CyberWire Daily - Don Welch: Being a good leader. [CIO] [Career Notes]
Episode Date: July 23, 2023Don Welch, Chief Information Officer from New York University sits down to share his exciting start into his cyber career. Much like many other people who started in this industry, Don went into the m...ilitary, which is where it all started for him. He was told he needed to take two specialties, and so along with mechanical engineering, he decided to go into computer science as well. After taking his two crafts, he decided to leave the Army and go into the civilian world where he took a couple jobs in cyber. He landed a few jobs at different prestigious universities, including Penn State University, University of Michigan, and now New York University. He shares that being a good leader will take you far in life, saying "I will say that if you are a great leader, ultimately, you sit in your office and do nothing because you have developed your team and empowered them, and they're making all the decisions, everything runs like clockwork and you have nothing to do." We thank Don for sharing is story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024. These traditional security tools expand your attack
surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security. Thank you. Learn more at zscaler.com slash security.
Hello, my name is Don Welch.
I'm the Chief Information Officer at New York University.
When I was young, I knew that I wanted to go into the military in some way.
Ended up being recruited to play football by the service academies.
And so ended up going to the military academy and entering into the army.
And I was mechanical engineering, and then I was commissioned into the infantry and did normal infantry stuff. And really didn't know much about computers or really how they affected things for quite a while until later in my career when I got into it.
In the Army, you have your primary specialty and then you get a secondary specialty.
I knew that I wanted to go back to West Point to teach,
and I had the option of either teaching geography or computer science.
I knew that geography really didn't present a lot of options in the outside world. Computer
science sounded exciting, more aligned with my undergraduate degree in mechanical engineering.
undergraduate degree in mechanical engineering.
So off I went to get a master's in computer science with no background, undergraduate background in computer science.
So got the baptism by fire, but really loved it.
And through the Army, then decided I loved it enough
to get out of the normal career track as an infantry officer and focus on
computer science and information technology.
The Army sent me for a master's degree, and I taught, and then had the opportunity to
do some exciting things in the Army to include information technology for Delta Force.
And then I had the opportunity to go back to West Point to teach for a second time.
They sent me, I got a PhD in computer science,
went back to teach information technology and software engineering,
and then became the CIO at West Point.
And really, that's where my interest in
cybersecurity started. We realized that cybersecurity was going to be really important
to national defense going forward, and West Point cadets needed to really get smart about this and get trained up in it. So we set up a proposal to start a program in cybersecurity
and got that off the ground and got that going.
And then I retired from the Army in 2004.
But that's where I got my start in cybersecurity.
DART and cybersecurity.
I went into the civilian world for a while.
I was the CTO for a company down in Texas called HEB,
which is a grocery retailer.
Great, great, great company.
Security was in my portfolio there.
But I really wanted to get back into higher education. officer of a network and IT services company, of which we started providing cybersecurity services on top of our network and did some things like we developed the Michigan Cyber
Ring in a program there, worked with the state of Michigan to develop the Michigan Cyber
Security Corps.
A lot of great things came out of that opportunity.
After being the CEO for quite a while,
I knew that I probably was too in love with my ideas
that had been successful
to come up with the next great idea for the company.
So I wanted to get back into cybersecurity. that had been successful to come up with the next great idea for the company.
So I wanted to get back into cybersecurity.
So I became the chief information security officer at the University of Michigan.
After being there for a while, I got recruited to go to Penn State and be the chief information security officer there.
While I was there, I had the opportunity to move over and become the chief
information officer at Penn State. And then I got recruited away from Penn State to come to NYU.
And so here I am. If you are a great leader, ultimately you sit in your office and do nothing because you have
developed your team and empowered them and they're making all the decisions. Everything
runs like clockwork and you have nothing to do. I haven't achieved that yet working on it, but my leadership style is
empowering. At my level, I've got seasoned professionals that report to me. They wouldn't
be there unless they knew how to run their teams. And so my role is much more strategic, making sure they understand how
what they do fits into the entire organization, developing them so that they can become
CIOs later in their career if they wish. And a lot of talking and listening people to make sure that we are aligned with what the university does.
They all need to be accessible to the right people and protected from the wrong people.
I would say the most important thing that you can do is to keep learning.
What I was able to do is to learn and learn these new things that were coming along, be they technologies and so forth, but also the leadership aspect.
Learn to be a better leader.
aspect. Learn to be a better leader. One of the things that I think is really important that we understand as leaders is we have, I feel, a moral imperative to be the best leader that you can.
First, for your team, for those of us that have ever worked for a bad leader, we know how that
can absolutely ruin your day and, you know, it filters out to your family and a good leader, of course, the opposite.
You know, it can really brighten your outlook, make you happier and make you more productive.
And the most important thing is just continue to grow in your leadership and in your field.
I'd like to be remembered in that I've left the organizations better off than when I came.
That the organizations work better, there's better teamwork. All the things that we try and do in IT, I'd like just
people to feel that I've done it better. And I'd also like the people that I've worked with
over the years to go on and be great leaders. And I think that the things that they accomplish
and the things that they do, I'd like to think that that was also part of my legacy. Thank you. to see how a default deny approach can keep your company safe and compliant.