Ivan Milenkovic, VP Cyber Risk Technology, Qualys

Ivan Milenkovic serves as Vice President for Cyber Risk Technology at Qualys, a pioneering provider of disruptive, cloud-based IT, security, and compliance solutions designed to consolidate and streamline customers’ security requirements on a single platform. With over 20 years of experience in aligning complex technology landscapes and fluctuating risks with core business objectives, Ivan’s background includes a Group CISO role at a major multinational BPO, running a cyber advisory practice, and serving on multiple advisory boards. Earlier in his career, he was involved in the design and operations of systems supporting the Olympic Games, and he proudly notes having delivered projects across every continent except the frozen ones.

Ivan is a Certified Information Security Officer (S-CISO®) and is one of the trainers on the CISO2.0 course for the SECO Institute (for the S-CISO certification). He is currently pursuing a Cyber MBA at Lancaster University in the UK.

Recently, in an exclusive interview with Digital First Magazine, Ivan shared insights on the role of artificial intelligence and machine learning in supporting cybersecurity efforts, personal hobbies and interests, his favorite quote, future plans, words of wisdom, and much more. The following excerpts are taken from the interview.

What drives your passion for cybersecurity, and how do you stay current with the latest threats and trends?

My passion for cybersecurity is fuelled by its rapid pace of change and the sheer breadth of challenges it presents. Over the past twenty-five years, I have witnessed more innovation in this field than many other disciplines see over several generations. I began my journey in IT, moved into the identity space as it piqued my curiosity, and evolved into focusing on risk and trust. Staying current involves seeking out a close network of peers, tapping into trusted sources, and maintaining a healthy dose of inquisitiveness. Continuous education is vital, which is why I chose to pursue a Cyber MBA – largely because I felt I could expand on what I was learning in my day-to-day role, in a more structured manner. I also stay engaged by advising start-ups and diving into the latest trends firsthand.

What do you love the most about your current role?

I relish having a break from day-to-day operational demands and using that time to guide others – exploring their challenges and helping them find the right solutions. At Qualys, my work involves evangelising in the field of risk management, helping clients identify the real cybersecurity issues, sharing hard-earned insights with CISOs and their teams, and educating prospective CISOs through the CISO2.0 course offered by the SECO Institute (for the S-CISO certification). Despite stepping away from an operational role, I still meet new, inspiring people. Ultimately, I find satisfaction in making a difference – whether that’s by simplifying complexity or offering a fresh perspective.

Can you describe your approach to building and managing high-performing cybersecurity teams?

I liken high-performing cybersecurity teams to successful sports teams: the collective performance must surpass individual heroics, as relying on ‘heroes’ alone isn’t sustainable. Trust serves as the bedrock, and diversity ensures a range of perspectives and skill sets. Once the team is in place, I like to ‘lead from behind,’ granting autonomy and supplying the right tools and guidance, while offering protection and support when needed. I truly believe a leader’s role is to nurture, support, and enable, rather than command and control.

I encourage team members to make mistakes and learn from them. Mentorship, combined with candid yet caring feedback, helps nurture an environment where people can challenge each other, grow professionally, and stay motivated.

What role do you believe artificial intelligence and machine learning play in supporting cybersecurity efforts?

AI and ML are increasingly indispensable in cybersecurity, acting as force multipliers for both detection and response. They reduce noise by automating routine tasks, allowing practitioners to concentrate on higher-level, creative problem-solving. This productivity boost is critical in a field where response times can make all the difference. However, it’s important to remember that AI isn’t a magic bullet: human expertise remains central to interpreting results, making final decisions, and ensuring we stay relevant in an automated world. Moreover, there is still no replacement for human creativity.

What personal or professional philosophies have contributed to your success, and how have you applied these principles in your career?

At the heart of my philosophy is Radical Candor (thank you, Kim Scott) – caring personally yet challenging directly. Although the book and the philosophy behind it are relatively new, I recognised much of my own approach in its principles. I believe in taking ownership of one’s success: life is too short to wait for opportunities to appear at your doorstep. My moves across four countries exemplify this outlook. I also adhere to ‘walk the walk’ – talking about doing something is never the same as actually doing it. Failing is part of the journey, but honesty with oneself and others fosters genuine growth. This transparent approach, coupled with a willingness to put myself out there, has been key to every role I’ve undertaken – often resulting in invitations from companies that valued my approach.

What are some of your passions outside of work? What do you like to do in your time off?

When I’m not 100% focused on my work, I devote my energy to supporting my two boys, taking long walks with the dog, and tinkering with tech projects around the house. I’m also quite enthusiastic about cars, happily handling some of the servicing myself. While I’m more of a tennis spectator than a player these days, the sport still inspires me and reminds me of the importance of agility, strategy, and stamina – traits I find equally valuable in both work and leisure.

What is your favourite quote?

“Talking isn’t doing.” — William Shakespeare

This quote resonates with me because it underscores the importance of action. Words can inspire, but real change only happens when we roll up our sleeves and make it happen.

Which technology are you investing in now to prepare for the future?

Technology evolves at a head-spinning rate, so I prioritise investing in my family and myself above all else. Nonetheless, I keep a keen eye on solutions that streamline cyber risk management, whether through automation, data analytics, or enhanced threat intelligence. Specific tools may change, but the principle remains the same: continuously adapt to stay ahead of the ever-shifting risk landscape.

What are your long-term career aspirations, and how do you see yourself evolving as a leader over the next five years?

I’m increasingly drawn to the non-operational side of the industry, focusing on shaping strategic direction rather than hands-on execution. Over the next few years, I plan to transition fully into a Non-Executive Director (NED) capacity, contributing my insights and experience to help organisations make informed, forward-looking decisions. By doing so, I’ll continue refining my leadership style – leveraging Radical Candor, promoting trust, and ensuring diverse teams thrive.

What advice would you give to someone looking to break into the field of cybersecurity?

Curiosity is essential: always question, always learn. Find a niche that excites you and trust in your ability to develop expertise in it. Bring your authentic self to the table – be a bit rebellious if it suits you! Identifying your ‘superpower’ and perfecting it is an excellent way to stand out in a competitive field. Ultimately, believe in yourself, remain open to continuous change, and don’t shy away from calculated risks.

Content Disclaimer

Related Articles