Mark Dunkerley says he always aspired to be a senior leader in his career. His years of playing soccer at a competitive level and ultimately winning a Division II NCAA national championship prepared him to lead in his professional life. Earning his Master’s degree in business and spending years as an adjunct professor helped him prepare as well.
While pursuing his undergraduate degree in computer management systems at Lynn University, Dunkerley worked in the information technology (IT) department there, and he says it was the early start of his security career. Since that time, he’s held IT roles at a number of organizations within healthcare and education.
“Over 20 years, I’ve had many security roles informally, and I’ve always been a big proponent of security, but I would say when I joined the Coca-Cola System, I finally had a formalized role,” he says.
When Dunkerley joined The Coca-Cola Company, Bottling Investments Group in 2015, he worked as Manager, Collaboration, Mobile & Security. In 2017, his role evolved into Senior Manager, Cybersecurity & Architecture for Coca-Cola Business Services North America, helping to build out the architecture and security functions within the organization. Later, he moved to his current role at Coca-Cola Bottlers’ Sales and Services, LLC (CCBSS), an independent company within the Coca-Cola System, where he is Director, IT Architecture & Cybersecurity.
In his position, Dunkerley is responsible for IT architecture and cybersecurity, delivering secure technology solutions and services for the organization that supports almost 70 independent North American Coca-Cola bottlers. On the IT architecture side, Dunkerley oversees new technologies, processes and procedures within the company, helping to identify risks before and during deployment.
Dunkerley and his team have built a cybersecurity program from the ground up at CCBSS to include vulnerability management, vendor risk management, identity and access management, security operations center oversight, security awareness and training, application and data security, incident and response management, regulatory and compliance, zero trust architecture and more.
“Having IT architecture and cybersecurity together allows us to be more efficient and get in front of the business early on in the journey of new technologies or ideas from a risk and security perspective. A lot of times, security gets pulled in later or too late for those conversations, but if you can provide feedback during the build or design phase, your team can really help to do more to secure the company moving forward. You can identify those risks early and work with everyone to help reduce the risk and make the company safer,” he says.
Dunkerley says that building a team based on trust is critical in this field, not only for cohesion within the department itself, but also for its success within the greater enterprise. “The foundation of a successful and winning team, in general, is trust, not only for those you work with directly, but throughout the broader organization,” he says. “Cybersecurity can come across as intimidating or as an inconvenience to the business, and so you build that culture to break those barriers, demonstrating that you are a partner to the business and are there to truly help make the business successful.”
In addition to building trust within your team and within the organization as a whole, Dunkerley says that, over the years, he has learned the criticality of adopting the mindset of “when and not if an event will occur.” The view is increasingly important as the cybersecurity threat landscape continues to evolve and expand.
“In security, when you take this mindset of preparing for an event that will occur, it helps your teams focus on a few areas: the first one being protection,” he says. “When you focus on protecting the environment, it necessitates security teams to continuously review, evaluate and adapt their environment to continue to reduce risk. It also lends itself to a layered security approach, which is arguably an important fundamental approach to any cybersecurity program.”
When the focus is on protection and preparation, security leaders will naturally evaluate their communication and response initiatives. “When you focus on how you will respond to an event, it necessitates evaluating your cybersecurity response plans, ensuring everything is well-documented,” Dunkerley says. Part of that evaluation, he says, should include tabletop exercises and testing your team regularly with possible scenarios. Such exercises allow security leaders to evaluate and adjust those dedicated response plans based on pain points and mistakes made during practice.
“It’s about preparing to respond efficiently to an event. If you can respond as efficiently as possible, the recovery is faster, there is less downtime for the company, everyone can be back online faster, and the business can keep going. That’s huge,” he says.
One other major benefit that comes from preparation and practice within cybersecurity is lessons learned from others — and Dunkerley believes that’s a key to successful cybersecurity programs as well as his own career. “I’m big on knowledge sharing. I have personally benefitted from being on vendor-customer advisory boards, talking at conferences, and speaking and collaborating with other security leaders,” he says. “I think it’s so important to help others and continuously share what’s going on out there.”
In addition to sharing knowledge and networking with other security and IT professionals on LinkedIn and through other events, Dunkerley has also had the opportunity to reach an even greater audience as a book author. His latest book, “Mastering Windows Security and Hardening,” has proven so popular that a second edition is underway.
“It’s very rewarding,” he says. “If you can share information and help someone else, it’s a way to pay it forward. I’ve been lucky enough to have that opportunity throughout my career.”