Timothy Youngblood didn’t set out to be a CISO, but he became CISO at four major enterprises, took on angel investing and won the Most Valued Member award at the Summer Investor Capital Expo of the world’s largest angel group last summer.
The path to security leadership
Some rivers rush headlong to their destination, others meander slowly without seeming to recognize where they will inevitably end. Tim Youngblood is that latter type. Why and how did he choose a career in cybersecurity?
“I think it chose me,” he says. “I came from a single family home in Atlanta. We didn’t have much money, but I had a friend – I called him my rich friend – whose father bought an IBM PC when I was 10 years old. I’d go over, and we played with it. Every day. I loved it. Until his mother said, ‘Hey, I didn’t adopt you’; and it had to stop.”
But he’d been bitten by the computer bug (in both senses – slowly evolving pun intended). “There was a strip mall close by that I could cycle to. It had department stores with computers on display. They had demo modes, and I taught myself how to program, until they also got tired of me and kicked me out. But I found a Radio Shack, and that a different ball game. The store manager was kind to me. I honed my knowledge and love of computers at Radio Shack; and I went on to graduate from college with a degree in Computer Information Systems.”
He left college as a programmer and transitioned from development into Local Area Network (LAN) and Wide Area Network (WAN) deployments – but with no clear intent on cybersecurity (which hardly existed as a profession). It wasn’t until he later joined KPMG and started doing audits that he had any formal training in security related issues. “KPMG also did formal security risk assessments. We did penetration testing, and that’s where I got my first formal training around cybersecurity.”
He got his big break when he joined Dell. It was in the early days of Sarbanes-Oxley and Dell had a failure in every computer. ‘We had to train the executive teams. They couldn’t just pull policies off the internet and say they were doing those things – that was never going to work. So, we uplifted the control structure, and eventually the whole process rolled into me becoming Dell’s first CISO in 2010.
Youngblood arrived in cybersecurity leadership with a love of computers but no clear intent to work in cybersecurity. But from there, his cybersecurity career took off – cybersecurity had chosen him. After KPMG, he spent two years as a director at Jefferson Wells (part of the Experis group) before working in compliance, policy and risk at Dell (and later becoming CISO).
After Dell, he became CISO at Kimberley-Clark, then corporate VP and CISO at McDonald’s, then SVP, CSO & product security officer at T-Mobile, became an advisory board member with various organizations and an angel investor with the Keiretsu Forum, and adjunct professor at the University of Oklahoma in 2025..
CISO churn
CISOs famously have a high churn rate – it shows in his own career path. There are many reasons. A decade ago, the CISO would be held accountable for breaches. If the breach was serious, CISOs would be fired or be expected to fall on their own sword. This is less common today, but the churn remains high. Why?
Youngblood provides valuable albeit personal insight.
“Restlessness, I guess,” he suggested. “I like to take on a challenge and do something that hasn’t been done before. That’s what excites me.”
The current crop of senior security leaders comprises, almost by definition, ‘pioneers’ – the profession didn’t exist before they essentially created it. When he joined Dell, he hadn’t been looking for a ‘CISO’ role; but he relished the challenge he had accepted. “I was doing things that had never been done at Dell – establishing the global compliance organization, and the company’s first risk management office.” He hadn’t sought a CISO role (Dell didn’t have a CISO position), but the work he did eventually created the role, and he moved on to fill it.
It’s worth noting that he has an entrepreneurial spirit – something not uncommon in the more dynamic and successful CISOs. When he was young – remember he didn’t come from a wealthy background – he and friends found a load of books in a dumpster. They loaded them into a red wagon and went round the neighborhood selling them door-to-door. This natural inclination to make more from what is initially apparent has never left him. Early in his professional career, while still at KPMG, he studied for and gained his second degree – a master’s in technology commercialization from the McCombs School of Business at the University of Texas at Austin. McCombs describes the course as a ‘program for entrepreneurs’.
There’s a strong element of, ‘Been there, done that, what’s next: and what can I make of it?’ In Youngblood’s personal version of CISO churn.
Angel investor
This combination of seeking new challenges while making something new drew Youngblood, inevitably, toward angel investing. It didn’t happen overnight. It barely existed when he first became involved in new ideas and venture capitalism. It grew out of an inherent interest in new ideas and startup firms.
“In each organization I worked for, I started a process to help bring in new ideas and innovation into the program. Eventually I called it PIE – portfolio innovation enablement. I would have five or six startups come and pitch to me and my leadership team. It wasn’t just for security. I’d bring in the CIO’s office, and privacy, audit and legal. So, each year I’d hear 40 to 50 pitches from startups. It was a way of fast tracking the lobbying process for new firms trying to get into big companies, and each year, two or three would end up in our portfolio.”
But he didn’t just sit in his office waiting for the new firms to come knocking. He started traveling to Israel some ten years ago, which was developing its reputation for new and innovative ideas (see From IDF to Inc: The Israeli Cybersecurity Startup Conveyor Belt). And he met with VC firms.
The confluence of these various elements (need to face new challenges, adventurous spirit, entrepreneurial attitude, deep understanding of cybersecurity, and awareness of the startup engine room) had the inevitable result. “When I finished my last operational job at T Mobile, I thought to myself, ‘Hey, I’ve done everything I want to do as a CISO. What’s something new that I’m good at?’ Well, I’ve been picking winners and losers for decades now, and working with VC groups. So, why can’t I enjoy the benefits of this financially by being an angel investor?”
Angel investing by CISOs was in its infancy. Silicon Valley CISO investments (SVCI, a group comprising more than 60 CISOs) was founded in 2019 with the mission ‘of fueling the next generation of cybersecurity innovation’. This is not surprising. In general, although not in total, today’s top CISOs entered a new and dynamic industry in its early days Like Youngblood, an adventurous and entrepreneurial element is common. It is still a dynamic and rapidly growing industry, and top CISOs can be very well recompensed.
IANS 2025 ’state of the CISO report’ notes that large organizations pay CISOs that combine security and IT responsibility “an average annual pay of $1 million [with] the top quartile starting at $1.5 million”. This by no means applies to all CISOs, but it is indicative of a well-paid profession. The combination of good pay, an entrepreneurial bent, and a detailed knowledge of cybersecurity and its needs, makes something like the angel investor SVCI inevitable.
Youngblood’s career path has always been slightly non-standard. He didn’t simply join an angel group dedicated to cybersecurity, but instead chose to also join the Keiretsu Forum, a global angel network founded in 2000 by Randy Williams – and often described as the world’s largest angel group. Worldwide, it has more than 4000 members in 60 chapters. Membership is by invitation only, but he had built a solid relationship with many VC firms. Like SVCI, Keiretsu focuses on startups with high growth potential; but unlike SVCI this is not limited to cybersecurity firms.
“I started by focusing, naturally, on cybersecurity. I’ve got plenty of deal flow coming from VC groups I had worked with while a CISO – they allow me to assess companies that they are assessing for their portfolio, and I get opportunities to invest in them as well. I’ve expanded that and joined several angel groups. I’m part of the world’s largest angel group, which is the Keiretsu Forum. And through them and a few others, I look at medical devices, clean tech, media companies – and I just made my first consumer product investment earlier this year. Now I’m fully swung into the angel investing world and have looked at the multiple aspects of what grows a good business and what a good team looks like.”
CISO in residence
Youngblood’s role as an angel investor brings us neatly to his most recent CISO position, as a CISO in residence.
‘In residence’ CISOs are another recent evolution in CISO roles, often linked to venture capital and provided by the VC firm to deliver an advisory rather than deep hands-on security role. Here the request came from the company rather than a VC organization – but the preamble was still investment.
“I’d been looking at the problem of non-human identities, which had been a significant issue at every company I had worked at.” It’s a problem that just keeps growing with business transformation, SaaS, and now agentic AI.
“I was looking for someone trying to solve this. I talked with several founders of startups, most of them still in stealth. Then I got connected with a firm that had been focused on NHIs since being founded in 2021. I was really attracted by that, and I was ready to make an investment. But the CEO said, ‘Hey, I’d like to work with you in a different way.”
They discussed how that different way would work and settled on the idea of CISO in residence – a tenured senior level executive that guides the company in the right direction; and it was a position he took. “I’m guiding the product team on how to align the product with the needs of large enterprises, working with the marketing team on the company messaging, supporting and guiding the platform strategy, and connecting all the dots with the salespeople.”
He used the emergence of AI as an example of this role. “We were focusing on and discussing the next layer of AI. Back in the Fall of 2024 I started talking to the firm about AI agents, and now they’re the biggest buzz in cyber. Well, all AI agents work off NHIs, so it was important we could handle the NHIs of agentic AI as soon as possible. I discussed this with the VP of product, he agreed, and now it’s in the product. That’s the kind of thing that a CISO in residence does.” It’s recognizing opportunities, necessities and improvements, and then helping the company do the right thing in the right way to have the best effect ahead of the competition.
Connect with Security Leaders at the CISO Forum
Related: CISO Conversations: Maarten Van Horenbeeck, SVP & Chief Security Officer at Adobe
Related: CISO Conversations: Jaya Baloo From Rapid7 and Jonathan Trull From Qualys
Related: CISO Conversations: LinkedIn’s Geoff Belknap and Meta’s Guy Rosen
Related: CISO Conversations: Nick McKenzie (Bugcrowd) and Chris Evans (HackerOne)
