Or listen in your favorite podcast app
Improving Security in the Tech Industry
IT security is becoming more important each day. Julie Cullivan, the Chief People and Technology Officer of ForeScout, joins us to discuss the ways IT security is expanding, how AI and machine learning will fit into that expansion, and how to increase diversity in the IT field.
“Innovation has to be done in the context of problem solving. If I can identify where there’s real need and a problem, then I can come up with an innovative way to solve that.” — @julie_cullivan #ITVisionaries
There is no question the IT security is becoming one of the most important areas of focus for companies large and small. More data than ever before is being collected and shared, and the security measures to protect that data constantly need to be upgraded. At ForeScout, Julie Cullivan (Twitter, LinkedIn) serves as the Chief People and Technology Officer and works to make sure that businesses around the world are equipped with the most advanced tech possible to keep them safe.
In this episode of IT Visionaries, Julie sits down with Ian to discuss how she found her way into the world of IT and the role of CIO, what it means to be responsible for the IT security of a company, and what the future holds for the industry as a whole.
Topics Discussed: Security, cybersecurity, technology, IT, OT, diversity, inclusion, women in tech, AI, machine learning, big data.
Introducing Julie — (1:30)
- Julie joined ForeScout 18 months ago as CIO and to help with business operations. She also recently took on the role of Chief People Officer. These two positions allow her to keep her finger on the pulse of the organization in two very different ways.
- “I’ve always been passionate about developing teams and about culture and values, but always more as a consumer. Now I get to play a role in developing and influencing what we do at the company for the people.”
Joining ForeScout five months before the IPO — (3:30)
- As opposed to start-up mode, when a company is going public they need to focus on IT and operations. ForeScout was looking to bring in someone to focus on compliance and security, so Julie started out with her sights set on leading the business transformation that happens when a company goes public.
- “The real work starts after you go public.”
- After going public, there is a shift toward hitting quarterly goals and a pressure to make sure the company probably prioritizes these goals.
How Julie developed into a CIO — (5:55)
- CIO is not an easy role to take on and Julie — who came from a business and team-building background — had never done the job before, so she was nervous to accept the offer.
Cyber risks and the challenges in security IT — (11:20)
- “The ultimate challenge is that the threats out there are real.”
- The biggest breaches happen when you’re not able to wrap your head around the foundational aspects of the security problems you are looking to solve.
- Attacks aren’t always necessarily hyper-sophisticated. They often happen when attackers find the one window a company leaves open that can be taken advantage of.
- “In order to do the fundamental things well, there is a combination of technology, orchestration, automation and looking at ways to leverage the investments in security.”
Do security best practices exist? — (13:50)
- According to Julie, best practices are dependent on the size and maturity of a company, as well as what industry and market a company is involved in.
- There are many variables to consider and those variables tend to change over time.
- No one person or department “owns” the security of the company — the responsibility of keeping the company and its assets secure falls on everyone, not just the CSO.
- There is an assumption that CIO’s don’t understand security or think it is important, but as companies grow and compliance becomes more important, that assumption and the practices that lead to them will change as well.
- “No matter what, in the end, there is going to be some sort of connection back to your IT officers and the operational side of security. So regardless of the reporting structure, all those parties have to be aligned and on the same page or it’s not going to work.”
The difference between IT and OT — (16:15)
- IT is built around traditional corporate systems and the operations you have to run the business — the internal systems that you own to leverage the business.
- OT are critical business services — anything from IOT, printers, cameras, HVAC systems and more critical operational systems such as those running a nuclear power plant. Many are proprietary and cannot be taken down for patching.
- OT technologies were not traditionally connected to the internet but that is changing today.
- Who is responsible for each system is less black and white or separated than it was before.
What governance will look like going forward — (21:20)
- “Before you even worry about governance you have to make sure you have the visibility you need. Do you really understand everything that’s going on in your environment? That’s where I think a lot of companies struggle because they think they’re okay but how do you know if you don’t have complete visibility?”
- You have to have consistent processes in place to understand all aspects of your systems and resources.
- It starts with visibility and once you have that you need to add policy and governance on top of it.
How innovation happens at ForeScout — (22:00)
- “I think innovation has to be done in the context of problems. Innovation for the sake of innovation is difficult to do in a company of my size. But if I can identify where there’s real need and a problem, then I can come up with an innovative way to solve that.”
- CIOs always want to talk about their technology, whereas Julie tends to want to talk about the problems she is facing and figuring out if the technology being offered can help solve those problems.
The growth of AI and machine learning — (25:00)
- If you leverage the technology in the right way AI and machine learning can be valuable in how your products interact with customers.
The ForeScout Women’s Network — (28:00)
- Julie and a group of others wanted to build a community and have an impact on diversity and gender balance within the company.
- “It’s as much about bringing diverse talent into the organization as it is about keeping diverse talent in the organization.”
- The network provides a sense of community and an opportunity for women to see that there are others like them who maybe have endured similar struggles.
- Men are also welcome in the network!
- A lot of attention is paid to job descriptions and ensuring that women and diverse candidates are being brought in for every interview, especially at the executive levels.
- Creating measurements to track progress is important so that you can see whether or not progress is being made in terms of diversity.
- “I didn’t spend a lot of time thinking about, ‘Well, I’m a woman, am I getting a fair shot?’ because things were going well for me. It was not until I worked for a company that was not a West Coast headquartered company, went to my first meeting and there were two women in the room and everyone else was a man. That wasn’t abnormal to me until someone assumed that I was somebody’s administrative assistant. That’s when I noticed it and thought, ‘Wow, this is real.’ And it woke me up to what I could be doing.”