HomeSitemap This email address is being protected from spambots. You need JavaScript enabled to view it.

Leadership

Strategies, advice and opinions helping to define and develop the role of IT leaders and their staffs.

Leap of faith: Changing careers to win the battle against cyber threats

At MPOWER 2019, McAfee’s annual cybersecurity summit, I had the opportunity to interview Bill Woods, Senior Director Security Intelligence. His career has taken him from assault pilot, to FBI Special Agent in Charge, and finally to leading McAfee’s world-wide security operations. Bill’s journey is a case-study into how seemingly unconnected professions can lead to extraordinary results for organizations struggling with the onslaught of cyber threats.

Q. Bill, you’ve had an interesting career path. Tell me how your background helped you transition to running the security operations for a world leading cybersecurity company?

At the FBI, we were focussed on preventing bad things from happening. We had to be both pro-active and reactive in order to effectively respond to threats to the public and to the government. This aligned quite nicely with the McAfee’s Pledge to protect the world from cyber threats.

I also had a lot of experience with the intelligence cycle while I was section chief. This cycle combines processes that plan, collect, process, analyze, and disseminate critical information related to law enforcement. This same process is used in cybersecurity when performing both intelligence and response activities. From that perspective, my background helped me to guide teams responsible for threat hunting and cybersecurity incident response.

Finally, my government background instilled the need for a continuity of operations plan. At McAfee, we have two security operations centers located on different continents to service our world-wide operations. These centers provide total redundancy to ensure operations continuity in the event of a disruption.

Q. There are new cyber threats emerging every day. What keeps you up at night and what are you doing to help you sleep better?

We have very robust security technologies at our perimeter that prevents the bad guys from getting access to us. We are also very serious about our security awareness for employees and are constantly training them to strengthen our culture of security. What keeps me up at night is the threat from insiders.

Statistically, insider leaks are more devasting than the threats from the outside. An insider has intimate knowledge of the environment. They know how to take down key systems and they know where the crown jewels of the corporation are kept.

To mitigate this threat, we interviewed every executive in the organization, from the VP on up, and had them tell us what their critical technology assets were. We then configured our products to classify those assets, monitor them, and block their mis-use. We have many offerings that helped us to do this, like our data loss prevention (DLP) technology. DLP is one of the things that helps me to sleep better at night.

Q. The struggle between Information Security and IT seems to be a never-ending battle within organizations. How are you dealing with that conflict at McAfee?

The goal of InfoSec is to protect company data, while the goal of IT is to make things pleasant and productive for end-users. This creates a difference in mindsets between the two organizations. At InfoSec, we prefer a rule of least privilege for our digital assets, and as a result, our default access is set to “no”. On the other hand, IT wants to make things easy, so they lean towards setting their defaults to “yes”. My belief is that security is a balance between taking calculated risks versus locking everything down.

My experience as an assault pilot helped me in this regard. I was responsible for a multimillion-dollar piece of equipment. If the value of the asset was the only thing taken into account, then you’d never use it, but you have to fly the jet at some point.

To resolve the conflict, we regularly bring InfoSec and IT together for team building and joint education. This helps to understand our respective priorities and to agree on joint objectives. For example, the remote desktop protocol (RDP) is fantastic for IT because it helps them to efficiently support a distributed workforce, but for security it’s a nightmare because it is responsible for many ransomware exploits. Once we understood this, we jointly agreed on standards for the configuration and use of RDP. When it is required, IT can open up the RDP ports and use the remote desktop, but they have to close it down when done. On our end, we continuously scan the environment for open RDP ports, so we can take appropriate action if they are left open. This compromise is one area that helps us to work together instead of being adversarial.

Q. What has been the most rewarding aspect of your move to McAfee?

When I was looking for a career change, I wanted to do something that would make me proud of my work. The most rewarding thing about my time at McAfee has been working with employees who are committed to protecting people, corporations, and governments from the threats of the digital world. We have made significant impacts in that regard and I am proud of the results that our customers have achieved by using our technologies.


Jeff Ishii is a senior technology executive with a wealth of experience in management consulting, professional services and IT operations delivery for Fortune 500 companies. He has been at the forefront of technology for the last 30 years by implementing creative solutions that have produced sustained business value.

Past Attendees


ADP - VP Architecture & Infrastructure

AESO - VP, Information Technology

Agnico Eagle Mines - VP, IT

Agrium - Global Mgr., IT Security

Agrium - Senior Director IT Shared Services

Aimia - SVP & Global CIO

Ainsworth Engineered - Director IT

Air Canada Vacations - Director IT

Alberta Energy Regulator - Director, Office of the CIO

Anthem Properties - VP IS

AON Risk Solutions Canada - Head of IT

Aviva Canada - VP, Architecture & Strategy

Bank of America Merrill Lynch - CTO

BC Ferry Services - VP & CIO

Bell Business Markets - Director, Strategy & Planning

Bell Canada - National Director, Digital Transformation

Bellatrix Exploration - Director, Information Technology

Bentall Kennedy - VP IT

Black Press - CTO

BlackBerry - VP Corporate IT

BMO Financial Group - Head of Services Delivery

Bombardier Aerospace - CISO

Bonavista Petroleum - Head of IT

Borden Ladner Gervais LLP - Global CIO

Bow Valley College - Director, IT Services

Bridgewater Bank - Head of IT

BuildDirect - VP IT

Bulk Barn - Head, IT

Burnco - CIO

Caisse de Depot et Placement du Quebec - VP, IT Planning, Architecture, Governance, Operations

Calfrac Well Services - Head of IT

Canada Mortgage and Housing - VP, Information & Technology

Canadian Depository for Securities - CIO

Canadian Direct Insurance - CTO

Canadian Payments Association - VP & CIO

Canucks Sports - Head of IT

Capgemini - Service Delivery Director

CAPREIT - CIO

Cardel Homes - VP MIS

Cargojet - CIO

CCS Corp. - VP IT

CDSPI - Board Director

Centerra Gold - Director IT & Comm

CIBC - Senior Director, Infrastructure Planning & Engineering

CIBC - SVP & CIO, Retail and Business Banking Technology

CIBC Mellon - AVP, Enterprise Architecture

CIBC Mellon - SVP & CIO

Cineplex Entertainment - CTO

City of Brampton - Senior Manager, IT Architecture & Planning

City of Richmond Hill - CIO

City of Toronto - Director of Strategic Planning & Architecture

CN Rail Service - Chief Information Security Officer

Coast Capital Savings - VP Technology

Concordia University - AVP & CIO

Crescent Point Energy - Head of IT

Dairy Farmers of Ontario - Head of IT and Administration

Dale Parizeau Morris Mackenzie - VP, IT

Davies Ward Phillips & Vineberg LLP - Director, Information Technology

DealerTrack Canada - Director, Technology

Defence Construction Canada - Corporate Manager, IT

Deloitte - Director, Risk Advisory

Dentons - Canada CIO

Devon Energy - Director, Integrated Business Services

Direct Cash - VP IT & Security

Dynamic Tire Corp - CIO

D+H Partnership - VP, Head of Canadian Mortgage Technology

eHealth - EVP, Technology

eHealth Ontario - VP, IT Systems & Services

Encana - Director, InfoSec

Enbridge Inc. - VP, Technology and Information Services

Enerflex - CIO

Enerplus - VP. IS

ENMAX - VP, IT & PMO

Equity Financial Trust - VP, IT

Essential Energy Services - Director, IT

Expedia Cruise Ship Centers - VP IS

FGL Sports - VP, Information Technology

Finastra - SVP, Head Technology Managed Services

Fix Auto Canada - COO & SVP

Flightnetwork.com - CIO

Freedom Mobile - Head, Customer Applications, Experience, & Strategy

FT Services - CIO

FundServ - CIO

Genus Capital Management - CTO

Genworth Financial Inc. - VP IT

Golder Associates - CTO

Gran Tierra Energy - Director IT

Grant Thornton LLP - CIO

Greenwin Inc - VP, Information Technology

Groupe Dynamite - Director, IT

GSK Canada - IT Director

GTAA - Acting CIO

H&R Block Canada - VP IT

Haventree Bank - VP, Technology

Hewitt Equipment Ltd. - VP & CIO

Hitachi Vantara - GVP & Global CTO

Home Trust Company - CIO

Home Trust Company - CTO

Home Trust Company - VP & CISO

Horizon North Logistics - CIO

IBM Canada - Associate Partner, Payments Industry

Indigo Books and Music - CIO

ivari - SVP & CIO

JP Morgan Chase Canada - Executive Director, Information Risk Management

Keyera Energy - Director, Information Technology

KnowledgeOne - CIO

LaFarge Canada - Director, IT

Landmark Cinemas Canada - VP, IT

LCBO - Director, Applications Systems

LCBO - SVP & CIO

Leisureworld Senior Care Corp - VP IS

Lightstream Resources - Head, Information Services

London Drugs - GM IT

Loto-Quebec - Corporate Director, InfoSec

Magna International Inc - VP & Global Leader, IT (CIO)

Manulife - Global Head of Private Markets & Real Estate Technology

March Networks - VP Professional Services & CIO

MaRS Discovery District - Managing Director, Fintech and Commerce

McCain Foods Limited - Manager InfoSec

McInnis Cement - Director of Information Technology

Medical Pharmacies Group - VP, Information Technology

MEG Energy - Manager, Information Technology Solutions & Services

MMM Group - CIO

Montreal Police Service - CIO

Morguard Investments - CIO

Moulding & Millwork - CIO

National Bank of Canada - Information Security Officer

National Capital Commission - Chief, IT infrastructure & Support Services

NHL Players' Association - Head, Security & Technology

Northbridge Financial Corp - CIO

OEC Group Canada - Vice President, Information Technology and Client solutions

Oildex - VP, Architecture & Infrastructure

Olympia Financial Group - CIO

OMERS - EVP, Data & Technology

OMERS - SVP IT

Ontario Pension Board - CTO

Ontario Trillium Foundation - CIO

Osum Oil Sands Corp - Manager, IS

Ottawa Police Service - CIO

Pacific Western Transportation - CIO

Packers Plus - Global IT Director

Pason Systems - Manager, Digital Communications & Corporate IT

Patient News - CTO

Peel District School Board - CIO

Pengrowth Corp - Director IS

Penn West Exploration - Snr. Manager, IT Operations

Peterson Investment Group - Head of IT

PFB Corp. - CIO

Pizza Pizza - CIO & VP, IT

Precision Drilling - VP, IT

Precision Drilling - Director, IT Infrastructure & Security

PSP Investments - Snr. Director, Internal Audit & Business Infosec

Public Works and Government Services Canada - Director, IT Security Directorate

PwC - Managing Director, Real Estate Technology Advisory

Qantas - Global CIO

Queen's University - Director, Information Technology

RBC Royal Bank - Head of Application Security, Data Protection & Security Consulting

Regal Lifestyle Communities - CIO

Revera Inc. - CIO

Revera Inc. - Security Architect

Ricoh Canada - VP,IT

RioCan Property Services - VP IT

Roche - Head of IT Americas – Operations

Rogers Communications - SVP, Customer Experience IT

ROM - CIO

Russel Metals - VP,IS

Scotiabank - Head, Systems Architecture & Platform Modernization

Scotiabank - VP - International Systems Technology

Scotiabank - Head, System Architecture & Platform Modernization

Scotiabank - Global Head, GBM Compliance & Transformation

Sears Canada - Divisional VP, Information Technology Services

Secure Energy Services - GM, IT

Shaw - Head, Customer Applications, Experience, & Strategy

Shaw Communications - VP, Technology Operations

Shaw Communications - Director, Risk Management

SMART Technologies - Director, IS Corporate Services

Smartcentres - Director IS, IT

SmartOne Solutions - President & CIO

Societe de Transport de Montreal - Division Head - Security and Compliance

Street Capital Financial - CIO

Sun Life Financial - AVP, Data & Business Intelligence Services

Sun Life Financial - VP Application Ops & Services

Suncor Energy Inc. - Director, Application Portfolio Optimization, I&PM, Business Services

Symcor - CTO, VP Technology Services

Talisman Energy - SVP IT & Business Services

TD Bank - Enterprise Architect

Teknion - SVP, CIO

TELUS - Chief Security Architect

Tervita Corporation - VP, Information Technology

The Hudsons Bay Company - VP Technology

The Hudson's Bay Company - SVP & CIO

The Source - VP, Information Technology

TMX Group - CISO & Global Head of Infrastructure Services

Toromont Industries - VP & CIO

Toronto District School Board - Chief Technology Officer

Toronto Hospital for Sick Children - Director of Technology

Toronto Transit Commission (TTC) - Chief Enterprise Architect

Toronto Transit Commission (TTC) - CIO

Toyota Canada - National Manager, IS

Transamerica Life Canada - CIO

Trican Well Services Ltd. - Director, Business Information Systems

Tridel Corporation - CIO

Trillium Health Partners - IT Director, Applications & Clinical Informatics

UFA Cooperative - VP & CIO

University of Calgary - Executive Director, Development Services

University of Ottawa - CIO

University of Ottawa - Senior Director IT Services & Infrastructure

University of Toronto - Director, Centre for Management & Technology

University of Waterloo - Director, Technology Entrepreneurship

Vancity - VP Technology & Solutions

Viterra - Director Enterprise Technology

Wawanesa Mutual Insurance Company - Director of Innovation Outpost

World Health - Director IT

Wolseley Canada - CIO & COO

Yellow Pages Group - Director - Enterprise Data Management

York Region District School Board - CIO

Leadership Archive