Bob Stasio began his career in the U.S. Army as an Intelligence Officer, then spent ten years working in the government sector, holding positions at NSA’s Cyber Center, U.S. Cyber Command, and the U.S. Army’s Signals Intelligence Corps. After moving into the private sector, Bob held positions at large organizations such as IBM, where he utilized his experience in cyber operations and threat hunting. He also held positions leading threat intelligence programs at organizations like Bloomberg and global financial firms. His most recent positions include Deputy CISO at DuPont where oversaw the security team while building the security operations and SOC programs, before joining Renaissance as their CISO/CIO.
Bob joined Renaissance, a global educational technology SaaS organization, over two years ago as their first CISO with the prerogative to holistically build a strong cybersecurity program. This was an opportunity for him to leverage his deep leadership expertise paired with his strong background building cyber programs. He comments, “I moved over to Renaissance because it looked like a great experience for me, leadership was switched on to the benefits of security, I was able to work in the education industry and it was clear security had support from the board. Overall, it felt like a very supportive relationship.”
Bob experienced success from an early start at Renaissance, and he credits that to his broad background and proactive approach to communication. When joining a new organization, Bob recommends that CISOs ensure they understand the full scope of the budget available to them, the goals of the leadership and if they align with the security program, and areas of compliance they need to follow. He continues, “It is important to know if customers require a higher level of security and how you are going to be tied to the business. You need to know that you won’t just be a cost center, that you will actually be contributing to revenue and a vital part of the business. In the end, CISOs need to also show value.”
RUNNING A SECURITY PROGRAM
As the first CISO at Renaissance, Bob was tasked with building a security program and laying the groundwork for cyber maturity and protection. His first step was prioritizing critical areas such as stopping immediate threats that could be harmful to the business. Given his strong background in intelligence, he ensured the detection and response program was clearly outlined, and up and running. He also planned out milestones like achieving a SOC2 audit. It was important to Bob that security fundamentals were laid out, so they had a distinct plan and roadmap to follow that closely aligned with what the business was trying to accomplish.
It was also important to Bob that he selected a cybersecurity framework to follow that would help guide the program to maturity and provide milestones to achieve along the way. He comments, “We use the CIS top 18 framework to self-evaluate our current maturity and determine any areas we need to focus on. It helps with tracking progress. Also, when deciding on investing in a new tool, its helpful for us to leverage the framework so we can decide how to filter through the options.”
CUSTOMER FACING CISOS
Today, many CISOs have begun interfacing with customers, sharing the value of their organization’s security program, and becoming true advocates in demonstrating how security is a competitive advantage. Bob fits into this category of CISOs and explains, “We have some bigger deals that might require my presence. I come in and talk strategically with a customer to answer any questions they might have around things like our security architecture. CISOs should be able to demonstrate how they are better than the competition, so customers can clearly understand why they should work with them. It all comes down to how serious your organization takes security and being able to talk to business leaders about this.”
Not only is Bob an advocate for security with customers, but he is the liaison between the business and security. He has a regular set of meetings with the executive leadership team where he presents and talks to them about his roadmap and any progress updates. He also shares details around maturity in relation to competition, something many executives are very interested to hear about. One tactic to ensure he communicates in a succinct and business focused manner is to use anecdotes when describing updates. For example, he might share a story about security’s role in helping sign on a new customer faster or get through a vetting process sooner.
Overall, Bob approaches his role with the intention to educate and advocate for the security program. He recognizes the need for CISOs to focus on business language when speaking to anyone outside of security, in order to gain mindshare.
LEADERSHIP STYLE
Bob’s military background helped him gain strong communication and leadership skills that he has continued to use throughout his career. He approaches leading his team with an open mind and always focuses on being a team player. He says, “Your mindset always has to go from being a janitor to a general in the organization. You’re not above any particular task and you should be able to jump in and help at any point when needed. You could be the janitor one day and the general the next day. That’s’ the general philosophy I’ve adhered to for my career.”
He continues, “In the military, when you get in the trenches you gain an understanding of what those guys are doing, and they appreciate that you have an interest in what they do. You may not be good at it, but at least you’re showing interest and you’re not above anything. This gives you a lot of credibility and helps you understand what they do. It’s always been a core tenet of my philosophy.”
To continue to grow as a leader, Bob ensures he is always learning from a variety of sources. He enjoys taking different courses or certifications to gain valuable expertise in specific areas that will bolster his skillset. He also attends conferences that focus on leadership for CISOs and CIOs. Learning from others is important in order to develop skills, and the tight knit security community is a great resource to leverage. Overall, he is a constant learner who connects with the cyber community in order to deepen his network as well as give back.
CHALLENGES
“One of the top challenges is the rapid growth of new technology that’s coming out, like AI. Everyone is including AI in their software and their products, and we have to properly vet it out, which might slow down the process of bringing any new technology in. We have engineers on the other side of the business that want to move fast while doing things well. And sometimes those two things can conflict against each other. So, working with the business at the speed they want to go, while being safe and secure at the same time is definitely one of our bigger challenges,” explains Bob.
Subscribe
Stay up to date with cyber security trends and more