Practitioner. Leader. Straight Talker.

About Blake
Duvall.

Cybersecurity and technology leader. Working CISO. Speaker. Someone who started at the bottom, built his way up, and still shows up every day to do the actual work.

Always Be CuriousRadical Candor Without Corporate BSTransparency Builds TrustAccountability Starts With MeCollaboration WinsEffectiveness Is the Only Metric That Matters Always Be CuriousRadical Candor Without Corporate BSTransparency Builds TrustAccountability Starts With MeCollaboration WinsEffectiveness Is the Only Metric That Matters
The Background

Built from
the ground
up.

At 16, Blake was already running a technology business: fixing computers, recovering lost data, building custom machines, and wiring small networks for clients who needed things to work and had no one else to call. What drove it wasn't the money (though it definitely helped). It was the need to understand how things worked at every layer, and the particular satisfaction of figuring something out under real pressure with real consequences attached. That instinct has been the engine ever since.

The early years were spent doing the work that most leaders later forget they never fully understood: managing servers at scale, designing systems from scratch, and figuring out how to keep complex environments running when things went wrong. He also discovered something early that stayed with him: the fastest way to sharpen your own understanding is to teach it to someone else. He became a deliberate mentor long before he had a leadership title, and he built documentation and training programs that turned individual knowledge into something an organization could actually rely on.

As his career progressed he moved into roles where security and operations had to coexist with real business pressure. Compliance programs, incident response, complex infrastructure deployments, and the constant work of translating technical risk into language that non-technical stakeholders could act on. Each role added a layer. The technical foundation never left. The strategic thinking built on top of it.

By 2015 he was leading security and technology programs at a growing organization, a role that expanded steadily over eight years through three increasingly senior titles. The work evolved from building programs to leading the people who ran them, from managing risk to shaping the culture that determined how a team responded when things got hard. The lessons from that period form the backbone of everything Blake teaches today.

Today he operates as a working CISO, accountable for real programs across multiple organizations, while building ThePracticalCISO in parallel. The platform exists because he believes the people coming up deserve better guidance than he had access to: honest, practical, and delivered by someone who still has skin in the game.

Career Arc
Age 16
The spark
First Technology Business
Repair, recovery, and small network builds for real clients with real expectations. The first encounter with genuine accountability, and the moment curiosity stopped being a personality trait and started being a professional advantage.
2010 / 2013
The foundation
Senior Systems Administrator
Production infrastructure at significant scale. Complex systems, high-stakes environments, and the daily discipline of keeping things running when they'd rather not. This is also where the mentorship habit formed: building training programs and documentation that gave organizations something more durable than any one person's institutional knowledge.
2013 / 2014
The crossing
Lead Systems Administrator & Security Officer
The first role where technical fluency and security leadership had to occupy the same seat. Infrastructure complexity, compliance accountability, and the realization that security isn't a technical problem with a technical solution. It's a leadership problem that requires both. The transition from practitioner to something harder to define had begun.
2015 / 2020
The build
Director, Security & IT Operations
Building programs from the ground up across security, cloud infrastructure, and IT operations. Compliance frameworks, identity management, disaster recovery, and the unglamorous work of creating systems that hold up under pressure. The connection between security rigor and business velocity became something Blake could prove, not just argue for.
2020 / 2021
The refinement
Senior Director, Security
The shift from building programs to building the people who run them. Incident response, vulnerability management, enterprise security frameworks, and a growing conviction that the quality of a security organization is ultimately a reflection of how much its leaders invest in the people they're responsible for.
2021 / 2023
The scale
VP, Security & Infrastructure
Executive-level ownership of security, infrastructure, and engineering operations. Reporting to C-level leadership, managing risk at the business level, and driving the kind of security-by-design culture where protection and velocity aren't in tension. The work of building a security program and the work of running a business became the same conversation.
2023 / Present
Today
Working CISO, Speaker & Content Creator
A multi-faceted security executive managing risk, compliance, and AI governance across organizations while staying close to the real work. Providing leadership to organizations navigating complex regulatory and threat environments. And building ThePracticalCISO because the next generation of security and technology leaders deserves honest guidance from someone still accountable for the outcome.

The Problems
Blake Solves

Every engagement Blake takes on comes back to one of four problems. If you're dealing with any of them, you're in the right place.

01
Leaders who can't make the leap
Technical experts who are stuck at the individual contributor level, not because they lack capability, but because no one ever showed them how to translate what they know into the language that drives decisions at the top. Blake made this transition himself. He knows exactly where it gets hard.
02
Executives flying blind on security
CEOs, CFOs, and board members who know they're accountable for security decisions but don't have the technical background to evaluate what they're being told. Blake translates security risk into business terms: budget, liability, growth velocity, so executives can make informed decisions without needing a computer science degree.
03
Organizations with a trust deficit
Teams that aren't performing because people don't know where they stand, decisions happen without explanation, and honest feedback has been replaced with careful corporate language. Blake's transparency and radical candor frameworks give organizations the tools to fix this, without making it a feelings exercise.
04
Security programs that don't hold up
Compliance-heavy programs built to pass audits rather than withstand real threats. Tool stacks that nobody actually understands. Certifications that look good on paper but leave teams paralyzed when something goes wrong. Blake helps organizations understand the difference between security activity and security effectiveness.
How Blake Operates

Six principles.
Non-negotiable.

These aren't values on a wall. They're how Blake actually operates, in the room, on stage, and when the hard conversations need to happen.

01
Always Be Curious
The best leaders ask better questions. Curiosity prevents complacency and drives continuous improvement.
02
Radical Candor
Clear feedback, honest conversations, and saying what needs to be said, even when it's uncomfortable.
03
Transparency Builds Trust
Teams perform best when they know where they stand, what's expected, and why decisions get made.
04
Accountability Starts With Me
Own the outcomes. Take responsibility when things go wrong. Give the credit when they go right.
05
Collaboration Wins
Cross-functional teamwork isn't the exception. It's the default in high-performing organizations.
06
Effectiveness Only
Measure progress by impact, not activity. Are we moving the needle, or just checking boxes?
Why It Matters

Credentials
you can
trust.

Blake holds a CISSP and has delivered compliance programs across nine frameworks, not as a consultant who scoped the work and handed it off, but as the person responsible for the outcome.

He's led organizations through security incidents, built programs from the ground up in government and financial services, and managed teams across security, technology, and engineering. He has been in every seat at the table.

That breadth is what makes the guidance practical. He knows what it looks like from the top and from the trenches, which means he can translate between the two with clarity and no vendor agenda in the way.

9+
Global Compliance Frameworks
SOC2 Type 2, FedRAMP Moderate, CMMC, TX-RAMP, HIPAA, PCI DSS, SOX, GLBA and more, delivered as the person accountable for the outcome.
3
Major Sectors
Government, financial services, and SaaS, including the US House of Representatives. Each sector with its own threat model, compliance regime, and risk calculus.
20+
Years: Systems Admin to CISO
Every step earned. The technical foundation came first, then the strategic layer built on top of it. That's the path Blake teaches because it's the path he actually took.
Certifications & Platforms
CISSP SOC2 Type 2 FedRAMP Moderate CMMC TX-RAMP PCI DSS HIPAA SOX GLBA AWS Azure GCP
Dedicated to proving
that leadership
can be transparent
and radically
effective.

ThePracticalCISO exists because Blake wishes someone had told him these things 10 to 15 years ago. Not the polished version. The honest version, the one that would have saved him time, budget, and a few painful lessons.

The platform is built for emerging leaders who are figuring out how to move up, and for executive buyers who need to make better security and technology decisions without wading through vendor pitches to get there.

Clarity is kindness. When people genuinely understand what they're dealing with, they make better decisions, build better teams, and lead better organizations. That's the whole point.

Ready to hear from someone still accountable for the outcome?

Book Blake