What is it like to not only be a CISO but to also be one in a large, global organization? I recently had the pleasure of speaking with Mark Ruchie, CISO of Entrust, a global tech firm securing data, payments and identities. Mark shared his unique journey into cybersecurity, and he went on to offer excellent advice about how companies of any size can succeed in building a reliable cybersecurity program that fulfills both the needs of security as well as the requirements of a business that must adhere to multiple regulatory requirements.

Joe Pettit: I would love to hear a bit about your journey into cyber security and how you ultimately became a CISO.

Mark Ruchie: My journey into security was not of my own doing. In 1986. I was a second Lieutenant in the U.S. Air Force, and much like other people who’ve been in the military, you’re assigned a job. My job was something called, “Computer Security Officer.” I remember being rather disappointed because I was more interested in becoming a “real” computer person. I thought that was really the cutting edge. So, in 1986, I was handed one of the original Orange Books, which was one of the original data confidentiality books that were out there. I still have it to this day, and it’s probably more a historical remnant than anything.

I was pretty bored at the time because I thought that it was just a paperwork exercise. I left that after four years to work in Operations, which I really thought was where everything important was happening. However, I was always sucked back into security. Then in 1991, security changed. We had new Computer Emergency Response Teams (CERT) and network intrusion detection devices, and this really caught my interest. I (Read more...)