To many cybersecurity is a deep dark unknown. They either don’t understand it, don’t want to deal with it, or were terribly afraid after looking into it. In that way, it is a bit like death itself.
For the last fifteen years, I’ve run interference between executive management of companies (read c-level and boards) and the security staff. In most companies, this position is called the Chief Information Security Officer (CISO) but the title is less important than the fact that I’m the executive that helps insure that the company puts the right people and processes in place to protect the business. To be clear, I’ve been an executive for a long time and while I have technical skills, it’s been a long time since I had my hands on the keyboard for a living. Do I have a fair score in Hack-the-box? Sure, but I’m not the guy you want in that position since I started my first company.
I started a company in college doing custom programming. It was fun and the money was pretty good for a student. I was good enough to land some nice clients with some recurring revenue. Enough revenue to sell the company a few years later. Before I was thirty I had a new job at a tech startup out of Denver. In that role I switched over into the “hardware side” building networks around the world. I loved the job. As a single person flying around the world and managing the deployment of a global network in the dot-com boom was a great experience! I must admit I was not a great winner in the dot-com bust that followed.
From there I landed as VP of IT at a healthcare services company. As things rolled along, while my title remained the same, I found I was focused more and more on the security of the network then managing it. I became a CISO in practice if not title. I lived through two breaches. The first breach was minimized because, similar to defenders not understanding the game, hackers really didn’t know how to pivot. I got lucky because it got me the resources I needed to develop a disaster recover plan.
The second breach really wasn’t “mine” at all. An employee of a partner posted an Excel spreadsheet with my member’s healthcare information on a public classroom website asking for advice on creating a cross-tab.
At that point HIPPA was the law of the land and triggered breach notifications and queries from OCR, not to mention handling the public fallout. Again, I was thankful that we had a plan in place. A good deal of my time in those days was working with the board to explain what was happening, what we had in place, and coaching them on what the breach WAS NOT.
Now I work as a technology expert on boards of small to mid-sized companies. I spend my time learning about the newest threats as well as keeping up with the laws. I’m an expert on enterprise risk management, particularly in the cybersecurity space. I bring a wide range of skills into the board room, not just as a technologist. My background in strategic planning is often well appreciated but also my operations and marketing experience.
I also serve as Chair of the Board of Directors for The Lamp of Learning, a mentoring and scholarship non-profit in San Diego. In 2014 I took over as chair when the founder, James Bowers, retired. Jim was an amazing guy and well known in the San Diego Philanthropic Community. I realized if the program was going to survive, it needed to grow. I incorporated the program and filed to gain full 501(c)(3) status with the IRS. Since then, the Lamp of Learning has grown. I would like to that University Club atop Symphony Towers for their support over the last years that has allowed us to grow.
- Elevating Board Performance: Insights and Opportunities - May 9, 2024
- Microsoft’s Security Reputation: A Balanced Perspective - April 23, 2024
- What Makes a Nonprofit Successful? - April 17, 2024
