Cybersecurity Leaders - Dennis Leber - The First Global Cyber Security Observatory

Cybersecurity Leaders – Dennis Leber, CISO @ the University of Tennessee Health and Science Center

Cybersecurity Leaders – Dennis Leber – Dennis started his cybersecurity journey in the US Army. After transitioning to a civilian career, he obtained experience in the Automotive Industry, Federal Government, Healthcare, Financial Industry, State Government, and now Higher Education. Each of these industries provided experience and knowledge that lends to his success in cybersecurity and building cybersecurity programs.

Why did the role of CISO appeal to you?

The role of CISO appealed to my career path based on the love I have for the cybersecurity industry, community, and work involved. I love that I get to build teams and programs that have a positive impact on the organization we serve and influence a key business function while growing the executive staff’s understanding of cybersecurity and developing our next generation of cybersecurity professionals.

If I gave you an extra Euro/Dollar, how would you spend it on cybersecurity?

Training, much like a real estate agent preaches, Location, Location, Location. In cybersecurity it is training, training, training. Train your users/staff, train your leadership, and train your cybersecurity staff. Our industry is one that changes rapidly; training your cybersecurity staff must be invested and invested in well.

What should corporate boards know about conducting information security?

We are at a good place; boards are embracing the fact that cybersecurity is a key business function equal to any other area of business. The item I would recommend expedited is separation of Cybersecurity from IT.

There is no need to repeat the tons of data points that back this move, I only add that IT Security/Information Security is just one portion of business that cybersecurity addresses and not a reporting function of the same.

What unique security challenges does your industry face?

I love discussing this; each industry faces specific regulations, some shared regulations and compliances, laws, etc. Dependent on the industry, there are custom types of data that only that industry experiences which may have specific control requirements.

However, at the foundational level, data is data, networks move the data, and machines store and process that data. People try to steal, corrupt or disrupt that data by attacking one or all these parts. We all face the same challenges at the end of the day.

How do you make sure you know what new projects are on the road map and that security is baked in from the process side?

I have addressed this challenge with success, and my approach may work for others: building relationships, listening to the challenges, and innovative solutions to those challenges. A recent example at a previous organization where we addressed this is one where we experienced security’s involvement at the end of projects (maybe first we knew of it) or at some point was asked during development what the security/compliance requirements were.

Our approach was working with the PMO office, adopting the NIST CSF and creating “checklists” that covered the foundational requirements. Now the project teams have the requirements before anyone even touches a keyboard, the resources are identified, security becomes a part of the normal workflow and milestones in the plan.

How might we address the perception of cybersecurity holding back the business?

I have had success with a simple process; go and meet the business units and partners, listen to their concerns and develop enabling programs. The CISO must learn to become a business leader and align the efforts of their office to the mission of the organization.

Closing thoughts

If you are thinking about getting into the Cybersecurity field, don’t wait. There are tons of opportunities, it allows for a career that does not require you to do the exact same thing every day. Cybersecurity for me is not just a job, it is a passion, and a hobby. I love to coach, mentor, and train and be open to folks connecting.