Security's Most Influential People in Security 2020 - Jinyu (Gene) Sun | 2020-09-03

Corporate Vice President of Information Security/Chief Information Security Officer, FedEx Corporation

Since being named FedEx CISO in January of 2018, Gene Sun has been guided by the principle that the most important factor in any cybersecurity program is trust. He has found that this trust has given him a license to operate with the FedEx C-Suite, his business peers, the Global Information Security team and the 500,000 FedEx team members around the world. Sun is responsible for securing digital assets and ensuring business continuity for the $69 billion global transportation and logistics company. He provides global leadership and strategic direction for information security, risk management and regulatory compliance.

Sun has expanded the influence of the CISO role at FedEx by initiating quarterly briefings with his executive peers throughout the FedEx enterprise. He knows how important it is for business and IT executives to work collaboratively to create more transparency and understanding throughout the company about the technologies and processes that are most effective for protecting critical business information. He uses this collaborative approach to convene business and IT leadership, along with subject matter experts, to develop and launch enterprise programs such as Zero Trust and the Global Segmentation of Enterprise Networks.

The trust the FedEx enterprise has in Sun is key as the cybersecurity landscape continually changes and requires constant evaluation of threats, new technologies and emerging innovations to protect the company. FedEx leadership has empowered Sun to deliver bold, game-changing solutions. Sun in turn empowers his team to do the same. For his organization, Sun has a singular vision, and he sets aspirational goals that challenge his team members to “stretch their security muscles” to meet the escalating trajectory of cyberattacks and threats. He regularly makes time for mentoring team members, and encourages his organization to learn and develop opportunities.

Sun has a vast knowledge of FedEx through his work in various areas, and he encourages his team members to do the same. To be successful within the cybersecurity profession, Sun says, “Go outside of your comfort zone by broadening your career experience beyond the cyber expertise. Before I moved to information security, for instance, I gained experience as a sales engineer, network administrator/web master and application developer. It is important to be able to speak ‘other languages’ and look at the larger picture beyond security to establish personal credibility. Those experiences will enable you to see how security should be integrated within the business and to make better risk decisions.”

Sun is a thought leader in the areas of cyber defense, digital transformation, the evolving CISO role, risk management and the importance of public-private partnerships. He is also a founding member of a cross-industry private sector collaborative group that focuses on global privacy and technology regulations.

Throughout his career, Sun is most proud of gaining support for the FedEx global cloud strategy. “This large, multi-year program enabled the company to take advantage of rapid innovation, agility, economic value and reduce our information risks at the same time,” he says.

Sun is a member of the Google CISO Advisory Board, a board member of the Open Networking User Group (ONUG) and an advisory member for Herf College of Engineering at the University of Memphis. He is a four-time recipient of the FedEx Five Star Award, the most prestigious award an employee can receive.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.