across engineering, infrastructure and security within that organization and is a Certified Information Security Manager (CISM) and a Certified Information Systems Security Professional (CISSP).
We spoke to Greg Crowley to get his perspective on the challenges of maintaining ongoing cyber resilience.
What cybersecurity challenges does your team deal with on a day-to-day basis?
At eSentire, we face the same evolving challenges as our customers. Rapidly expanding attack surfaces, a constant stream of new vulnerabilities, identity threats, and third-party risks. We monitor everything, so alert fidelity and response speed are critical.
Being our own customer, we rely on eSentire’s 24/7 Managed Detection and Response (MDR) SOC and our Threat Intelligence to really cut down on the false positives and contain threats quickly. As a result, my team only has a relatively low number of escalations and follow-ups to deal with. This allows them to spend less time firefighting and more time maturing our cyber resilience, while I focus on strategizing secure business enablement.
How have the challenges you deal with evolved in the last few years?
Cybersecurity has moved from perimeter defense to managing a sprawling, dynamic attack surface created by cloud adoption, remote work, and deep third‑party/SaaS dependencies. Over the past couple of years, AI has further raised the stakes: adversaries are using it to increase the speed and sophistication of attacks.
Meanwhile, the sudden availability of AI efficiency has spawned Shadow AI—unsanctioned use of Large Language Models (LLMs) and AI features that can leak sensitive data, blur retention/training boundaries, and bypass existing controls. With AI now embedded in many applications, the mandate is continuous threat exposure management: identity‑centric controls, real‑time visibility, and rigorous vetting and monitoring of AI‑enabled vendors and tools.
How do you set teams up for success dealing with these challenges?
I let my team know we are all in the same boat figuring it out together.
There are no real “experts” at securing AI yet; it’s too new and evolving too fast. What we need to do is anticipate, in real-time, how emerging technologies and AI can be weaponized against us, and to integrate these insights directly into strategic planning. It’s also important to note that beyond technical skills, success hinges on cultivating a mindset of continuous learning and collaboration.
I emphasize leadership at every level by empowering the team to make informed decisions using AI-enabled threat intelligence and automation tools that reduce noise and manual effort. I reinforce with them that their human expertise and oversight complement AI insights, which ultimately drive stronger engagement and cyber resilience.
What technologies, partners and vendors help you when dealing with these challenges?
eSentire’s MDR solution is the core of our security. We are a security services provider, so we are in a unique situation where we rely heavily on our own products and services to prevent a business-impacting event.
For areas outside of network, identity, cloud, endpoint, log and vulnerability management, we look for partners and vendors who can help with the other aspects of our security program such as risk management and vendor assessments, browser security and DLP.
How do you evaluate new vendors in the cybersecurity space?
I start with strategic fit: does the vendor’s solution, vision, and maturity align with our current and future needs? Can it integrate with our stack (SSO/MFA, APIs, logs, automation) and show fast time-to-value? Are they investing in R&D? In parallel, we run a full risk assessment on the vendor; we review their SOC 2 reports, ISO certification and have them fill out a thorough due diligence questionnaire.
If everything aligns, we validate with a proof-of-concept with clear success criteria and reference checks. I prefer consolidation, but for emerging threats or gaps I’ll consider earlier-stage vendors, de-risked with staged contracts and integration pilots. If they lack security, interoperability, or proven value gates, we pass.
How do you balance security with business agility?
Security is an enabler, not a gatekeeper. We have set up a structure that includes the CISO organisation from the start of an initiative. We embed security, early in product lifecycles, to quickly identify and mitigate potential pitfalls without slowing innovation.
We adopt a risk-tiered framework that empowers teams with differentiated controls based on asset criticality, supported by automated workflows that maintain security while accelerating delivery. Transparency and ongoing dialogue with business leaders ensure alignment on priorities, so security investments can enable competitive advantage.
What impact do you see new technologies like AI have on your day-to-day? Do you see AI having a long-term impact?
AI is already integral to day-to-day operations. From a SOC perspective, we use it for deep alert analysis, adaptive threat detection, and assisted incident response. Most importantly, eSentire utilizes AI in our SOC to increase the accuracy, speed and scale of containing threats, while our human security experts focus on strategic threat hunting and developing transparent and repeatable investigation processes that protect our customers at scale.
From a leadership perspective, AI provides deep business context for risk decisions and automates routine tasks, freeing our specialists to focus on strategy and innovation. Long term, AI will transform cybersecurity into a predictive discipline capable of proactively managing risk at scale. Ironically, right now it is taking up a lot of my time as it requires vigilance to govern AI’s risks carefully.
Many organizations are exploring AI but struggle with the “responsible adoption” piece. What first steps do you recommend for leaders trying to operationalize AI securely?
The first step is to set up a cross-functional AI Governance Committee that includes representation from security, legal, compliance, HR, Engineering, IT, and the business leaders. Jointly discuss the company’s position on AI, evaluate AI’s operational impact, and threat exposure.
Leverage existing frameworks and standards, such as ISO 42001, to help guide the governance of AI within your company. Review the differences between being a user or creator of AI models and technology. Focus on AI’s unique risks, regulations, ethical use, transparency, data privacy, and employee training. You will want to communicate an AI Acceptable Use directive to your employees as well as develop an overarching AI Policy.
Translating risk for executives and boards can be challenging. What communication strategies have you found most effective in bridging that gap?
I focus on strategic storytelling that connects cybersecurity risks to business outcomes. I always ask myself “what story needs to be told” and “what am I looking to achieve,” then I align my talking points accordingly. Tying risk to revenue impact, customer trust, regulatory compliance, and operational continuity is an effective way to communicate with your board.
At first, you may have to spend some time level setting and explaining your approach to managing risk and security, but once you land on a format and presentation that resonates well, then it’s rinse-and-repeat. Consistency, simplicity, and translating technical jargon into business language help leadership grasp the urgency and inform sound decision-making.
What advice would you give to fellow CISOs and industry practitioners?
AI is disrupting everything, and companies are realizing they must evolve or they won’t remain competitive. This is a chance for CISOs to grab their seat at the table. We need to step up and lead – not just react. We can help our companies embrace AI securely, allowing them to grow and innovate. Nobody is an expert right now, but if we wait for perfect answers, we’ll always be catching up to yesterday’s problem.
So, CISOs, get comfortable at leading while learning or we will let uncertainty leave us and our companies stuck on the sidelines.
Why not read further insights from other CISOs:
