What’s it like to transition from a security career in the military to the private sector? Jeff Schilling, Chief Intelligence Security Officer (CISO) of Teleperformance, had spent 24 illustrious years in the military, retiring in 2012 as a Colonel from the US Army. Before joining Teleperformance this year, he had previously worked with the United States Department of Defense and managed its security operations and incident response for more than 4 million computer systems.
Jeff’s transition from working in the military to working for a company in the private sector came with changes and challenges. In the latest episode of “The New CISO Podcast” featured on Exabeam, Jeffery shared how the threat profile in the civilian sector is a new ground for him, being very different from what he knew and understood well in the military. “I think the biggest thing that I saw that was different in the civilian sector was just the lack of a general knowledge and emphasis on security,” said Jeff. “And I’m not just talking about cybersecurity. I mean, when you’re a soldier, or grew up as a soldier, security operations—whether you’re doing it in the physical world or in cyberspace—a lot of principles are the same. Everyone in the military spoke that language of security and understood that language of security.” When Jeff started doing consulting for the private sector, he was surprised at the basic lack of knowledge of understanding security, what it means to be secure, and how to run security operations. “There is a big deficit of understanding not just how to run security operations, but how to run an operational process,” Jeff continued. “And that really, I think, became something that I have taken with me to all the companies that I worked with since I retired from the military, is to help them understand how to focus on operations, and what does it mean to have operations.”
The Army instilled the value of diligence in Jeff, and this proved to be truly beneficial in the long run. His diligence allowed him to approach potential threats or security breaches with thoroughness and consistency, encouraging his peers to carefully examine, analyze, assess, and document incidents with accuracy in order to reduce the risk of having similar issues happening again in the future.
The podcast also focused on the importance of building strong relationships with CIOs and the audit teams, as they are the ones who can help CISOs close security gaps. “If you have the right relationship with your CIOs, they can be the folks that can be your biggest proponents to get a meaningful change across your organization,” Jeff mentioned. “You definitely have to understand if their processes and what they’re trying to achieve intersect with what you’re trying to achieve."
For Jeff, one area of security that could use more focus is the protection of elevated privileges, as every major data breach that has ever happened involved the compromise of administrator credentials.
Focusing on the Cloud and building security automation around it, he notes the importance of integration and proper communication between the teams of analysts and developers after the first software build.
When asked what the new CISO means to him, Jeff reminded that human connections still play a key role. “This maps back to the relationships, internal to corporate environments, and that the new CISO needs to nurture these relationships,” noted Jeff. “You got to develop these human connections inside your organization, outside your organization to ensure that your strategy can be implemented and executed.”
Learn more about the Cloud’s security environment and how adversaries behave in the Cloud in detail by listening to Jeff Schilling on the full podcast. To know more about Teleperformance’s security strategies and capabilities, contact us today!