Gestern • 42 Min.

Toni Garcia, Global CIO at Neuraxpharm and former CISO, comes with a clear position: agility and pharma compliance are not opposites — you just need to know which parts of a project require waterfall and which can be agile. He's equally direct about cybersecurity: people are not the weakest link, they are the strongest layer of defense. The conversation moves between hacker mindset, C-level leadership reality, and what actually makes teams perform under pressure. Key Takeaways Agile works in pharma if you split the project correctly: URS creation and validation follow waterfall, implementation can be agile.Security and digital transformation are not enemies — they share the same path and depend on each other to succeed.Hackers are agile by default: they try, fail, and adapt. IT departments need to learn the same behavior.People are the solution to cybersecurity, not the problem. No firewall stack replaces a well-trained, alert team.The most important KPI for a high-performing team is not a metrics dashboard — it's whether the team experiences decisions and priorities as clear and fair on a daily basis.Perfect does not mean error-free. Zero-day vulnerabilities can hit anyone. Accepting that imperfection is part of the equation is what allows you to act at all.As a CIO, the real job is giving the team time, budget, and good decisions — not solving every problem yourself.Links & Resources DORA (DevOps Research and Assessment) – Google Cloud research program on software delivery performance: https://cloud.google.com/devopsDORA State of DevOps Report 2024 (: https://dora.dev/research/2024/dora-report/ISO 27001 – Information Security Management System (mentioned by Toni as the most valuable framework): https://www.iso.org/isoiec-27001-information-security.htmlNeuraxpharm (Toni's current organization): https://www.neuraxpharm.comBook Accelerate by Nicole Forsgren, Jez Humble, Gene Kim – scientific foundation of DORA metrics: link not found, please search separately (ISBN: 9781942788331)