• Cloud Control
  • Posts
  • Beyond the Basics: Mark Milne on AI Innovations and the Power of Partnerships in Cybersecurity

Beyond the Basics: Mark Milne on AI Innovations and the Power of Partnerships in Cybersecurity

Beyond the Basics: Mark Milne on AI Innovations and the Power of Partnerships in Cybersecurity

Hi again everyone šŸ‘‹

Iā€™m excited to share this weekā€™s Cloud Control highlight - a fireside chat with cybersecurity veteran, Mark Milne, CISO at Westfield Insurance. Markā€™s a heavyweight in the cyber space, steering through the challenges with innovation and solid partnerships.

Mark gives us a peek into harnessing AI for defense and the power of alliances in crafting a resilient security posture. His experience spans giants like GoDaddy, Nu Skin, and American Express, making his insights invaluable whether youā€™re on the front lines or strategizing from afar.

So, take a moment and join us as we dive into lessons learned from Mark, one of the top CISO's in the gamešŸ‘‡

Mark Milne, CISO at Westfield Insurance

Question 1 šŸ’­

Mark, it's a pleasure to have you join us. To kick things off, could you share a bit about your background and what youā€™re focused on at Westfield Insurance? Tell us about the innovations or developments in the field that are currently getting you excited.

Answer 1 šŸŽÆ

Thanks for having me. I joined Westfield as CISO in 2022. I am responsible for the continued development and oversight of Westfieldā€™s information security program by providing strategies and action plans to protect Westfield in the areas of data protection, security monitoring and response, and regulatory compliance.

I joined Westfield from Nu Skin where I led the global Information Security and Privacy program responsible for protecting sensitive data and managing privacy for 70,000 independent affiliates and more than 1,000,000 customers. Prior to Nu Skin, my career focused on building and leading security, risk, and governance programs with KPMG, GoDaddy, and American Express.

Like many, Iā€™m currently interested in the innovations leveraging generative AI technologies within the information security space. As an example, how generative AI could be used to enhance SOAR by dynamically building playbooks based on events received.

Question 2 šŸ’­

Having dedicated more than twenty years to leading information security efforts across a range of industries, I'd love to hear about a particular strategy you've put into place that made a significant difference in a company's security stance. Could you also touch on some of the major challenges you encountered while rolling out these measures?

Answer 2 šŸŽÆ

Focusing on the hygiene of foundational controls found across industry frameworks (e.g., CIS, NIST-CSF) has consistently provided a positive impact within my security programs. There is an added benefit of referencing the frameworks as this also provides a reference point to report to stakeholders on progress and program maturity.

Beyond foundational controls, implementation of automation through SOAR has provided a force-multiplier in the protection of organizations. Not only have we been able to demonstrate hours of manual time saved in repetitive tasks, the SOAR work has significantly mitigated authentication attacks and areas of fraud.

Question 3 šŸ’­

In your journey through companies like American Express and GoDaddy, youā€™ve had to navigate some pretty complex cybersecurity landscapes. Whatā€™s your secret for staying ahead of cyber threats? Especially in industries that seem to be prone to said threats and hackers?

Enabling success has been achieved through organizational design that models the NIST-CSF framework with core teams aligned to GRC, Security Architecture & Engineering, and Threat Management. 

Mark Milne

Answer 3 šŸŽÆ

ā€œGreat vision without great people is irrelevant.ā€ - Jim Collins

Success has come through the teams I have worked with during my career. Iā€™ve been fortunate to have been surrounded by great professionals who are passionate and dedicated to their roles within cybersecurity. Enabling success has been achieved through organizational design that models the NIST-CSF framework with core teams aligned to GRC, Security Architecture & Engineering, and Threat Management.  Providing teams clear alignment to their roles, necessary training, and resourcing to be successful has proven a powerful formula in staying ahead of cyber threats.

Question 4 šŸ’­

Your expertise clearly leans towards the use of data and analytics in shaping strategies. Would you mind delving into a specific scenario where data analytics played a pivotal role in your approach to security and influenced your decision-making process?

Answer 4 šŸŽÆ

Formation of a security strategy is reliant on data driven decisions. I start with an information security risk assessment to identify and prioritize an enterpriseā€™s risks. The treatment of risks, including the security architecture and controls deployed, is then evaluated based on the reduction of risk provided by the investment made. This analysis and quantification of risk reduction provides solid support when discussing security investments with a companyā€™s CFO or other executive stakeholders.

ā

ā€˜Partnershipā€™ is the key wordā€¦I donā€™t want to work with vendors, I want partners who have my back and the company's interest in mind.

Mark Milne

Question 5 šŸ’­

I often hear you talk about building powerful partnerships and collaborations, and it seems to be one of your strengths.Tell us more about how these partnerships have impacted your security programs. Are there any specific collaborations that stand out you could tell us about?

Answer 5 šŸŽÆ

ā€˜Partnershipā€™ is the key wordā€¦I donā€™t want to work with vendors, I want partners who have my back and the company's interest in mind. One partnership I pay particular attention to is my incident response partners. Of course I want IR partners available in the event of an incident; however, I also look for IR partners who are readily available to work with me on complementary work that will enhance IR execution (e.g., security testing, execution of table-top exercises). 

Iā€™ve found IR partners are also fantastic guest speakers to join me in presenting to the board. Recently an IR partner presented with me to our board and it furthered the board's support to hear another perspective on the threat landscape and lessons learned from IR services performed for other companies.

Read the Full Q&A on Gomboc.ai

Whatā€™s New at Gomboc

In the magical land of Silicon Valley, where dreams and code converge, a tale is about to unfoldā€¦Imagine a sunny day in the Valley, with Kubernetes on the horizon, ready to set sail into production waters. But, as fate would have it, chaos ensues, and our beloved character, Streamline Willie, finds himself in the midst of a cloud conundrum šŸš¢šŸ’»

Watch Mickey as he goes on a rollercoaster of tech shenanigans, only to be saved by Gomboc šŸ’Ŗ

Latest AWS and Azure Updates You Donā€™t Want to Miss

Top Articles and Resources of the Week

Articles

Resources

  1. Federal Cyber Defense Skilling Academy: CISAā€™s Cyber Defense Skilling Academy provides federal employees an opportunity to focus on professional growth through an intense, full-time, three-month accelerated training program.ā€

  2. The Workforce Framework for Cybersecurity (NICE Framework): Learn more about the NICE Framework Categories, Work Roles, Competencies, and Task, Knowledge, and Skill (TKS) statements as well as the relationships between those elements in this downloadable PDF.ā€

  3. Workforce Management Guidebook - Cybersecurity is Everyone's Job: A publication that talks about cybersecurity from every business function and aspect of an organizationā€™s operation. It is written for a general audience who may not be knowledgeable about cybersecurity and can be read as a complete guide or by each business function as standalone guides.

  4. 7 Popular Cloud Security Certifications for 2024: This article provides a comprehensive overview of the top cloud security certifications for 2024, essential for professionals seeking to enhance their skills and career prospects in the rapidly evolving cloud security landscape.

  5. Cybrary.it: A platform for cybersecurity professionals at all levels, featuring free courses, certification training, and hands-on virtual labs designed to prepare users for the latest threats and vulnerabilities, making it a valuable resource for anyone looking to start or advance their cybersecurity career.