Securing a Seat at the C-Suite in 2016: A Security 500 West Overview

Robert Jones, Deputy Assistant Director for Counterintelligence at the FBI, spoke about corporate espionage risks and public-private partnerships to a packed house at this year's Security 500 West, sponsored by G4S.

May 26, 2016

More than 60 enterprise security leaders attended this year’s Security 500 West conference in Los Gatos, California, on May 17, and they participated in high-level panels and conversations about how CSOs and security directors could make a bigger impact on the organization without squashing innovation or compromising the enterprise’s culture – an understandably hot topic in Silicon Valley.

Sponsored exclusively by G4S and moderated by Lynn Mattice of Mattice Associates, this year’s conference kicked off with a keynote address from Robert Jones, Deputy Assistant Director for Counterintelligence at the FBI, about corporate espionage on U.S. companies. He recommended that enterprises educate their employees on the methods of targeting and theft, as corporate espionage involves much more than dumpster diving for discarded files now. Around 50 percent of espionage cases have insider help, he says, whether it’s intentional or not.

The keynote was followed by several panel discussions, including Q&A sessions with the audience. The “Securing High Tech Companies without Squashing Innovation” panel included security leaders from Twitter, Square and Citrix. Many Silicon Valley companies are run by very young CEOs and staffed by recent college graduates, says Michael John, Director of Global Security and Safety for Citrix, so his team is focusing more on “holistic employee care” instead of being the “corporate cops.” This means educating new college graduates about safety and risk in general, helping to create a safe workplace and a safe work environment, both on campus and off.

John added: “You build (successful security) programs based on trust, not paranoia.”

Next, panelists from Principal, Boeing and Microsoft discussed how they design, build and use global security operations centers (GSOCs) in their enterprises. One of the main challenges was how to choose new technology to integrate into the GSOC that will scale to an enterprise level and continue to provide value for a longer period of time. Another challenge was how to show the GSOC’s value. According to Sandy Cowie, Director of Global Security and Business Continuity for Principal, she tries to demonstrate the impact of the GSOC’s actions – how it is helping employees live their best lives.

The final panel of the day centered on building security’s brand, and panelists’ experiences ranged from Marty Lev at Snapchat building a new security program for a massive app to tweaking or inheriting an existing security program, such as with Tom Mahlik of MITRE. This panel also covered adjusting your personal security focus during a job change. Jana Monroe, now VP or Global Security and Safety for Herbalife, had to shift her approach to security from the strict, straightforward mission at her former position at Southern California Edison to a softer approach, with monthly and daily reminders of security facts and missions: “Security and Safety is Everyone’s Responsibility” is her department’s motto.

Mahlik, Director of Global Security for MITRE, says that instead of the old-fashioned security mindset of “guns, guards, gates and geeks,” the galvanizing theme for MITRE’s security is “P2I: Protecting, Partnering, Informing.” For Lev at Snapchat, he adds: “Know your product, know your brand… No one started a company to be secure – security happens along the way.”

If you’re interested in participating in the next round of high-level security leadership discussions and networking, registration is now open for the Security 500 Conference in Washington, DC, on November 14, 2016. Apply to attend at Security500.com

With the advent of Internet of Things (IoT) technology and Industrial Internet of Things (IIoT), the cyber security practices are increasingly getting integrated with the physical security practices.

We will provide insight on NDAA Section 889 and how the act has evolved and impacted business, so that organizations can better mitigate risk and stay compliant.