Among the priorities competing for the attention of CIOs in 2018, improving cyber security has moved furthest up the radar, jumping 23% from 2017 to 2018 from 40% to 49% in the Harvey Nash/KPMG CIO Survey 2018.
For Bill Brown, protecting Houghton Mifflin Harcourt from nefarious attacks is his number one priority. But unlike most CISOs who oversee information security for their organizations, Brown is a former CIO who is parlaying his prior experiences and expertise into his role as SVP & CISO for the educational and trade publisher.
"As the CIO, you're responsible to help advance technology throughout the organization," said Brown, former CIO & CISO at Veracode and former CIO at Iron Mountain and Avid Technology who joined Houghton Mifflin Harcourt in October 2017. "I'm coming into the CISO role with the mindset of advancing technology and reshaping the CISO perspective on digital transformation from "let's go slow and avoid risk" to "let's figure out how to do this fast but securely."
Brown will be sharing these and other unique insights as a speaker at HMG Strategy's upcoming 2018 Washington, D.C. CISO Executive Leadership Summit, taking place on September 18 at the Capitol Hilton Hotel.
Brown analogizes his role at Houghton Mifflin Harcourt as the `CISO Mullet': Enforcer in the front and enabler in the back. "How do we enable digital transformation in a risk-averse manner?," Brown asks. "We're incorporating more digital technologies while increasing the security perimeter and using data in many different ways - all the while being sure to address data privacy initiatives like GDPR and conveying to our customers and employees that we're keeping their data secure."
Brown and his team do this, in part, by partnering with the publisher's developers and engineers to incorporate security early on in the company's software development lifecycle using a DevSecOps approach. "Many times, the CISO internalizes the responsibility for protecting the organization, but when you think about it, we don't deploy code or systems," said Brown. "So, we need to partner with developers and engineers to help them protect systems. We find it's a lot less expensive to identify issues early on in the software development cycle than addressing them later on."
One of the ways that Brown and his team help to apply innovation at Houghton Mifflin Harcourt is by steering away from the historical mindset of trying to protect everything. "The perimeter is so wide and dynamic that a CISO can't secure it all," said Brown. "You have to identify the critical assets we're going to protect along with the the gaps that pose the most risk and deploy people, process and technology to address those gaps. This includes communicating to the CEO and the board that we're going to have to accept risk in some areas."
To learn more about HMG Strategy's upcoming 2018 Washington, D.C. CISO Executive Leadership Summit and to register for the event, click here.