"Leadership Spotlight" includes interviews with Chapter Presidents, SIM Board members, Management Council members and other SIM leaders. "Leadership Spotlight" will not only highlight SIM’s leadership and chapters, but it will offer insight from our leaders on topics, treads and issues facing the Society, our chapters and the IT industry.
An archive of interviews will be found HERE.
Name: Joe Bruhin
SIM Role: SIM Western NY Chapter
This month’s Leadership Spotlight features SIM/APC member, Joseph Bruhin of the newly formed SIM Western NY Chapter. Joe is also a key leader on SIM’s newly formed Coalition for Open Security.
Question 1 | Question 2 | Question 3 | Question 4 | Question 5
1. What is your role/involvement in SIM?
Along with several CIOs in the greater Rochester NY area and in coordination with Bruce Leidal, CIO of Carestream, I co-founded the Western NY Chapter of SIM. We held our inaugural event in June of this year. It was very successful with 40 potential members attending. Our next meeting is on October 15th and is stacking up to be as successful. I hold two roles in the Chapter. I am Vice President (Bruce is President) and Programs Co-Chair along with Dave DeLaus, CIO of Wegman’s.
I have been a member of SIM for about 15 years, having first attended the RLF in early 2000. Although I did let my membership lapse while I was working overseas. In 2012, I joined the Advanced Practices Council.
2. How did the idea of the Coalition for Open Security come about?
As part of an APC meeting, David Bray, CIO of the FCC, delivered a brilliant presentation on cyber security. Like many security presentations to CIOs, it left us concerned – even more scared, if that was possible - about how we protect our companies and employees from the ever increasing threat of cyber-attacks from an increasing number of global bad actors. David, having formerly served as CIO for the CDC, has an interesting and very compelling idea about treating cyber-threats in the same way we would treat an epidemiological event. In other words, we should be developing similar constructs, policies and practices that we use to fight a contagious disease and apply them to the fight against cyber-threats.
David also contends that this must start at the very foundation of where the fight against cyber-attacks begin. Much like a contagious disease is most often first diagnosed by a doctor in a medical office, cyber-attacks and threats are most often first identified by a security expert in an organization.
Of course, it is in the best interest of an organization to fully vet a cyber-attack in order to understand what was exposed or taken or destroyed or otherwise compromised. Typically this is done well before a company reports the event or goes public with it. In fact in a recent briefing by the FBI, they informed the Western NY SIM Chapter that only a very, very small percentage of cyber breaches are ever reported. This means that no other companies can get the benefit of learnings from that breach. Our collective learning is severely constrained and the possibility of a CDC-like epidemiologic approach is near zero.
Several members of the APC were inspired to come together with other technology leaders across several sectors to discuss the feasibility of David’s concept, and to formulate a plan to make it a reality. This group called themselves the Coalition for Open Security (The Coalition). The group of senior technology leaders that came together to form The Coalition represent several organizations across multiple industries, several government officials and members of the social networks that we often see in tech industry publications.
We came up with several key concepts which we believe are critical to realizing a more open security approach. The most critical of which is to ensure, through legislation, that anyone who shares a real time or near real time attack is allowed to maintain complete anonymity. This will allow all other organizations to become instantly aware of the threat and perhaps protect themselves against it, while allowing the reporting organization to complete their own investigation and analysis of the event before deciding if they need or want to report it.
3. Other than the Coalition for Cyber Security, how has your Advanced Practice Council membership benefited you?
The APC is easily the best investment I make in increasing my knowledge about hot topics and trends in technology. We collectively determine our topics of interest and the APC leadership team finds the highest quality research opportunities – a great blend of academia and practitioners. We then come together three times a year to see the results of the research. Equally and sometime even more valuable, is the peer to peer discussion we have after each session.
There is not one, but many benefits that I have taken away from the APC. Whether it’ s about big data and advanced analytics, the introduction of wearable technologies, when to use bi-model vs traditional waterfall methodology, the future IT skillset and where will we will find it, or any of the many other hot topics we cover, I can honestly say that I take value from each and every one.
And after each session, a summary of the topics and discussions is made available via webinar for anyone who missed the session and to anyone in our IT teams who we feel might benefit from listening in.
Again, this is the best return on investment for IT senior level education you will ever make – by far.
4. Can anyone get involved in the Coalition for Cyber Security? If so, how do they get involved?
Yes, anyone can get involved and please do. This is a topic that needs attention and support from every one of us. To learn more about The Coalition for Open Security, please contact Madeline Weiss firstname.lastname@example.org. And PLEASE do review the recent message form Steve Hufford asking you to contact your legislative representatives with your views on this important topic.
5. Each month in Leadership Spotlight we ask our Chapter presidents "what are the hottest trends in the industry". As an APC member, you might be able to provide a different perspective on industry trends. What do you see as some of the hottest trends in the industry and does the APC keep you on the forefront of trends?
I’ll share my current top three:
- Security will continue to be a hot topic for the foreseeable future. This area is exploding and shows no sign of easing. It is possible that the next truly transformation ideas in our discipline will be driven by the need to create a more secure technological world.
- Likewise Big Data and Advanced Analytics will remain a hot topic. In my opinion, while some companies are making fascinating progress here, most are just now beginning to think about this topic, and we are really just focusing on the Big Data part. Advanced analytics will require not just new technology, but new ways of thinking. We have seen the creation of the Chief Data Architect, next in line will be something like a Chief Insights Officer. Having good data is just the beginning – table stakes. Knowing what that data tells you about your product and/or service, or what it tells you about your customer and consumers, and having the capability to generate insights that lead to value creating actions – that’s that the big audacious goal we should all be focusing on.
SaaS and IaaS will continue to be a very interesting trend to watch. As these offerings mature, I am seeing an interesting benefit – perhaps the most compelling one yet. Because these services are generally provided in a multi-tenanted environment, they will need to be very secure. The cost of a security breach bringing down a multi-tenanted environment is simply too high, so *aaS providers will have to be very good keeping their services secure.
- In addition, Shadow IT is on the rise. This is understandable, as many other business functions tend to think they should be making their own IT decision – after all, they are the ones who will use the tools and technologies, so why should IT tell them what to use? Of course, the strategic IT leader will work collaboratively to develop a solution, but the increase in opportunities for shadow IT are growing. As IT leaders, we need to understand this and ensure we provide our business with the right freedom to succeed, while at the same time, retaining our accountability to protect our organization’s information assets. One recent study suggested that Shadow IT should be OK if the systems is low on both the complexity and criticality scale. An interesting thought, but I wonder if Target would have considered their HVAC system a viable candidate for Shadow IT. This area needs a lot of quality thought.
An archive of interviews will be found HERE.