- Cloud Control
- Posts
- Beyond the Basics: Mark Milne on AI Innovations and the Power of Partnerships in Cybersecurity
Beyond the Basics: Mark Milne on AI Innovations and the Power of Partnerships in Cybersecurity
Beyond the Basics: Mark Milne on AI Innovations and the Power of Partnerships in Cybersecurity
Hi again everyone š
Iām excited to share this weekās Cloud Control highlight - a fireside chat with cybersecurity veteran, Mark Milne, CISO at Westfield Insurance. Markās a heavyweight in the cyber space, steering through the challenges with innovation and solid partnerships.
Mark gives us a peek into harnessing AI for defense and the power of alliances in crafting a resilient security posture. His experience spans giants like GoDaddy, Nu Skin, and American Express, making his insights invaluable whether youāre on the front lines or strategizing from afar.
So, take a moment and join us as we dive into lessons learned from Mark, one of the top CISO's in the gameš
P.S. Was this email forwarded to you? If so, sign up to receive Cloud Control interviews delivered to your email each week here.
Mark Milne, CISO at Westfield Insurance
Question 1 š
Mark, it's a pleasure to have you join us. To kick things off, could you share a bit about your background and what youāre focused on at Westfield Insurance? Tell us about the innovations or developments in the field that are currently getting you excited.
Answer 1 šÆ
Thanks for having me. I joined Westfield as CISO in 2022. I am responsible for the continued development and oversight of Westfieldās information security program by providing strategies and action plans to protect Westfield in the areas of data protection, security monitoring and response, and regulatory compliance.
I joined Westfield from Nu Skin where I led the global Information Security and Privacy program responsible for protecting sensitive data and managing privacy for 70,000 independent affiliates and more than 1,000,000 customers. Prior to Nu Skin, my career focused on building and leading security, risk, and governance programs with KPMG, GoDaddy, and American Express.
Like many, Iām currently interested in the innovations leveraging generative AI technologies within the information security space. As an example, how generative AI could be used to enhance SOAR by dynamically building playbooks based on events received.
Question 2 š
Having dedicated more than twenty years to leading information security efforts across a range of industries, I'd love to hear about a particular strategy you've put into place that made a significant difference in a company's security stance. Could you also touch on some of the major challenges you encountered while rolling out these measures?
Answer 2 šÆ
Focusing on the hygiene of foundational controls found across industry frameworks (e.g., CIS, NIST-CSF) has consistently provided a positive impact within my security programs. There is an added benefit of referencing the frameworks as this also provides a reference point to report to stakeholders on progress and program maturity.
Beyond foundational controls, implementation of automation through SOAR has provided a force-multiplier in the protection of organizations. Not only have we been able to demonstrate hours of manual time saved in repetitive tasks, the SOAR work has significantly mitigated authentication attacks and areas of fraud.
Question 3 š
In your journey through companies like American Express and GoDaddy, youāve had to navigate some pretty complex cybersecurity landscapes. Whatās your secret for staying ahead of cyber threats? Especially in industries that seem to be prone to said threats and hackers?
Enabling success has been achieved through organizational design that models the NIST-CSF framework with core teams aligned to GRC, Security Architecture & Engineering, and Threat Management.
Answer 3 šÆ
āGreat vision without great people is irrelevant.ā - Jim Collins
Success has come through the teams I have worked with during my career. Iāve been fortunate to have been surrounded by great professionals who are passionate and dedicated to their roles within cybersecurity. Enabling success has been achieved through organizational design that models the NIST-CSF framework with core teams aligned to GRC, Security Architecture & Engineering, and Threat Management. Providing teams clear alignment to their roles, necessary training, and resourcing to be successful has proven a powerful formula in staying ahead of cyber threats.
Question 4 š
Your expertise clearly leans towards the use of data and analytics in shaping strategies. Would you mind delving into a specific scenario where data analytics played a pivotal role in your approach to security and influenced your decision-making process?
Answer 4 šÆ
Formation of a security strategy is reliant on data driven decisions. I start with an information security risk assessment to identify and prioritize an enterpriseās risks. The treatment of risks, including the security architecture and controls deployed, is then evaluated based on the reduction of risk provided by the investment made. This analysis and quantification of risk reduction provides solid support when discussing security investments with a companyās CFO or other executive stakeholders.
āPartnershipā is the key wordā¦I donāt want to work with vendors, I want partners who have my back and the company's interest in mind.
Question 5 š
I often hear you talk about building powerful partnerships and collaborations, and it seems to be one of your strengths.Tell us more about how these partnerships have impacted your security programs. Are there any specific collaborations that stand out you could tell us about?
Answer 5 šÆ
āPartnershipā is the key wordā¦I donāt want to work with vendors, I want partners who have my back and the company's interest in mind. One partnership I pay particular attention to is my incident response partners. Of course I want IR partners available in the event of an incident; however, I also look for IR partners who are readily available to work with me on complementary work that will enhance IR execution (e.g., security testing, execution of table-top exercises).
Iāve found IR partners are also fantastic guest speakers to join me in presenting to the board. Recently an IR partner presented with me to our board and it furthered the board's support to hear another perspective on the threat landscape and lessons learned from IR services performed for other companies.
Read the Full Q&A on Gomboc.ai
Whatās New at Gomboc
In the magical land of Silicon Valley, where dreams and code converge, a tale is about to unfoldā¦Imagine a sunny day in the Valley, with Kubernetes on the horizon, ready to set sail into production waters. But, as fate would have it, chaos ensues, and our beloved character, Streamline Willie, finds himself in the midst of a cloud conundrum š¢š»
Watch Mickey as he goes on a rollercoaster of tech shenanigans, only to be saved by Gomboc šŖ
Latest AWS and Azure Updates You Donāt Want to Miss
Top Articles and Resources of the Week
Articles
Resources
Federal Cyber Defense Skilling Academy: CISAās Cyber Defense Skilling Academy provides federal employees an opportunity to focus on professional growth through an intense, full-time, three-month accelerated training program.ā
The Workforce Framework for Cybersecurity (NICE Framework): Learn more about the NICE Framework Categories, Work Roles, Competencies, and Task, Knowledge, and Skill (TKS) statements as well as the relationships between those elements in this downloadable PDF.ā
Workforce Management Guidebook - Cybersecurity is Everyone's Job: A publication that talks about cybersecurity from every business function and aspect of an organizationās operation. It is written for a general audience who may not be knowledgeable about cybersecurity and can be read as a complete guide or by each business function as standalone guides.
7 Popular Cloud Security Certifications for 2024: This article provides a comprehensive overview of the top cloud security certifications for 2024, essential for professionals seeking to enhance their skills and career prospects in the rapidly evolving cloud security landscape.
Cybrary.it: A platform for cybersecurity professionals at all levels, featuring free courses, certification training, and hands-on virtual labs designed to prepare users for the latest threats and vulnerabilities, making it a valuable resource for anyone looking to start or advance their cybersecurity career.