Joe Greene

Cyber Security Leaders - Joe Greene, CISO at American Chemical Society and CAS

Joe Greene is fuelled by a passion to help and unite the security community to accomplish good.

Over the last 20+ years, Joe has been the Chief Information Security Officer and worked for many different industry verticals such as: Healthcare, Financial Services, Cyber Security Consulting, Government, Software as a Service, Publications, Education, and Membership Society Organizations.

This wide breadth of industry vertical experience, innovative approaches to develop and deliver a comprehensive suite of services and solutions allows him to help organizations go beyond technology to resolve their struggles and to work with business executives to deliver solutions that create real value for organizations.

The job of CISO is never going to be an easy one, no matter what you do. The bad guys only have to be right once. How do you deal with that when it seems like an impossible challenge?

Organizations continue to put their staff at a consistent disadvantage when you look at daily activity that must be done.

DAILY TO DO LIST

Attackers:

Identify a target
Breach your network
Monetize the breach or data taken from the breach

DAILY TO DO LIST

Security Professional:

Hours of meetings
Status updates
Add notes to tickets
Timesheets
HR mandated training
Close tickets
Update slide deck
Update policies
Update knowledge base
Improve security posture of organization

Try to find ways that your team can enhance their productivity and remove repetitive and unnecessary tasks.

How can security executives get that ‘buy-in’ from the top?

For years, Security Professionals have struggled to have a voice at the Executive Table. However, recent events in the news have made Cybersecurity a consistent Executive Board topic. I’ve found it to be effective to have a closed-door session with the Executive Team to discuss Current News Events and tell the story about how our organization may become impacted.

How can CISOs / Leaders better understand a business’ needs?

The best thing to do is walk in a workforce member’s shoes. As an example, when working at a large hospital system I spent several days meeting with Residents and Physician’s and tried to understand the impact the security controls were having on patient outcomes.

One evening we decided to hold a meeting in our Research and Innovation Lab, where I got a first-hand experience of what it was like to have a patient come into the ER and bleeding while implementing security controls. The physicians had a great laugh at my expense but the relationship that was created in the process was well worth it.

Threats are everywhere and always changing. How can we address this difficult reality?

The reality is that organizations are constantly under attack from Threat Actors. Security Experts leverage their background and experience to prioritize actions to be taken to reduce the attack surface that Threat Actors may try to exploit. As Security Experts, our challenge is staying up to date on the industry and translating the information that we learn out of tech/security speak and into what will provide the most business value to our organization.

How can CISOs / Leaders balance security and innovation?

The role of Information Security Leaders isn’t to say “No” and stop innovation. Our role is to enable innovation and be a business enabler. We need to be seen as part of the solution that can enable our business partner’s by saying, “I know how to do that”.

How important is information sharing within the sector to keep abreast of new threats and cyber security best practices? I believe that it’s critical to enable the Private and Public sector to share Threat Intelligence Information. There are many different Industries that still need to set up an ISAC to facilitate this level of Threat Intelligence Sharing.

Closing statement

Cybersecurity for me is not just a job, it is a passion, and it is a hobby. I love to coach, mentor, and train individuals early in their lives. Information Security has never been more important, to all aspects of enterprises and society. If you are thinking about getting into the Cybersecurity field, don’t wait. There are tons of opportunities with plenty of career growth. One of the things that I love most about my job is that there is something new every day.

If we think about the last year, we’ve seen nation states attempt to disrupt free and democratic elections. We’ve seen the continued, and in many instances, accelerated rate in which new and innovative technology has been adopted. We’ve seen a rising number of attacks on the supply chain and attacks on Local, State, and the Federal Government. This is why the role of the CISO has never been more important than it is now.