I’m incredibly excited about starting another great chapter in my life – moving from public service as CISO for the U.S. Secret Service to joining the Trend Micro team. As I write my introductory blog post, I can’t help but think how unbelievably fortunate I have been both personally and professionally. For that, I must thank my family and friends.
The same holds true after serving 20 years in the Service alongside the finest men and women in law enforcement. Throughout my career, I always sought to improve myself by consistently working outside of my comfort zone. I accomplished this by surrounding myself with the smartest and most talented individuals possible. Now I find myself doing the same with some of the most gifted cybersecurity professionals in our industry at Trend Micro.
Let me get started with an observation about National Cybersecurity Awareness Month (NCSAM). It’s clear that we all grasp the depth and breadth of today’s cyber threats. NCSAM was first observed in 2004, and since then there have been significant changes to the threat landscape. For context, in 2005 (according to the Privacy Rights Clearinghouse) there were 136 breaches reported and more than 50 million records compromised in the United States alone. Fast forward to today, where we have seen 4,620 reported breaches and more than 869 million records stolen.
In light of this volume and climate, I don’t believe a lack of awareness is the issue. Instead, we need to see a change in our national strategy from “awareness” to “resilience.” I propose we change this moniker from NCSAM to NCSRM (National Cybersecurity Resilience Month) and begin to focus on what matters most – how to transition from being the hunted to the hunter.
To drive this concept home, I plan to take the same approach I did throughout my Secret Service career – by collaborating and learning from the best. In upcoming posts you’ll see my exchanges with established security thought leaders across critical infrastructure sectors including healthcare, financial and government. We’ll discuss the risks they face and the resilient, proactive strategies they are deploying.
I plan to conjure the wisdom of Sun Tzu: “know your enemy and know yourself…” to help provide a deeper understanding of how advanced threat actors succeed. The goal is to unearth resilient strategies that move us from reactionary incident response practices to proactive threat response. Ultimately, I hope this series, and all of my future posts, can highlight topics that are relevant from the server room to the boardroom.
I’m looking forward to sharing this journey with you!