Throughout Deborah Wheeler’s extensive career in information security, her responsibilities and skillset have evolved and shaped her approach to growing successful team members while garnering respect from business leaders. She held three CISO roles in the financial sector before moving to her most current role as CISO of Delta Air Lines.
As CISO of Delta Air Lines, Wheeler is responsible for establishing the vision, strategy and execution plan for the security program, overseeing the program’s goals and objectives, reporting to the Board and senior leadership, and staying current with the broader security industry and regulations, to ensure that Delta stays current with security solutions to address emerging threats, and stays on top of compliance with regulatory expectations.
When first joining Delta Air Lines, Wheeler ensured there would be an opportunity for her to improve the state of security in the organization. She gravitates towards opportunities where the organization either hasn’t developed a security program or what they have in place is inadequate to meet what they feel their needs are. She also focuses on a strong relationship with who she reports to, to ensure the advancement of the security programs, objectives and strategy.
2020: PIVOT TO THE CLOUD
Wheeler comments, “The biggest shift in 2020 has been the drawdown of capital plans and strategic projects, and the pivot to the cloud. As a result, we’ve had to look at cloud specific security strategies, and initiate a training program to ensure that our people have the skills and training required to migrate, containerize and modernize our applications to reside in a public cloud. As we move into 2021, this migration to the cloud and the security challenges it brings will be our top focus and priority.”
Since Wheeler ensured she would have a good reporting relationship and strong communication with her CIO, security was at the table when conversations began about moving to the cloud. Security was armed with confidence to express concerns and ensure the role of security was recognized as a support to the business and business objectives. Wheeler says, “You cannot be a partner to your business if your answer is always ‘no’. You have to find a way to get to ‘yes’ without compromising your organization’s security.”
Wheeler says security moving or migrating to the cloud is something many security practitioners may not be prepared for because the language of the cloud is different. She recommends building a basic understanding of what the cloud is, what the services are, and how to implement the same level of controls from the on-prem environment into the cloud-based environment. She believes it is important to understand what aspects of those controls you have control over versus what is being provided and managed by the cloud provider.
By leveraging partnerships and relationships with strategic partners, Wheeler’s team benefits from strategic help in cloud planning and migration. She also encourages her team to go out and learn from resources that meet their specific learning styles. She explains, “I’ve really encouraged my team to look at what’s available online. There are so many fantastic resources available online. We’ve done a lot of online training, a lot of self-paced training with tools that are available to us from within Delta, as well as with tools and educational opportunities available outside of Delta. There is some aspect of being a professional in IT of continuing to learn and having that continuous education mindset. It’s critical to your role and your value as an IT professional, whether you love the company you’re in today or whether you plan on moving to a different company or changing roles, to have a mindset of continuous learning in order to stay current with everything happening in the IT space.”
Wheeler takes five to ten minutes every day to think about what her team may be going through, given the complex challenges posed by 2020. She comments, “Having a positive attitude day over day is a skill in and of itself that is little valued, but highly necessary when everything around you and your team appears negative and challenging. Our day in and day out job content is little changed from what we were doing before; we’re just doing it now with the added distractions of being at home, working reduced work weeks, and therefore at less pay than we were before. And we don’t have the advantage of “watercooler” time with peers and coworkers. So leading through this year has made me realize the value and importance of being positive for the sake of others.”
She works hard to understand challenges faced by her team members and focuses on remaining positive to lift them up. She finds inspirational sayings and other people who have unique ways of looking at negative situations and turning them into something positive to be inspired by the good things that are happening.
CLEARING THE VENDOR CLUTTER
A source of frustration for Wheeler, along with the vast majority of CISOs, is finding the signal through the noise when it comes to security vendors. To do so, she leverages her peer network and understands what has worked well for them. She never rushes to the latest and greatest products that just hit the market, but instead sees what works and what has acquired a following. With an influx of venture capital funding flooding the market, Wheeler believes in seeing who the viable products are that amass significant customer bases without getting acquired.
Wheeler’s team is comprised of exceptional subject matter experts who she relies on to stay close to the market for their respective subject areas and to bring forward anything they feel is a product or tool they should seriously consider.
Wheeler is not big on point solutions; she instead focuses on platform-level solutions. She explains, “If a vendor requests time to review a point solution, my answer is always going to be ‘no’. I’ve got to focus on solutions or platforms that can solve multiple problems if I’m going to make a multi-million dollar investment.”
LOOKING TO THE FUTURE
When looking into 2021 and beyond, Wheeler comments, “I think strong identity, access and authentication management solutions will always be a top industry trend; reliability strategies and solutions in the face of so many ransomware attacks is trending high right now and of course cloud and cloud security offerings. So many companies made decisions to move their IT assets to cloud in 2020 and as a result, vendor offerings and solutions that are both cloud-based and can address multi-cloud environments have surged in popularity.”