Lee Mössner

CISO  ·  Cyber Risk Advisor  ·  Active Defender  ·  Zürich

Who I Am

Twenty-five years across Tier 1 financial services and Big Four — staying technically sharp while being heard in the boardroom.

The combination that matters: someone who can read a threat at protocol level and explain its business consequence to a CFO in sixty seconds. Most security leaders do one or the other well. The work I'm proud of required both in the same conversation.

Executive

Heard in the boardroom

Board and C-suite risk advisory across Tier 1 banking and Big Four professional services. Investment cases that moved multi-million CHF decisions. Risk appetite conversations, vendor challenges, regulatory briefings.

  • EMEA security governance across 60 territories
  • Multi-million CHF security investment ownership
  • International conference speaker
  • ISO 27001 · NIST 800-53 · DORA · NIS2 · CRA
Technical

Still hands-on

Cloud and AI security architecture, DevSecOps, application security, and active deception technology — built and operated in production. The technical credibility is what makes the board conversations land.

  • Cloud & AI security architecture
  • DevSecOps & application security
  • Deception technology & active defence
  • Threat intelligence engineering
Track Record
Zero
High/critical production findings since 2017 — across platforms serving 650,000 customers
99%
Reduction in malware incidents at PwC — by challenging a posture nobody had questioned in twenty years
25+
Years across UBS, Credit Suisse, and PricewaterhouseCoopers
Director, CISO & Cyber Security Advisor
UBS Group / Credit Suisse AG
2017 – Present

Transformed the security posture of online and mobile banking platforms serving 650,000 customers — zero high/critical production findings since 2017. Board-level advisory on existential and reputational risk. Drove the shift to a DevSecOps mindset across IT development teams. Security advisor for the Credit Suisse Italy migration into UBS, ensuring a secure, high-integrity transition with zero incidents throughout.

Corporate Information Security Officer
PricewaterhouseCoopers
2007 – 2017

Enterprise CISO for PwC Switzerland. Challenged a 20-year assumption that end-users needed local admin rights — dismantling it enterprise-wide and cutting malware incidents by 99%. Chaired the EMEA Security Group across 60 territories and 150,000 employees; member of the Global Information Security Solutions Board. Trusted advisor to the General Counsel and Risk Management Partners on security risk. Managed CHF 500k–2M annual security investment.

Active Projects
Active Defence
MIRE / C³

Built from the observation that internet-facing systems are probed relentlessly — and defenders spend most of their energy trying to repel that noise.

The alternative: embrace attackers rather than block them, and feed them synthetic environments that look real but aren't. Attacker persistence becomes a liability for the attacker. MIRE/C³ is that idea in production.

Home Analysis
Threat Intel
The OpenCanary Experience

A distributed honeypot array generating real-time attacker behaviour intelligence from live internet-facing traffic. Presented at the SIGS SOC Forum 2023.

Contributed improvements back to the OpenCanary open-source project — pull requests reviewed and accepted by the maintainers.

Home Analysis Threatmap

Want to talk security, deception tech, or about something that keeps you up at night?

mail loading… corporate_fare LinkedIn history_edu @SecuriLee