CyberWire Daily - Gary Brickhouse: Riding the wave of growth. [CISO] [Career Notes]
Episode Date: November 6, 2022Gary Brickhouse, CISO from GuidePoint Security, sits down to share his story, looking back over the last 25 years of his career working for Fortune 100 companies, including Disney. He shares that ever...y role he has had, he’s had to grow into and how each one was a pivotal point in his technical career. Gary ended up transitioning to a different organization and says how it was really compliance that was the transitional sort of moment for him as he grew into different roles. He says, “What I found was sort of just, riding the wave of growth and opportunity and trying to take advantage of it along the way." He shares some advice for new people entering the industry, saying that he wants to help shatter the myth that you have to be technical to get into this field. We thank Gary for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024. These traditional security tools expand your attack
surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security. Thank you. Learn more at zscaler.com slash security.
Hello, my name is Gary Brickhouse, and I'm a Chief Information Security Officer.
As a kid, I always had an affinity for computers and technology and sort of the tinkering that came with that. And I think what I didn't know at the time, it sort of set in motion certainly a career that was rooted in technology.
And ultimately, that's sort of how it played out, fortunately for me.
out, fortunately for me, the boom of the personal computer, you know, the boom of the internet,
sort of was able to ride that technology wave, so to speak, into a really long lasting career.
My real desire at the time, I was pretty heavily involved in sports and heavily involved in just coaching, like youth sports, that sort of thing. And so honestly, I had a desire to coach and to teach. And that sort of
all wrapped together. And just through a series of events, actually, it was a summer job. To be
honest with you, I took a summer job building computers for a company and never looked back.
building computers for a company and never look back. It's funny, as I look back over the last almost 25 years of a career, it's interesting to sort of take an introspective look at how
I ended up where I am today. What I found was sort of just riding the wave of growth and opportunity and trying to take advantage of it along the way.
So specifically, I think about some of the big technological changes that were happening early in my career really involved security aspects of workstations and servers and an enterprise.
of, you know, workstations and servers and an enterprise. And so as the company was sort of dealing with and trying to wrap their arms around it, I was in a good position to learn
as I was sort of supporting more of the IT infrastructure at the time. These were all
opportunities that I was able to sort of grow into. And it really was a pivotal point in my career to change
directions, you know, having a good technical base, but able to sort of transition that
into just information security. And then sort of the next massive pivot that took place was
compliance driven. The company I was with was really dealing with a lot of new compliance requirements. And through chance,
that all ended up on my doorstep. So I became really, really immersed in compliance and again,
in controls and regulations, which, you know, for some people that seems very boring,
but for me, it was pretty exciting.
seems very boring, but for me, it was pretty exciting.
So, you know, I kind of went down that compliance path pretty heavy.
You know, I ended up transitioning to a different organization and it was really compliance. That was the transitional sort of moment for me into another company. And from there, my experience up until that point, very fortunately,
was enterprise Fortune 100 companies. So that created a very mature environment around me
to see how all of this governance and risk worked. And through that, it provided me just some other opportunity to, you know,
continue to grow in that space. In terms of my personality and what I would say are more of the
soft skills, I always had a desire and a capability to speak, you know, not afraid to get up in front
of a room full of people and talk.
And so I think through that, you had this marriage of technical background and some compliance type activities.
And you mix that with, you know, somebody who could communicate in business terms.
sort of collided, it really created for me what ultimately turned out to be the primary vehicle that I would leverage really for the next 10 or 15 years of my career.
GuidePoint was an opportunity for me to, in some ways, stretch my legs and really start to build from scratch.
There were some opportunities within the organization to basically sort of put on
this security program building hat and going and doing that. So for me, there was an enormous
challenge to walk in from a cybersecurity
perspective to services perspective to build out for other clients, you know, what sort of my
experience had been up until that point. And so through that, that just provided, again,
opportunity to sort of grow as the company grew in terms of building out governance risk and compliance practice.
Some of that, again, I think if you go back to some of the initial skill sets that I think
were developed in the years prior, again, everything from communication and risk identification,
having some technical background, being able to sort of translate technical issues
into sort of business language. I think all those things were critical to just continuing to be
successful at GuidePoint, both internally and as we interact and interface with our client base.
So my leadership style is definitely not a micromanager. I think sometimes it's easier to say it that way.
I think in any organization, you want to surround yourself with really talented individuals who know what they're doing.
Depending on the skill set and the role, it isn't just necessarily a hands-off approach.
It isn't just necessarily a hands-off approach.
But what I think over time, the goal is to build an environment that's based on trust, that allows people to make decisions.
And ultimately, if there's a mistake made, great, there's room for failure. But how do we correct that and grow from it?
And so for me, I think that's the most imperative piece is, you know, you hire people for a reason.
And so how do we give them sort of responsibility and ownership for their respective areas?
So I think that's always been a key for me is, again, like, you know, people are crazy talented.
We want to empower them to go use the talent, you know, their knowledge and experience to make our company a better place.
At times, I think if you look at the security industry, you may just see sort of one sliver and think that ultimately, if you're not a hacker at heart, then there's not really a path for you.
So I think to some degree, I think, you know, just I would want to shatter the myth of, hey, you've got to be super technical to sort of get into the field.
And I would say if you want to get in, there are a thousand different paths into the industry overall that some are on the softer side, right,
all, that some are on the softer side, right, that have to do more with governance and policy and procedure and compliance and risk. Those are sort of these softer skills. You know, you may not
know how to break into or hack a website, but those skill sets are still highly valuable
across an information security team.
The situations and the circumstances may dictate your effectiveness in a particular organization.
For me, I think it really is about character. From the way that I interact with certainly my team, but also my peers, with other leaders in the organization, having strong morals and ethics, and just being a good guy.
I mean, to me, you know, a guide point we have, one of our core values is no jerks and just being able to walk away
from a career where I have a network of people who certainly I want to be respected for my craft
in what I know and have done in the industry but frankly I'm I'm more want them to
respect me as an individual who did the right thing.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant.