Chris Novak has a 20-plus-year track record of building and growing cybersecurity talent and successful teams. As Director of Verizon’s Threat Research Advisory Center (VTRAC), Novak has developed his current team to support both public and private sector clients across more than 100 countries with a truly global reach. The team provides a multitude of services, including digital forensics, incident response, cyber threat intelligence and penetration testing, among others. At Verizon, Novak also routinely leads the organization’s CISO Customer Advisory Board meetings, where he helps facilitate conversations between chief information security officers (CISOs) on important and timely topics.
Back when Novak first found himself designing and implementing basic security controls for organizations more than two decades ago, he found many organizations lacking security in their products, processes and operations.
After implementing firewalls and other security controls for organizations for a number of years, Novak learned about incident response and digital forensics. “There wasn’t a name to it then, but my colleagues and I realized that organizations around the world could benefit from these capabilities,” he says. “A lot of my early experiences were self-taught or learned together in a peer group since there weren’t many formal education opportunities in security back then.”
Teamwork and innovation helped Novak early on in his career, and he’s still a big proponent of teamwork within the industry today. “Cybersecurity is best operated and viewed as a team sport, as most of the problems and challenges are bigger than one person can solve. You need an army to be able to problem-solve and work through together,” he says.
Not only does teamwork help organizations create more mature, robust security programs, but Novak believes it also helps avoid burnout. “When you really create a team environment, it can help remove some of that stress from the individual. It doesn’t have to be all one person; everyone can benefit from having a team and knowing that there is always someone else there to step in, manage and help,” he says.
Part of creating strong teams is encouraging effective communication and, while critical to building a cybersecurity team — particularly a global cybersecurity team — it’s also one of the biggest challenges. “Everyone speaks differently, not just in language, but in how they communicate, and it’s critical to focus on how your team is communicating with one another to make sure that there’s no miscommunication which can lead to mistakes,” he says.
Novak’s impact on the industry goes far beyond Verizon and other organizations he has worked with during his career. He was one of the original authors of the first Verizon Data Breach Investigations Report (DBIR) going back more than 14 years ago, and he has continued to champion the well-respected report and others, such as Verizon’s Cyber Espionage Report and Insider Threat Report. According to Novak, the idea behind the creation of the DBIR was to present non-biased, research-driven analysis of data breaches and investigations, mirroring the concept of the National Transportation Safety Board’s Investigation Reports.
“It’s done in an unbiased way. It’s not about laying blame, but rather understanding what happened so we can make the future of cybersecurity safer as a whole,” he says.
Recently, in part, due to his contributions to the DBIR and work in the cybersecurity industry, Novak was appointed to the inaugural Cyber Safety Review Board (CSRB), created by President Biden’s Executive Order 14028. The CSRB is modeled after the National Transportation Safety Board and will meet in cases of significant cybersecurity incidents. “This is something I have dreamed about for years — to be a part of something that tackles the thorny issues of cybersecurity and really allows us to understand what happens when an incident occurs. From there, we can gain a level of insight that helps the whole industry move forward,” he says.
Novak is a firm believer that knowledge and intelligence can help enterprise and government cybersecurity become safer and more successful. In addition to his research work and appointment to the CSRB, Novak is also an active member of the cybersecurity industry, speaking at conferences, mentoring young professionals and offering insight, commentary and analysis on security topics to a wide range of media outlets, including CNBC, The Wall Street Journal, ABC and CBS. He earned a CISO certificate from Carnegie Mellon and holds his Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and Payment Card Industry Forensic Investigator (PCI PFI) certifications.
He makes sure to carve out time to participate and speak at industry conferences, remains active on LinkedIn and industry platforms, and mentors the next generation of cybersecurity leaders to encourage others, while also doing his part to bridge the cybersecurity skills gap that exists today.
Novak helped start a formal cybersecurity internship program at Verizon, and he also provides guidance to other organizations on creating similar programs. He frequently participates in external mentorship programs, provides career advice and serves on the Ithaca College advisory board, giving insight to the college on its cybersecurity curriculum and student mentorship programs.
“I look at the cyber gap through two lenses,” he says. “One is very broad in the sense that the biggest concern is how do we get more people involved in this industry. There are just not enough people playing defense against the offense right now at a macro level, and it’s hard to win if you don’t have enough people. I try to encourage and mentor others, but I also think it’s important to talk about organizations changing their mindset. It’s important for the industry to have an open mind, looking for diverse candidates from a variety of backgrounds. Reevaluating what you are looking for in candidates and opening up the aperture is incredibly important. If you don’t do that, you miss a lot of great people out there. We need to take more chances on people and be willing to make investments.”