Ron Gibbs

Vision

Cybersecurity vs Business Needs

  • Security too often has been viewed as an afterthought, an insurance policy as the business grows its' online presence. It is perceived as a cost overhead to businesses where its value is only realized as the result of resolving an attack. Companies may question the need for security if they haven't been attacked. This is a very narrow perspective and can lead a company into a vulnerable state where it can be severely jeopardized by a threat actor.
  • Instead, security should be thought of as a value proposition. When security is built into the business strategy of the company, value is created. The role of security is to help the business understand where an attack might happen, what the impact and likelhood of an attack may be, and what the potential ramifications of an attack may mean. If the business can't move forward because of weak security, or lack of understanding of what security means, they will wait and may be overtaken by their competitors.
  • This starts by understanding what and where  the company's data assets are and the value of that data to the company. To be effective, one need not apply the same level of protection on t everything. Rather, one must start with protecting the data assets that produce the most value to the company's growth and survival. One then maps those data workflows and builds protections around these flows and asset endpoints. As the company grows both in its cybersecurity maturity and understanding of it's value assets, it can expand it's cybersecurity presence accordingly, thus increasing its value to the company.

 

Program Management

  • Program management can be challenging enough, but Cybersecurity program management can be even more so due to the perceived lack of 'ROI' when compared to other programs that generate revenue and assist in the company's growth. As such, it is even more critical that a cybersecurity program manager build a strong base of support with key stakeholders prior to engaging in any project within the portfolio. Key elements for successful program/project management include:
    • Make sure you've identified all stakeholders, that they see the value proposition in the project, and that they fully support it. Leadership must be involved at a sponsorship level. One must articulate the need, the resources, costs, value to business, and consequences of not moving forward with the project. In as much as possible, generate an ROI with supporting benificial numbers.
    • Once approved, agree with the stakeholders on the level of involvement that each team will need to commit to and when they are expected to contribute based on the plan. It is critical that the teams commit prior to launching the project so that when the project is in motion, one isn't forced to negotiate and possibly escalate to meet timelines. 
    • Understand that 'life happens'. People get sick, request vacations, emergency priorties come up, etc. It's important to build a buffer into the timeline to address these concerns as well as have contingency plans, especially for critical aspects of the project.
    • Communicate frequently, through emails, meetings, scrum sessions, web posts, etc. Different stakeholders will require different levels of commmunication so adjust for it.
    • Choose a methodology that works best for the project but be aware that every project has different needs and may not all fit within a defined methodology.
      • Waterfall works great for linear projects, hardware installations, etc.
      • Agile works best for software projects, enhancements, small phase projects.
      • Hybrid is a mixture of both agile and waterfall and can be an effective tool if certain portions of the project allude to both linear and enhancement phases.
      • Set up scrum sessions for projects or portions of projects that would benefit from it such as coding.
    • Build connections with the people on the team through showing your enthusiasm, integrity, and competence in the project. Do your homework and anticipate possible problems. Your team will thank you for it when these problems occur.
    • Wrap up the project once its been operationalize with a meeting to celebrate your successes and learn from any areas needing improvement. Often, its easy to just go on to the next project, but it's important to recognize the work people have done and what we've learned before moving on.

 

People  Management

  • I am neither a hands-on or hands-off manager. My first career was teaching high school and college science and I learned that to reach a diverse audience, one needs to understand that everyone learns and responds in different ways. Some people are great at taking a request and running with it to completion with very little guidance. Others may want more details and frequent checkins to validate what they are doing. Communication is the key to successful people management. I want to understand not only how my employees learn and respond, but what they are passionate about and what they want to accomplish within the company and in their career. I want to put them in positions where they can exercise their passion, provide them the tools and training they need to be successful. I strive to be the type of people manager where my employees can discuss openly their challenges so that we can mitigate or lessen those difficulties through teamwork and positive vision.

 

Certifications

  • Certified Information Security Manager (CISM) #1841436

  • Certified Incident Handling Engineer (CIHE) #14282-162-075-8681

  • ISO 27001 Lead Auditor (TPECS)

  • Certified Project Manager (CPM)

  • Project Manager Professional (PMP)