Q & A with Nathan McBride
Vice President of Global Information Technology, Orchard Therapeutics
In an interview with Nathan McBride, Vice President of Global Information Technology at Orchard Therapeutics, he gave insights to the Modern CIO and CISO roles and how it will likely evolve into the future and said “We have to start moving the mindset away from just providing security and more towards protecting all of the assets.”
Q. How the modern CIO and CISO are evolving, and why they need to work together
A. Well I believe that, while there will always be a place for some level of IT leadership, the role of the CIO is becoming redundant to the CISO and that ultimately the CISO role will evolve into the top lead for IT and will have a direct report who has the administrative functions for the department, vis a vis what the CIO would normally do. The modern day CISO, in that regard, needs to start evolving their strategic direction in guiding the decisions of the company and ensuring that all roles within IT have the necessary security education and awareness to be successful in their future roles.
Q. What security challenges have you faced as a technology leader that have moved security to the top of the CIO’s agenda?
A. My challenges have strayed to the other end of the spectrum, away from the general tactical issues of the day. My biggest items these days are boiled down to four elements:
• Compliance: ensuring all corporate technology strategies and solutions consider the myriad compliance protocols before being used in the environment.
• Partnership: establishing a partnership with an ideal MSSP/Virtual CISO partner to perform the commodity tactical roles, allowing the CISO to focus on long term strategy and larger issues.
• Data loss prevention: ensuring there is full control of the data wherever it is in the world.
• Education/Awareness: employee education/awareness, especially pertaining to common threat vectors, like phishing and malware.
Q. In the organizations you’ve worked with, how do you work on balancing the relationship between the CIO and CISO?
A. I have always ensured that the CISO reported directly to me, not layers below, and that the CISO was involved in all meetings and discussions regarding all technology initiatives and concerns. To that end, the CISO becomes a legitimized thought partner in IT and is able to keep security aligned with all IT strategies.
Q. How has Information Security changed since the beginning of your working life?
A. Literally, when I started working with IT security, the focus was very heavily tactically based. Most of the effort was spent on firewalls, port monitoring and similar hardware fabric attack vectors. Everything we did back in those days was focused on hardening equipment, black/white listing everything and anything and constantly focusing on patching and ensuring that everything was as standard as possible. It was always a losing game and so much money was lost in securing these broad environments.
Q. What new challenges do you expect to develop in the next five years regarding information security?
A. Ultimately, my goal is to eliminate passwords entirely from our enterprise and provide a secure shield around each employee which is unique to their role and their data requirements. My CEO will not have the same type of security as an assistant and they will not have the same type of security as a data manager, for instance. All employees will become, essentially, their own identity verification factor and, coupled with a solid MSSP partner/VAR, we will be able to rapidly identify and mitigate all threats before they have a chance to mature.
Q. What strategy advice would you give to a CISO trying to balance visibility/customer confidence with security?
A. If you are truly a CISO or on the road to becoming one, and committed to the mission of securing the company’s assets, you should always make the best possible case to the executive team/board to ensure that they are aware of all risks, the potency of the risks, the costs and needs to mitigate the risks and how you plan to address all of it as part of a broad cybersecurity plan. We have to start moving the mindset away from just providing security and more towards protecting all of the assets.
Q. Why have you decided to join us at the CIO & CISO Strategy Meeting and what would you like to share at the meeting?
A. I enjoyed the discussion that I was involved in last year and I would like to engage with my peers in a discussion on this topic to hear how the industry thinks about this concept. I expect many to disagree with it and I am interested in their opinions.
You will have the opportunity to meet Nathan McBride at the CIO & CISO Strategy Meeting, April 23, 2019, Boston during his session he will be facilitating on the Modern CIO & CISO and the networking time to discuss your challenges regarding the CIO & CISO roles.
Still not registered?
Visit the NCS Madison Website for more updates about this year’s program, registration details, and more upcoming events!
Or, contact Jason Walter at jwalter@ncsmadison.com for details.
Don’t miss out on attending!