On today’s episode, Jeff Schilling, the CISO for Teleperformance, joins us today to discuss the transition from a security career in the military to the private sector, the importance of relationships, and security in relation to the Cloud.
Transition from the Army to Civilian Life
Jeff recounts his career in CISO, first discussing Teleperformance, which he joined this year. He then dives into the 24 years he spent in the military, which ended with his retirement as a Colonel in 2012 from US Army. Though his army career was very varied, he loved every part of it.
When he left the military, Jeff did a 180 and decided not to work in government, which proved a more difficult path. He learned early on that the threat profile is very different in the civilian sector than it is for the military, as well as how that threat is discussed. One of the hardest parts of the transition is the lack of basic security knowledge or awareness in the civilian sector. In the military, everyone is speaking that language and thinking about security and security operations center. Listen to the episode to hear more about the challenges that Jeff overcame, and the insights learned.
Thorough Examination
One of the other important lessons the Army taught Jeff was diligence. He approaches every potential threat or breach with a thorough process. He believes that while many security officers excel in stopping a crisis in the moment, they forget to step back and assess why that crisis occurred in the first place.
Jeff speaks on how after a breach, many SOCs place the work on the IT team. However, he believes that everyone involved should examine what actually went wrong and make an effort to document the incident correctly. If the incident is documented thoroughly and accurately, then leadership has a better chance of properly understanding what occurred and how to prevent similar breaches in the future
At the end of the day, Jeff says “it’s what you measure, and how you measure it.”
The Importance of Relationships
Jeff next speaks on how he has witnessed many CISOs and CIOs say they will never work for each other. He believes this is the wrong attitude because those are all people that can help close your security gaps and make your job and life easier. He acknowledges that you don’t need to be buddy-buddy, but you do need to have an understanding of how someone else’s goals intersect with your own.
Jeff touches on how this relates to viewing the SOC as a whole. He advocates for a normalization of data across all sector in the risk management. Data needs to be translated into a risk statement that makes sense for that risk officer in order to show the gravity of the situation in a way that is clear and understandable. Listen on to hear more of Jeff’s thoughts on why clear communication and respectful relationships affect security.
Elevated Privileges
One area of security that Jeff points out is currently weak is the protection around elevated privileges. He illuminates how many major breaches have been a result of a security issue with those that have elevated privileges. For example, the lack of a two-factor authentication code for execs because they don’t want the extra step of looking at their phone poses a threat to security that could easily be solved.
The Security Environment in The Cloud
Jeff recounts a funny story in which he wound up speaking at Cloud Security conference as the expert for the Department of Defense, when only a few weeks prior, he had to Google what the cloud was. Listen to the episode to hear how this assuming antic occurred.
In talking more seriously about the Cloud, Jeff asserts that it’s actually easier to defend on the Cloud, as he no longer has to wait for someone to go to a data center and make sure all the...
