For part three of our All-Hands blogpost series (part one & two here), the Parliament of Owls hosted a conversation on the constant “balancing act of a CISO” with a very special guest of honor, Pete DeGroot! Pete currently serves as SVP and Chief Information & Security Officer for Canada’s largest news publisher, Postmedia Network Inc. (where he has been for close to a decade). Pete was kind enough to zoom in with us to explore the responsibilities of a CISO and technology leader and share the perspective of an executive whose accomplishments throughout his career are nothing short of herculean, especially in this new complicated era.
BEING A CISO FEELS LIKE BEING THE GOALIE ON A HOCKEY TEAM– AS THE LAST LINE OF DEFENSE, YOU’RE EXPECTED TO MAKE A SAVE 100% OF THE TIME.Peter DeGroot
Pete has a very long track record as an accomplished technology executive, and is very well respected in the industry amongst his peers. As a CISO, Pete has precious insight in terms of what makes for good security products and practices. We were lucky to have him join us and share his perspective!
Here are some of the things from our conversation that really resonated, and got us thinking:
- Pete has coached hockey for about 15 years. He likens his experience as a CISO to being a goalie on a hockey team. “It really is the last line of defense. When the puck gets to you, you’re expected to make a save 100% of the time.” The CISO’s job is to coach the skills to the entire team, so that they don’t have to rely on the goalie all the time.
- The role of a CISO is an executive security leader responsible for managing risks, both up and down. A CISO is the advocate in the company, understanding and communicating the entire risk profile. They have to keep everyone informed, especially the board. It’s a balancing act between the risk appetite and the corresponding controls and mitigations.
- For the CISO today, the move to the cloud brings new risks to communicate and handle, and Pete loves the new approach of security from the inside out. This is a welcome contrast to the historical approach of just keeping the bad guys out. Nowadays, with so much data and infrastructure in the cloud, what’s “outside” and what’s “inside” is often less clear, so securing from the inside out — securing the data where it is — that’s super important now.
Insights on How CISOs Adopt New Tech
- When messaging with a CISO about your product, understand that their profile is risk mitigation. Messages that are tightly focused are digestible and enable teams to understand quickly if a product can solve their problems. After all, new tech is change, and any change is pain. The change must be worth the pain.
- The other hurdle in adopting a new solution is fitting it into your environment and team. Security products he buys have to “plug into the current set of people and technology.” It’s not realistic for him to hire new people to manage each new piece of technology he adds.
Thank you Pete for sharing your interesting anecdotes and insight. The parliament of owls salutes your wisdom and appreciates your efforts. We invite you to follow Pete DeGroot on LinkedIn. That’s owl for now!