During the Great Recession, Bob Thibodeaux — now a Chief Information Security Officer (CISO) at DefenseStorm — was laid off. While being unemployed in Seattle with thousands of other IT professionals was challenging, being laid off in 2009 changed his life forever, as it led him to find his passion for cybersecurity. “I decided to switch to cybersecurity and started my work to gain the Certified Information Systems Security Professional (CISSP),” he explains.
Another experience that put him on the path to a security career? His love for James Bond, military espionage and the greater good. “As a kid growing up in the 1960s, I loved the James Bond movies, watched the series, and read all the books.” In his own way, Thibodeaux is a version of James Bond, protecting businesses from threat actors — nation-states, cybercriminals or hacktivists — while working to increase business resilience.
His love for espionage and a higher purpose led him to the United State Air Force (USAF) in 1972. While he served as an aircraft mechanic, everybody knew Thibodeaux was a computer geek. “I performed help desk duties, email server administration, server administration and mainframe terminal support, and I loved it so much,” he explains. “I thought, ‘This is my vocation.’”
When he left the USAF in 1994, his goal was to transition from aviation management to information technology (IT). While the transition from military service to IT was not difficult, it was definitely a risk. “Making a career change and moving a family of five from Ramstein, Germany to Seattle was a challenge,” he says. He landed his first job as a contractor for Providence Seattle Medical Center and was hired full-time within three months.
Since then, Thibodeaux has worked as an individual contributor, manager and director in every area of IT operations — help desk, systems administration, network administration, network management, network engineering, storage and backup engineering, and Windows Server back office.
Having held positions in the military and private sectors has equipped him with critical life skills.
At The Seattle Times, Thibodeaux says a chief information officer taught him that business acumen was critical to adding value as an IT/cybersecurity leader. “Knowing your business, understanding the laws and regulations associated with the business is critical,” Thibodeaux says. “It will help you translate your value into what the business is doing, as well as reframe cybersecurity into a business enabler to support agility, innovation and growth.”
He sees himself as a business enabler, and not a policy enforcer. “While there certainly should be rules and procedures, you need to find a balance between security and innovation. Innovation requires being open to taking risks,” he says. Security should enable innovation while still protecting data, assets and systems and ensuring compliance with regulations.
Another critical life skill to have as a security leader is learning not to panic, he says. “In the security business, we deal with the risk of failure. You have to be thick-skinned and really resilient because bad things are bound to happen,” Thibodeaux explains. “Being even-keeled, taking a deep breath and solving problems will take you far as a security leader.” All these critical life skills have served him well in his leadership journey, as well as in establishing and managing security programs and departments.
Since joining DefenseStorm in 2015, Thibodeaux has designed, authored and established an information security management system based on ISO 27000 series standards to meet compliance requirements in under 45 days; led the team effort to achieve Security Operations Center (SOC) 2 Type 1 attestation for a DefenseStorm offering; developed risk treatment plans for users and provided reports with a scorecard and risk treatment options to improve security posture; established a SOC to provide incident response and other managed services; and developed and implemented vulnerability and risk assessments that include physical security, security/culture awareness, and network and system security testing.
When asked what’s next for him in his work, Thibodeaux says he is looking forward to retirement in the next year and moving toward consulting and volunteer work with local high schools and colleges to train and mentor the next generation. “I am looking forward to traveling, fishing and learning a new passion,” he says.
While Thibodeaux is looking forward to retirement, it’s been his greatest joy to create a program at DefenseStorm based on trust and empathy and build a team that is passionate and dedicated to the mission of protecting businesses and people. “I am proud of the fact that I consider myself an ordinary guy and a nice one too,” Thibodeaux says. “To me, kindness, compassion, empathy and a dedication to the greater good are critical life skills.”