Broad Knowledge is Power: Building a Better Security Team with Bryan Willett
Podcast Transcript | Air Date September 22, 2022
Listen to Steve and Bryan discuss how to build a diverse security team and the skills needed to be a better CISO:
Meet Bryan (1:50)
Host Steve Moore introduces our guest today, Bryan Willett. Bryan has worked at Lexmark for over 25 years and prioritizes minimizing risk for the business.
With a unique scope of duties, Bryan has worked his way up the ranks and monitors security trends, such as supply chain measures. Ultimately, he understands the importance of collaboration to keep all company areas safe.
The Road Travelled (5:37)
Beginning his career in firmware development, Bryan wanted to transition into a position where he could learn more about the product development pipeline and work with people. He then went down the product management track, which set him up for the leadership side of the field.
The Best PM (10:27)
When asked about his stepping stone from product manager to manager, Bryan reflects on what motivates him to work hard and improve the team around him.
Feeling Intimidated (13:00)
Steve presses Bryan on how intimidation and imposter syndrome impacts career goals.
Bryan shares that he’s primarily looking for team members who are jacks of all trades and that he believes having a diverse set of knowledge will set you up for success. With multiple skills, you will be able to work well in the security field, even if it’s initially uncomfortable.
Developing as a CISO (16:26)
Bryan shares what CISOs can do in their position to develop further. Once getting into a management position, you should always support your team and prepare them for their subsequent roles.
Improving as a Salesperson (24:02)
As you pitch executive leadership on programs you want to implement, make sure you can explain what you need simply, without technical jargon, to convey the key points you are trying to make. Crafting a clear elevator pitch will help you make the sale.
Solving Business Problems (31:18)
Early in Bryan’s career, Lexmark was experiencing challenges due to the nature of the printing industry. Noticing that the company could experience a certain level of risk, Bryan built a highly capable team to harden the system and create a security development lifecycle for both the company and the customers.
Third-Party Risk Management (38:16)
When Bryan started his third-party risk management program at Lexmark, he had to partner with the procurement and legal team. Due to experience with other aspects of the business, Bryan was well-prepared to oversee this endeavor and communicate with others about their needs.
Business Savvy (42:07)
Steve presses Bryan on the future of CISOs.
Considering the CISO today, Bryan understands they likely worked their way up in the security field. However, Bryan recognizes that this field will mature as we uncover new risks, and the CISO role will change with it. Bryan predicts that future CISOs will have the immense business knowledge to keep the company moving and make necessary trade-offs.
The New CISO (45:47)
To Bryan, being a new CISO means focusing on diversity in the workplace by hiring individuals different than you. It’s essential to understand your weaknesses and fill in the gaps with other talented security professionals who can make your team complete.