The Perspective of a Cyber Security Leader – An Interview with Bill Boni
Who is Bill Boni?
Retired former Senior Vice President Information Security at T-Mobile USA and Corporate Security Officer at Motorola
Bill Boni’s Biography
Bill Boni is one of the leading information risk management practitioners based in the USA, with broad experience in all aspects of creating, sustaining, and transforming security protection for organizations. Bill is a visionary information security leader with an outstanding track record of leading IT security organizations in the Fortune 100. He has direct experience with Federal/state governments, high technology, biotech, aerospace/defense, and banking segments and operations across the globe.
Millennium – Bill, can you give us a brief understanding of the primary responsibilities of a head of IT security in a Fortune 100 organization?
Simply, the head of IT security is responsible for protecting the company’s communications, systems, and resources from cyber threats.
They are also responsible for all aspects of the company’s security, including its workforce, systems, and other technology. The chief information security officer (CISO) or head of IT security leads an ever-growing organization within the information technology team and is now wearing an increasing number of hats including managing critical partner relationships That said, the primary responsibility is to translate complex business concerns into efficient information security policy.
Further, the CISO is responsible for ensuring the alignment of cyber security and business objectives within their organization. They should facilitate communication between cyber security and business stakeholders; their job is to keep the business protected and operating effectively. This includes translating cyber security concepts and language into business concepts and language, as well as ensuring that business teams consult with cyber security teams to determine appropriate security controls when planning new business projects. Additionally, as the CISO is responsible for the development of their organization’s cyber security program, they are best placed to advise projects on the strategic direction of cyber security within their organization.
Millennium – What does the security landscape look like for professionals in your position?
Bill Boni – The COVID-19 pandemic had an enormous impact globally. It disrupted the work from an office model that we had all been so accustomed to and thus, how companies operated. Because of the chaos, changes to the cyber landscape increased at an unprecedented pace. Some of the trends that powered these changes and continue to fuel them are:
- Increased Use of Internet of Things (IoT)
About 56 federal agencies in the U.S. reported using Internet of Things (IoT) technologies and most of the leaders in the technology field will see the number of connected devices increase to over 10.07 billion this year.
- Rapid Adoption of the Cloud
Global public cloud end-user expenditure is expected to grow by over 18% this year.
- Digital Transformation
IT spending is expected to hit $3.9 trillion this year and spending on digital transformation technologies increased from $1 trillion in 2018 to $2.39 trillion in.
- Work-From-Home Model
Over 70% of all departments and teams are expected to have remote workers by 2028.
With an expanding attack surface comes cybercrime. Globally, cyberattacks have skyrocketed by over 400% since the start of the pandemic, making it imperative to identify and deflate cyberthreats for the health and future of your business.
Millennium – How do you create a security organization that can handle the people, processes, and technology required to secure a Fortune 100 company?
Bill Boni – It’s critical to not only build a viable internal security team but also create reliable external partnerships. It is not cost-effective to run a 24x7x365 Security Operations Center made up of only internal resources. Further, no organization can have specific experts in every area of technology that makes up a security program. To give you an example, I managed the consolidation of cyber security technologies when our company merged with another organization of a similar size. We had 120 security technologies we had to evaluate to create a best-of-breed solution that included just under 60 technologies.
If I didn’t have a trusted partner like SecureOps to augment and empower my team through the process, choosing the right technologies and transforming our organization would have been far more difficult.
Millennium – What is critical about developing those external relationships?
Bill Boni – You have to find partners with the right expertise, the flexibility to deal with a dynamic, ever-changing set of client needs, and the commitment to help clients improve their security defenses and posture over time.
Millennium – Can you provide an example of what you mean when you discuss dynamic security environments?
Bill Boni – Organizations are always adding, moving, and eliminating systems, proprietary company information, customer information, 3rd party partners, and their own security technology. Most security partners want to provide a packaged solution and price it for a year or two. Any changes to that package require red tape, extra costs, and internal administration. That just isn’t working for security teams in the dynamic environment that we’re in.
Millennium – How did you know when you found external resources or partners that would provide value?
Bill Boni – Ultimately, it comes down to delivering effective risk management. Meaning, stopping breaches cost-effectively. Partners who can provide insight as to where your vulnerabilities may be versus those that react after your vulnerabilities have been exploited provide value.
In addition, when you are making security investments in new technology or changing processes, a partner that can provide expertise and best practices is invaluable. I’ve worked with organizations that would not provide assistance outside the scope of the letter of the contract. That is difficult because ultimately, you are one team with one goal.
Millennium – Are security technologies like SIEMs, Firewalls, and Endpoint Detection solutions more difficult to manage now?
Bill Boni – Yes, the configurations, management, rules, and constant threat intelligence that needs to go into the customization of these tools is overwhelming for teams. In addition, the number of alerts and events that are generated that need to be investigated is massive.
Security partners often have experts that span these technologies and have individual expertise in each technology. The value to an organization like mine is that I can’t have to have an expert to manage each tool and technology. Organizations like mine would have to hire someone for 90 days or 120 days to implement a technology and then terminate them. That’s not the type of culture we wanted to create. We have to rely on a partner that has these experts, and one that is on the leading edge of best practice implementation and management.
Millennium – You talked about a massive number of alerts, events, and even incidents that organizations are now facing; how do respond with an investigative process?
Bill Boni – Handling the escalation and investigation of alerts and incidents is one of the most time-consuming tasks in a security operations center and certainly the key role of our primary partners. When our security analysts investigate an alert, they take each one very seriously. They are pulling and analyzing logs to figure out if this is a threat to the organization and if so, how do they mitigate the threat. The role of a partner in the escalation and investigation phase is both partner with us with the number of threats overwhelming our staff and to pick up where we leave off when the analyst day ends.
Bill Boni – We can’t pause an investigation and leave a threat in the middle of the kill chain; we don’t know what kind of damage it might do. We need a flexible, reliable, knowledgeable partner that can handle an investigation when we can’t.
Millennium – Are business leaders taking the risk of attack more seriously now?
Bill Boni – In some cases, they are, but certainly not all. Business leaders really need to begin analyzing the business risk of an attack. That is, what financial damage from a brand and customer loss perspective may occur if an attack is successful.
We are consistently analyzing our business risk and using risk management techniques with our security partner to minimize that risk. I mentioned before that I’ve worked with security partners who provide a standard solution – that can’t work in this environment. Business risk changes constantly and is dependent on dozens of factors. If I can’t find a partner that can tailor a solution to minimize my business risk and be flexible enough to address the changing environment, I leave the business unnecessarily exposed.
To Learn More About How SecureOps Can Help Protect Your Organization or If You Have Been Attacked Please Call Us – as Always, We Are Happy to Help – 1 (888) 982-0678.
You Can Also Fill Out Our Contact Form to Talk with a Security Specialist – https://www.secureops.com/contact-us/