View the Magazine PDF Here
CAUTION: PERFORMING MAGIC TODAY
Ernesto DiGiambattista, the CTO & CISO of Sentinel Benefits & Financial Group, wrote “Caution: Performing Magic Today” as one of the weekly whiteboard messages in his office. “People can’t see it, can’t feel it, and can’t touch it, but in my organization, they know security is happening,” he says. DiGiambattista wears three hats, that of the CTO, CISO, and CIO, and he navigates this balance by relying on his robust business-driven background. This important background gives DiGiambattista the tools and business acumen to be a part of the Operating Committee, which meets every two weeks and is comprised of the four partners, CFO, EVP sales, and EVP retirement. This committee fundamentally drives the organization’s inclusive 36-month business strategy, something that DiGiambattista strongly vaues.
COMING IN WITH A PLAN
DiGiambattista spent his first thirty days at the organization meeting people in business, fine-tuning his understanding of their processes, and creating his own foundation of business awareness. He then spent the next thirty days purposefully building a framework for the future of his program, as well as structuring the vital communication component in order to gain buy-in from executives. “Once I established a baseline, I had the ability to drill down and position a Subject Matter Expert in each area. I consider them my captains, who help improve processes and technologies, while at the same time are meeting with the business leaders to understand their needs and what they want to accomplish.”
The next step for DiGiambattista entailed expanding the organization’s understanding of security, something he still focuses on through quarterly round table discussions. He meets with twenty different employees at a time, in any department or role, and paints a clear picture of his team’s current projects, accomplishments, and goals. What DiGiambattista values most is the feedback he receives on improvements his team can make. These roundtables are clearly working, DiGiambattista receives a 70% response from a quarterly survey that is sent out, which asks employees if they feel the security in the organization has improved, along with performance reliability, and communication on pressing security issues.
SENTINEL UNIVERSITY
“Technology is important, but going above and beyond by doing something outside of your responsibilities is a reflection of how we work business into our security program,” says DiGiambattista. Each month, DiGiambattista’s team receives training from a different line of business about their department. The training is followed by a comprehensive test, which allows DiGiambattista’s team to learn central details about each section of the business. Furthermore, the organization has a Management Program that instills dynamic managerial skills, along with a Leadership Development Program designed for high-performers to work on individual projects that grow their business awareness and expertise. DiGiambattista sees the impact of these programs – his team has been recognized as “business impact players” five out of the last eight quarters and over 67% of them actively participating in these programs.
SPEAKING TO BUSINESS EXECUTIVES
“The language of security is often misunderstood by business-focused executives, so it is important to correlate it back to something that they can understand,” says DiGiambattista. He often uses sports or real estate analogies to explain certain components of his program. “I once correlated security back to a remodeling project. If someone has an outdated kitchen, and the building inspector comes on board and says that the regulations for certain parts of the kitchen have changed, the owner must then take the necessary steps to accommodate these new building codes. This is no different to being diligent and transparent with evolving compliance issues within security.”
Subscribe
Stay up to date with cyber security trends and more