Marcia Clark 
Table of Contents
A discussion with Mike Zachman, Zebra Technologies’ vice president and chief security officer. This is a single of a series of security management profiles organized by Cybersecurity Collaborative in conjunction with SC Media. Cybersecurity Collaborative is a membership community for cybersecurity leaders to operate with each other in a trusted surroundings. Uncover out far more right here.
Mike Zachman is now the vice president and chief safety officer (CSO) at Zebra Systems. He has world-wide duty for its enterprise-large item security, facts protection, company stability, and small business continuity programs. Prior to Zebra, Zachman was the initially chief information security officer (CISO) at Caterpillar, as nicely as Ecolab. Zachman retains an undergraduate diploma in management details systems from Millikin University, and a master’s diploma in organization administration from Bradley College. He is a Accredited Facts Safety Manager, Qualified Inner Auditor and is Qualified in the Governance of Company IT. He is an energetic volunteer with Junior Achievement and serves on the National Board for Easter Seals.
What would make a prosperous security leader?
A productive security leader need to be a courageous, credible, and risk-minded chief who values collaboration with their business associates and aligns their stability program with firm approach. A vital technique of prosperous stability leaders is absolutely leveraging the awareness and expertise of their peers in the safety community, their vendor associates, and government/legislation enforcement.
What are some of the exterior priorities and inner priorities that leaders must be concentrating on?
1st, know your environment. It is exceptionally difficult to secure what you do not know you have. This seems pretty primary, but it is a typical situation for corporations. Keeping a current record of programs, apps, and units is a astonishingly difficult activity. Knowing which techniques are the most significant is even more difficult, but having a prioritized inventory of digital assets is the basis for creating and executing a security system. Imagine it’s your position to preserve a group of university children harmless on a area journey, but you never have a list of who is going on the excursion. That list is likely the first point you’d request for right before leaving the college.
Second, know your defenses. Dependent on your inventory, you will need to make certain you have taken suitable actions to guard your assets. “Appropriate” is an vital term, simply because not all property really should be guarded the very same. To use a typical case in point, a company’s “crown jewels” really should be remarkably safeguarded, whilst its cafeteria menu ought to not. Constantly search for gaps in your defenses. After all, that is what the cyber criminals are carrying out. If you lock 99 out of 100 home windows, the criminals will obtain that just one unlocked window. Always be on the lookout for your weakest link so you can fortify it.
Third, exercise your reaction. Companies will have a security incident/breach. It is only a matter of time, so any excellent cybersecurity application involves efficient incident response. As I outlined previously, one of the most important sections of an incident reaction is the pre-setting up efforts that take place in anticipation of a long run breach. It is in these pre-setting up activities that providers have the most effective prospect of guaranteeing a immediate and successful reaction to a stability incident/breach. Imagine about fireplace drills the time to determine out evacuation routes is not during a genuine fireplace. It is not enough to have prepared individuals routes we are demanded to observe them by using hearth drills.
Ultimately, communicate effectively. Persons equate protection with secrecy and there is some truth of the matter at the rear of that. Nevertheless, excellent cybersecurity plans need to also be effectively transparent. For case in point, executives need to have to know and recognize the cybersecurity pitfalls experiencing the enterprise. An helpful method does not overstate the dangers by spreading FUD (panic, uncertainty and question) in the hopes of acquiring a lot more funds. An helpful cybersecurity system also does not understate the dangers to get good rankings or stay away from difficult discussions. Transparency is paramount when working with exterior stakeholders. The past approaches of denials and “sugar coating” breach disclosures to the general public have normally established additional unsafe to the organization than the breach itself. As the adage claims, “It’s not the criminal offense, it’s the coverup” — the similar is generally legitimate with stability incidents/breaches. External stakeholders are substantially savvier than providers may well feel they are able to recognize the info — very good and terrible — with regards to protection incidents.
How can cyber leaders function with company peers to gain acquire-in from C-suites and boards of directors?
Building interactions with other govt leaders and your board is vital. Be viewed as a company enabler, not as a hurdle. The use of fear, uncertainty and question merely will not do if you want to be perceived as a legitimate chief. The means to influence is crucial to the results of a cyber software, and your skill to impact will be established by your believability and means to communicate.
Pay attention a lot more than you discuss. When you speak, do not converse about vulnerability counts and complex controls converse about cyber dangers inside of the context of the organization. Don’t be the “Department of NO” — be the “Department of KNOW.” Provide solutions, thoughts and tips. Support possibility-primarily based final decision making.
What forms of non-specialized training do stability leaders need to have to be thriving in foremost international enterprises?
Security leaders require the exact coaching as any effective government. Key education should focus on leadership and communication. The ability to build and push a typical vision, aligned to the overall business, is basic. How to make, inspire and manage your team is important. The capability to affect others is a vital success aspect.
Why did you join the Cybersecurity Collaborative?
I benefit the electric power of the collective knowledge observed by means of the cybersecurity community. Peer networking and collaboration is a worthwhile “easy button” that we all can use. In addition to peer networking, the Cybersecurity Collaborative goes further more by organizing Process Power groups to carry assets from a variety of members jointly to tackle normally prioritized challenges.
What has been valuable to you with your membership in the Cybersecurity Collaborative?
I have personally located the finest benefit in the very well-structured peer networking gatherings as perfectly as the everyday email messages with cyber-connected news headlines. My broader staff has benefited from the teaching readily available as a result of the Cyber Management Academy as nicely as numerous of the Process Pressure teams.
