Part II: Coffee with a Former US President's CISO
Updated: Mar 10
Greg and I have been exchanging emails for a while. He had seen my #CyberRiskLeaders work in the industry and I was delighted when I finally had the opportunity to meet with him when he flew in from D.C. Washington for the ISACA's 50th Anniversary Conference, held in New Zealand this year.
It is not everyday that you get the chance to sit down with a former US President's CISO (Chief Information Security Officer), and not just any CISO I must add.
Greg stands for Brigadier General Gregory J. Touhill. He was appointed by President Barack Obama as the first Federal CISO of the United States back in 2016, and presently, the president of Cyxtera Technologies' Cyxtera Federal Group. It was such a privilege being able to pick his brain and also include his thoughts in the next print edition of my book Cyber Risk Leaders.
We discussed a few thought leadership topics including his personal advice that he would give to our next generation of #CISOs. We spoke about proportionate defense; CISOs shouldn't be trying to protect everything equally. Information has value but many CISOs make the mistake of trying to protect everything the same.
"Organisations fail when they spend a hundred dollars trying to protect a hundred million dollars worth of assets, and they spend the same hundred dollars trying to protect something that is worthless."
He also shared an encouraging #YouDidWhat?! story for #CyberRiskLeaders but from the perspective of a positive example of financial services that was breached earlier this year and what they got right.
Although Greg recognises the importance of holding companies accountable in the event of a breach, it is also important to reinforce the positive (especially on the things they got right in their detection and response), and what we can learn from that so that we can be better prepared.
"Rather than a beating and blaming culture, let's congratulate people on what they did get right."
That's another thing with Greg. He wasn't focused on just sharing industry knowledge. He took time to impart lessons along the way, sharing from his own personal journey and growth in career. That day, I walked away from my chat with Greg inspired, a timely reminder indeed on the:
the importance of seeking out #mentors,
recognising the good, and the progress that our industry has made, and
knowing the value that you bring as an individual.
About the Author
Shamane Tan is a published Author of Cyber Risk Leaders and the APAC Executive Security Advisor at Privasec, a leading and independent Security Consulting Firm. She has worked with exciting start-ups all the way to global organisations extensively in the Asia-Pacific region. Shamane advises the C-Suite and IT Executives on their business security posture to the reality of the challenges they faced from regulatory issues and cybercrime. She is also the founder of the Cyber Risk Meetup which is in four major cities in Australia, as well as Singapore. Her meetups offer Security Enthusiasts and Executives a unique platform to impart and exchange innovative insights.