Eddie Galang is a seasoned technology executive with over 28 years of experience working across many industries and roles. He is a retired United States Army combat veteran serving in different specialties such as Special Operations, Infantry, and Armor both as an officer and enlisted ranks. He is now a three-time CISO with a core focus on aligning with the business to mature cybersecurity and deliver strong results. He believes in always adapting to any environment and driving transformation across an enterprise by leveraging both tactical and strategic objectives while focusing on core cybersecurity tenants. Prior to joining the Port of Long Beach, Eddie held similar positions at loanDepot, Fremont Investment and Loan, H&R Block Bank/Option One Mortgage and has worked for organizations such as PwC, PacifiCare Health Systems, and the County of Los Angeles.
Currently the CISO of the Port of Long Beach, this is Eddie’s first time working at a public agency. The Port of Long Beach is the premier U.S. gateway for trans-Pacific trade and a trailblazer in innovative goods movement, safety, environmental stewardship and sustainability in Long Beach, California, generating around $200 billion per year in trade, and impacting more than 2.6 million jobs across the nation, more than 600,000 in Southern California area. Eddie explains, “The Port of Long Beach is a little different from the typical public agencies because we are not publicly funded by taxpayers and generate our own revenue. We’re more of a hybrid model, but adhere to agency rules and regulations.” The Port is governed by the City of Long Beach. The City Charter created the Long Beach Harbor Department to promote and develop the Port. Under the charter, the five-member Board of Harbor Commissioners is responsible for setting policy and oversight of the Port.
As the Port of Long Beach’s first CISO, Eddie’s responsibilities include full autonomy across all parts of cybersecurity, comprising two main areas – the Technical Operations and Governance, Risk and Compliance functional areas. His goal is to provide personal and enterprise data protection, assets, infrastructure, IT security, risk and compliance management to the organization, something his team continues to mature and strengthen.
He leverages past knowledge and experience combined with the current threats faced by the Port, to ensure comprehensive safeguards are put in place.
Eddie and his team work diligently to address all security concerns in a proactive manner. They must also stay educated and a step ahead of any new threats. He comments, “I wish I would have joined the Port sooner because this is a really great place to work. The people who work here are very talented. I have some fantastic engineers. They are technically and tactically proficient engineers with an unlimited ceiling, and their hard work and dedication have not been overlooked by their peers in the industry. They continue to demonstrate the skills and acumen befitting their roles.”
CHALLENGES AS A CRITICAL INFRASTRUCTURE ORGANIZATION
Because the Port of Long Beach is a key critical infrastructure organization, they are a constant target, and Eddie is steadfast on keeping them protected from the growing threat landscape. One of their biggest challenges is threats that could significantly impact the supply chain. He explains, “It’s a four-tiered process for supply chain. Our job in the Port is to safely get ships in and out with speed and efficiency. But we are also known as a ‘green port’, so we incentivize our carriers to come in at a certain speed to eliminate or reduce the carbon footprint. Even when they’re docked and off-loading goods, we incentivize them to stick to a schedule. Another tier of that process is once goods are off the ships, they are transported to either rail or trucks. Then, those goods are sent to distribution sites. However, there are other factors can come into play like truck drivers work stoppage or distribution sites at capacity. It’s a complex process that we are part of.”
Eddie continues, “We’re a constant target to be taken down whether it’s supply chain causing a worldwide domino effect. If our business process stops, it’s a humongous impact not only locally but also globally.”
To be an effective communicator, Eddie focuses on knowing his audience. By understanding the challenges and goals of your audience, Eddie believes you can meet them where they are and speak their language. He explains, “As long as I understand who my audience is, I know how they’ll receive or consume the information I’m giving them. I don’t do the sky is falling kind of thing. I give them the information that they need to be able to make prudent, well-informed decisions, both tactically and strategically.” Eddie continues, “A CISO’s role is to influence change, and to ensure behaviors are changed across an organization. It begins with respect and gaining essential authority, otherwise trying to make any changes will fall flat. It’s important for all executives in an organization to understand what the CISO does and what the risks and challenges are.”
To maintain strong security knowledge across the organization, Eddie engages team members in regular security awareness and training exercises. These are mandatory, to encourage employees to learn more about cyber and bolster their overall awareness in regards to threat actors. He comments, “There’s quarterly campaigns, testing, and education to see how we’re doing. We always raise the bar each time. We track this year-round for each quarter and then we see what the trends are. When we receive certain incidents that happen here at the Port, we try to customize the training or campaigns. We’re progressive in seeing what the current threats are, maintaining our foundational level, and always having ongoing trends incorporated in our training, campaigns, and eventually our awareness.”
GROWING AND LEARNING
To continue to grow and learn, Eddie sits on many advisory boards where he leverages his experience and gains valuable networking. He comments, “I do a lot of public speaking, whether it’s in conferences like RSA or different consortiums. I recently had a speaking engagement with the White House’s Director of Cyber Security. I also believe in mentorship. Coming from my military background, I like to be able to mentor to get the word out that way. I’ve built my portfolio based on good things that I’ve seen other leaders do and incorporate them into my own playbook/toolkit with continuous improvements being made.”