DARE #1 - Matej Zachar - CISO @Kontent.ai

Sometimes, we meet people who inspire us. Who make us believe that a different approach is possible. Who energize us with their passion.

“DARE.” is a series about optimists. About those who have the courage and creativity to constantly reinvent our businesses and our daily lives.

Immerse yourself in the world, strategy and methods of those who turn things around.

Matej Zachar is a passionate CISO, driven by the desire to place cybersecurity at the heart of business.

His journey is guided by deep curiosity and a love of learning. He bases his leadership on leading by example and teaching others.

A clear-eyed optimist, he sees security not as an obstacle but as a strategic driver of growth.

Intro

Was there a defining moment that steered you towards a career in cybersecurity?

Not really. I just stumbled upon it over the course of my studies. I saw Cryptography and Security as optional specialist courses  back then. It sounded both a bit dark and cool. In fact, I was part of one of the first Security cohorts which finished that program. And here we are. 17 years later, I am still knees deep into it. I guess it was meant to be. 

What is the common thread or latent goal that has guided your career? (Team quality, Product vision, Impact, etc.)

I guess I have this latent calling to make security more recognized and understood. I want to get the topic closer to people within the organisation. For it to have its own place within the company.

I sort of blame my roots for this. (Laughs) I come from a family of teachers. I grew up with people who enjoyed sharing knowledge and making people curious. 

And as a matter of fact, it is a very crucial part of being a CISO. Of course, there is a technical element at the core, but raising awareness is a key. I’m lucky to really enjoy doing both parts.

What specifically appealed to you about your current company and role?

I saw room for growth but I also liked the fact that security had to be at the heart of our value proposition. 

At the end of the day, it’s not about the size of the company, it’s about how much security your customers expect. For example, you could be a 20-people fintech and have 3 people working on security because you’re not going to sell a single product if you’re not trustworthy. Security is just part of the product portfolio. 

On the other hand, if you’re working in a manufacturing company, having a strong cyber security program isn’t going to make your sales take off. It’s not bound to the product.

In essence, I like to think of security as a true business enabler. We always work hands in hands with sales teams to ensure that it helps close business. We’re not just ticking a box to comply.

The Human

You’re 34. You’ve already been in charge of the cyber security of 3 companies. You now handle it for Kontent.ai and its 150 employees. What character traits have gotten you here? What would be your “superpower”? (i.e.: what you do faster and more easily than others)

I am going to go for something very analog for someone working in the digital sphere : reading. 

I have been reading all my life, as a child up until today. I’ve read about virtually anything. Learning about the world is a necessity. I do it every day, mostly via books or podcasts.

It is a great way of gathering little patches of wisdom which I wouldn’t otherwise have access to.

I like to think that it brings me a bit more nuance when it comes to understanding cultures and people but also to making important decisions.

Your job involves a lot of responsibility, and therefore stress, I imagine. How do you deal with it? Where do you draw your resilience from?

I’d say that I am painfully optimistic. (Laughs)

It might be a generational thing but I just embrace change. In fact, we have no other choice nowadays. But it’s like we’ve gotten used to it. 

In that sense, I couldn’t name you a practice like yoga or meditation. It is more of a mindset. It is about that decision I take every morning to commit to a good work life balance. To never compromise upon family time. I make sure that I make time for friends, and do things that I really enjoy doing.

I also run regularly, but it is just one thing among others. 

How would you describe your leadership style and how has it evolved over the years?

I guess something I hold dear is leading by doing. It sounds generic but I always try to be the first one involved. Be the first one to speak. The first one to raise your hand. The one that keeps sharing content that I think might interest the team. After a while, it starts to sink into you but also infuse within the team.

The downside of enjoying being in the action is that I must sometimes beware of not getting in the way of the teams. But if they’re important matters, I’ll always try and get involved to contribute. 

If I ask you about your best/worst management moment, does a story come to mind? What lessons did you learn from it?

What most fulfills me is when I see my team own up to something. When everyone feels responsible and we get into that collective flow of things.

A specific example could be when we started launching our first AI features. We quickly identified that there was an intangible but very real negative emotion around AI. Customers feared that there would be data security issues, that it would limit creativity of their people, etc. That’s when my team took the initiative of building a responsible AI framework, which was completely novel back in 2023. So new in fact, that we even got nominated for Top Security Team of the Year in the UK. We didn’t win (laughs), but when I look at the energy and drive the team showed, I feel like we sort of did. 

Do you have any mentors or role models? If so, why them?

Not exactly. Don’t get me wrong, I’m a firm believer in the importance of challenging your opinions and learning from more experienced people. But I don’t believe in having one single mentor to copy and paste their story . There are too many variables at play to restrain yourself to a few people. As a general rule, I like to get inspiration from almost anyone.

In fact, the further away from the cyber security field, the better! I tend to chat with a doctor friend of mine, and we often chat about parallels we see in our fields - because both are essentially about working with people. It ends up being more eye-opening than most conversations I’d have with an IT expert.

I mean that on the professional front, but also on a more personal note. Our era is filled with polarisation of opinions. Recommendation algorithms are building walls between groups of people  in our population. We all now have a responsibility to actively look for the end of the spectrum and challenge our way of thinking. 

It is important for us as a society but also for us as humans. It’s a way of training your empathy. For example, the other day, I was discussing with fellow CISOs, of which   80% are concerned about AI systems being trained on company data. With all the effort that AI vendors put into data security, I was quite surprised. But that’s great! We need to feel these shocks to keep putting ourselves in other people’s shoes.

The Strategy 

What do you see as the main challenges you’ll face over the next 5 years?

Agentic AI is changing the way we work. It barged in on our feeds  a year ago but the shifts in organisational strategy are profound and already happening, across the board. This will make the world more complex to protect in a way, as we’ll increasingly be protecting it from intelligences that we won’t fully master. 

It’s hard not to think of geopolitical tensions and uncertainty too. As a profession, we collectively need to be ready if something goes south. We need to be thinking about these things.

And on a more human level, I also see a challenge in a way people interact with one another. It all starts with a few tariffs and protectionist measures here and there, and before you know it, there are walls between societies and countries. It’ll be interesting to see how the next few years unfold. 

You have led your companies through the obtention of a wide variety of certifications (ISO 27001, 27017, SOC 2, GDPR, etc.) How do you get a whole company involved and moving? Any hacks to raise awareness and make people part of the solution?

You obviously need to have some people skills. You need to be able to convey simply the urgency and technicality of the matter at hand. But everyone sort of knows that. 

If you ask me about a hack, an approach I find quite effective is when cybersecurity becomes a crucial sales argument. For instance, we were in discussions with a customer who wouldn’t buy our product unless we were ISO 27001 certified.

Thanks to the support from the business, we closed the certification in 6 months.

It is quite powerful to leverage big business opportunities to infuse a sense of urgency within the whole company.

You have worked in Ireland, Switzerland, Czech republic, etc. Anything you’ve learnt from that? 

I would say: “The world seems more global than it is.” (Laughs)

You don’t need to go that far to start feeling a difference. A few hours on the train and people will perceive you differently, use different words, have a different relationship to work, etc. 

I believe traveling makes you a better person, and working with other cultures a more complete one.

There is always something to learn or enjoy, be it nature, cuisine, culture, local artworks, etc.

Is there one specific piece of technology that has shaped your life?

I would say my personal computer. It goes way back but it will always remain very special. The first time you get your hands on it and start building that little universe of your own. In my case, it was obviously also the start of a founding fascination. 

Hindsight and Foresight

What advice would you give to your "you" of 10 years ago, or to a young professional starting out today - in technology or otherwise?

To a younger me? Buy bitcoin. (Laughs) You’ll be fine.

Young professionals have it tough nowadays, with high competition for junior positions and internships. I would encourage everybody starting in the field to embrace AI, not to be afraid about gig work (bug bounties, freelancing) and to keep learning. 

In a context where some consider technology to be taking over our lives, do you consider yourself optimistic for the future? If so, why? 

I think you have to be optimistic.

It is true that technology comes with looming threats. To some extent, AI is already smarter than we are - when it comes to crunching large amounts of data for example. And it’s only going to get smarter and smarter. Will we save AI from going rogue? 

I personally don’t think that using AI will make us dumb. But it may make us less wise if we let it. If we outsource it all of our thinking.

All these matters will make regulation all the more strategic and important in the coming years. We’re already witnessing humanity reaching a philosophical crossroads. How much freedom and innovation can we allow at what cost? The key will be to strike the right balance AND scope. Europe needs to decide wisely if we don’t want to be left behind.