By Melissa Gaffney on Aug 23, 2021
Now that we’ve officially kicked off our journey as McAfee Enterprise, a pure-play enterprise cybersecurity company under the new ownership of Symphony Technology Group (STG), we’re celebrating a lot of new firsts and changes. But one thing remains the same: our passion and commitment to make the world a safer, more secure place. And that passion starts with our people. In this new blog series, you’ll meet some of the executives devoted to tackling today’s most pressing security concerns and innovating for the future.
Q: How did you come into this field of work?
I didn’t start out in information technology, I graduated from college with a degree in physics at the end of the Cold War. At the time, all the physics jobs had evaporated, so I started out as an intern in programming at EDS. I did that for a few years and then went into management. I eventually became a CTO and then a CIO.
When I was a CIO, I learned that I really didn’t know much about information security, and it was hindering me in the CIO role. My next job was a director of information security at a financial services company, and I never looked back. I found that I had a passion for information security and have been the CISO at two different Fortune 500 companies. My current role as CIO for a company that creates enterprise cybersecurity software is a perfect marriage of both skill sets.
Q: With cybersecurity and AI capabilities expanding at a rapid pace, what will the future look like for companies like McAfee Enterprise in the coming years?
I think our products like Insights and MVISION XDR are going to change the way we think about security. We have always relied on “after-the-fact” data as opposed to proactively looking at our environment. The days of looking at packet capture and syslogs as our primary defense method are behind us. While they are great for those “after-the-fact” forensic studies, they really don’t do much to proactively defend your enterprise.
Understanding user and device behavior and being able to spot anomalies is the future. Information security leaders need to stop having a negative reaction to new technology and instead embrace it. I also believe blockchain will likely be a good solution for IoT identity and machine learning will take over for the SEIM. You will start to see our tools evolving to meet these new challenges and paradigms.
Q: Since joining the company just over a year ago, how do you feel you’ve been able to help the company grow since last year and the impact you’ve had in your role?
My team has done a very good job in leading the charge to the cloud while at the same time reducing costs. But we are just at the beginning of the journey, and have a long way to go.
We have also challenged our lack of standards and formed the Enterprise Architecture team to drive these patterns into the organization. As Hamlet said, we must suffer “the slings and arrow of outrageous fortune” for trying to drive that change, but I have been impressed by the dedication of members of our Technology Services team. Our security team has worked in lock step with the rest of the organization to drive our outward facing security vulnerabilities down to zero. That is not where we were when I arrived, but the team took a measured approach to dramatically improve our security posture.
I also enjoy spending time with the sales organization and helping them in supporting our customers. After being in the CISO role for over 12 years, I understand how difficult the role can be. I like to help our sales team understand what pain CISOs are experiencing and how our products can help.
Q: How do you hope to impact change in cybersecurity?
I have been involved in the clean-up of two major breaches. While it is easy to get caught up in the numbers of records lost or how the breach will affect the organization’s stock price, there is a very human cost. Many security or IT leaders lose their job after a breach where stolen records are used to commit identity theft which is very painful to reconcile if you are victim, as we have seen in some of the ransomware attacks on healthcare systems that may have led to the death of patients. The great thing about being a leader in cybersecurity is that you feel you are doing something for the good of the public.
My teams have worked closely with various law enforcement agencies and have caught attackers. There is no better feeling than knowing you have taken down a criminal. I personally want to look back on my career and believe the field of cybersecurity is in a better place than when I started and that the company I work for played a major role in that change.