Importance of Information Security in Organizations

Eddie Borrero, Vice President, and Chief Information Security Officer, Blue Shield of California

Eddie Borrero, Vice President, and Chief Information Security Officer, Blue Shield of California

Eddie is a transformative global business leader and champion of diversity, equity, and inclusion who has over 25 years of experience managing technology, security, privacy, and risk teams in a variety of verticals, giving him a unique perspective as a business leader and in partnering with corporate boards.As Chief Information Security Officer at Blue Shield of California, Eddie Borrero is responsible for developing and implementing a security strategy to support business growth and accelerating a secure shift to a digital business model. He started his career by helping companies transform from brick and mortar to an online presence.

With his extensive information security management experience, Borreroaligns cross-functional security strategies that protect organizations' technology environments and business processes.

What are some of the major challenges and trends you have observed in the enterprise security space?

Maintaining cybersecurity in a constantly evolving threat landscape is challenging for every organization. The fact is that ransomware has been on the rise for years, which causes angst and concern about how organizations can safeguard themselves from any known or unknown threats. In addition, monetary and reputational risks are high if organizations don't have a suitable cybersecurity plan. Unfortunately, many cybersecurity practices are focused on ensuring compliance rather than mitigating risk and still operate from a basic philosophy of "trust but verify." Today, the principle of "never trust, always verify" serves as the foundation for a more resilient model for cyber problems. 

What would you suggest for organizations to get a better security infrastructure? How can they adapt to the changes that are taking place in the industry? 

Today, companies need to put the right level of prioritization for strong data security so that they can protect against cyber attacks, unauthorized access, and data breaches. Unfortunately, I have seen many board-level members who don't have the right level of understanding of information security. I believe it should be a part of every board-level meeting conversation to drive the right level of skill and capability within their organization. That's why company boards must include practitioners, specialists, and regular guests or advisors who are knowledgeable about cyber security.

"Today, the principle of "never trust, always verify" serves as the foundation for a more resilient model for cyber problems."

Another important thing is understanding how we as a community can learn from each other. Cybersecurity must be practiced alongside crisis management to achieve this. Organizations should collaborate and assist one another in identifying risks and hazards and effective mitigation measures to address cyber concerns. Finally, we should have the right people in place to drive transparency—all the way up to the board level. 

Could you tell us about any of the latest project initiatives you are working on?

I feel that focus is the most important aspect of business success. As a result, it's essential to understand how well-built security procedures can protect businesses. Many of our initiatives are about combining our skills with business processes and services, as well as technological processes and services. When it comes to business services and capabilities, it's also critical to ensure that the procedures, not just the technology, are secure and compliant. Security should be prioritized or viewed as a strong partner protecting businesses and their consumers. 

Another important factor is to teach individuals how to protect their organization in their daily job roles. For example, rather than just not clicking on the phishing link, people may learn how to detect it and inform the company on what they found. We focus on people, technology, and processes and how to combine those defenseswithin the company to move faster.

What would be your single piece of advice for the upcoming professionals in this field? 

For CISOs, building relationships with various board members and aligning with them as mentors is important. It helps the CISO transition from being a technology security person to a business executive who can understand technology and information security and how to apply it on the business side. I've seen many CISOs spend a lot of time justifying their existence through metrics and board presentations. However, I believe it's necessary to understand every aspect of the business so that theCISO can be considered a strategic partner who can help expand a business. They must be able to go understand technology, speak finance, align it with marketing, and understand the company's growth propositions. That's important when you align your strategies around implementing capabilities and helping the organization navigate today's difficult landscape.

Weekly Brief

Read Also

Effective Communications between CISOs and Key Stakeholders

Effective Communications between CISOs and Key Stakeholders

Kevin P. Gowen, Chief Information Security Officer, Synovus
Giving Cybersecurity a Business Lens

Giving Cybersecurity a Business Lens

Grant McKechnie, Chief Information Security Officer at Endeavour Group
Setting The Right Security Culture

Setting The Right Security Culture

Mackenzie Muir, Chief Information Security Officer at Allianz Australia
Ways to Thrive in the Ever-Evolving Cybersecurity Landscape

Ways to Thrive in the Ever-Evolving Cybersecurity Landscape

Yonesy Núñez, the Chief Information Security Officer at Jack Henry™
Future Of Cyber Security: Responding To Threats With Confidence

Future Of Cyber Security: Responding To Threats With Confidence

Bernard Gavgani, Group CIO, BNP Paribas
Meeting the Cybersecurity Challenge

Meeting the Cybersecurity Challenge

Scott Self, CIo, Tennessee Valley Authority