By Curtis Blount, CSO
The information security trade has been in my blood, since I began my career with the U.S. Army back in 1982. I’ve been blessed to meet some amazing people, work for some incredible organizations, and gain knowledge and experience that I could write several memoirs on.
I’ve held just about every possible position in InfoSec. I guess that’s what more than three decades can do for you. I’ve spent most in my career in the trenches of security operations. From network security architecture, to running production security teams, and implementing security infrastructures in legacy and cloud environments. The most recent decade has been more on the senior management side of house, as a CISO/CSO and compliance officer.
Recently, I was told by one of the students I mentor that I’m like “that master sergeant with more experience than most four-star generals.” I thought that was rather flattering – and it actually makes a lot of sense. My father once told me that we are a sum of our life’s experiences. You can’t run from your past, so embrace it. The good, bad and the ugly. That’s what builds your character and wisdom.
Now my goal is to pass that wisdom on to others.
Things Always Fall into Place
As reality sets in, there are a lot of companies not hiring folks who are 55 and older. Instead, they are looking for that same wisdom and experience in a person 20 years younger. So, I’ve been doing a lot a mentoring and working on creating a training initiative focused on providing educational curriculum in secondary schools. (And, of course, like everyone else, I’m doing consulting work!)
During this chapter of my career, it’s funny how things fall into place. Lesson #1 for the young people who might be reading this: Never burn your bridges. Those you help in the past just might come calling in the future.
A couple of years ago, I was asked by a good friend of mine who is one of the founders of InsightCyber, to take a look at the company and what they were trying to achieve in the ICS/OT cybersecurity world. Considering there are very few players in this space, it was a very interesting concept. And, as I started to dive deeper into the concept and the market, it was clear that a company like InsightCyber is desperately needed.
Later, I was asked to join as their CSO. And of course, I agreed.
Applying My Experience to the Next Chapter
So, I’m writing my next chapter. One of the things I stated up-front was that I don’t want InsightCyber to be another “me too” in the market. Rather, I want to build a technology that actually solves an industry problem, while incorporating my many years of security ops experiences into the products and services we offer.
Most importantly, I want to apply my CISO/CSO experience, concerns, and day-to-day operations lessons learned to focus on how InsightCyber can make CISO’s lives a little less painful.
This is particularly true for CISOs in the ICS/OT world who are just starting to look at OT from a cybersecurity perspective. They have a very big challenge ahead of them. OT operations is much different from dealing in the IT world where the traditional C.I.A. triad is flipped. With OT, “A” for availability and “S” for Security become much more critical factors than Confidentiality and Integrity.
I firmly believe the technology, risk methodologies, and anomaly-based AI platform we are building are going to be game-changers. Imagine a services company that provides a cost-effective solution to achieving the security goals for your organization but built with you, the CISO, in mind.
Well, that is our goal. That’s my story and how we are building InsightCyber. Now the journey begins!
Hopefully as you start to evaluate our portfolio of services, our objective will become clear to you. Of course, we want to hear from you. Like any community, we can only advance if we are working together. I’m looking forward to the ride.
Curtis Blount is the Chief Security Officer of InsightCyber. For more details on InsightCyber’s maturity model and risk methodology, read our white paper, InsightCyber IoT Risk Methodology.