At Safelite Group, an American provider of vehicle glass repair, replacement and recalibration services, headquartered in Columbus, Ohio, Grant Sewell has built the security team from the ground up.
When he first started at Safelite, there were two security employees, including him. Since then, he has recruited a strong team and championed the benefits of security at all levels of the organization. “Coming into a new organization, my first task was to learn the business. I spent months meeting with leaders, going on ride-alongs with our field team, and getting know our culture. Once I understood that, we needed a security strategy that was based on those values and we needed to grow the team. We started by choosing a framework that not only met our needs, but also the overall needs of our clients and customers. Choosing NIST CSF and 800-53, we conducted an assessment to prioritize key investments,” he says.
This not only resonated with his leadership team, but also helped solidify the importance of security with his business leaders because Sewell used a clear, quantifiable approach to the investment strategy. He explains, “We have also had a lot of success partnering with security startups and innovative companies with big ideas that were looking for partners to help them grow. We've been able to accelerate our security journey by investing in these companies that are just as forward-thinking as we are. We've succeeded in improving our security posture by knowing what was important to our business and building on our culture to raise the enterprise’s security posture in several key areas.”
As an architect, Sewell led multiple complex projects to improve the security posture during his tenure at Fifth Third Bank. As a leader, he has been recruited three times to establish and manage world-class security programs for global organizations, including The Scotts Miracle-Gro Company.
“While I was at Scotts Miracle-Gro, our security team put together one of the best cybersecurity awareness month programs I've ever been a part of. We handed out laptop stickers and company swag; every week a different associate would give a presentation or write an article on the intranet, and we capped off the month with a live trivia game show (Cyber Trivia LIVE!) that I had the privilege of hosting,” Sewell says. “It was a little corny, but all of our business lines participated and gave great feedback on the experience. Best of all, we made our associates comfortable in asking questions and reporting security issues. Overall, it was a really positive swing for the company’s security culture and became an annual event that associates looked forward to.”
Though Sewell does not consider himself an artist, he has always enjoyed graphic design as a hobby. Out of frustration, he was joking with coworkers about managing vulnerabilities and why people can’t just “patch their [stuff].” He thought to himself, “that’d make a great sticker.” Sure enough, he made it and put it on his online store, and people loved it. Today, he has more than 55 different designs (many of them cybersecurity related) and brings these stickers, pins and other “swag” along with him to conferences and events to hand out. “People really get a kick out of them. I know they’re a little snarky, but we have to remember there’s not just one way to educate people,” he says.
Currently, Sewell sits on the board for the Central Ohio Chapter of (ISC)² and serves as board secretary for the Retail and Hospitality ISAC (RH-ISAC).