View the Magazine PDF Here
BUSINESS AND SECURITY TRANSFORMATIONS
Bloomberg BNA, a wholly owned subsidiary of Bloomberg, is a 75 year old print company that has transformed to an online, technology driven service. The company needed their security practice to evolve as well. That is why Michael Newborn was brought on board as the company’s first CISO.
Newborn joined the company in December of 2013 after ensuring that Bloomberg BNA was committed to security at the executive leadership level. Prior to Newborn’s arrival, Bloomberg made a strategic commitment to security, opening the CISO position and moving the security function out of the IT department to report directly to the COO. The CEO also showed an interest, passion, and understanding of security, which Newborn believes is key to establishing a successful and confident security organization. “I was brought in to re-establish and create a more holistic security program here, because the CEO understood security needs to be a priority.”
A NEW APPROACH SURPRISES PEERS AND REAPS IMMEDIATE BENEFITS FOR THE COMPANY
“In my first days on the job I didn’t even look at the technology. I focused on meeting the different business leads. I asked them, ‘What are you trying to accomplish? What do you need from security, and what does security mean to you?” He said he received many responses about limiting exposure and negative publicity. However, the more Newborn spoke to the business leaders, the more he understood about the business itself. He learned that availability and reliability were key concerns and that customer data was critical to business success. Once he understood how the business leaders defined success, he could identify ways for security to enable the business.
“I reported back on my main goals, one of which was to advance the business. The initial reaction from some was, ‘we don’t need you to focus there. Just make us secure.’ But I was able to show how security could actually impact business goals, which helped set the foundation for how I would work with the other business leaders.”
Transforming a company’s security program comes with challenges, and Newborn admits he has asked for a lot from some departments, especially IT. “I am asking IT for the most transformative change, so of course this new security approach is toughest on that organization. But, I treat them just like any other department in the company. I try to understand their key objectives and pain points and focus on security changes that will also help them meet their goals.” While
Newborn believes it is important for the security organization to function outside of IT, he does not diminish how much security relies on the IT department as a business partner. Newborn says, “Fifteen years ago we would have put the firewall in the security department, but now security is so much more than that. The firewall is a network program, so it needs to be managed from IT. IT needs to handle the networking issues so security teams can focus on business problems.”
PARTNERING TO BENEFIT THE BUSINESS: A POSITIVE IMPACT ON PRODUCTS AND CUSTOMER SERIVICE
As Newborn studied the company and its service offerings to ensure security aligned with business objectives, he realized he could make an immediate impact by directly assisting Bloomberg BNA’s business lines. One example was when he helped with the fine-tuning of its Privacy & Security service product to legal and business customers. He helped them build out the guidance and culled expert sources from his network of peers. Another immediate impact was standardizing responses to customer requests for vendor assessments. This saved a large amount of time, effort, and work for the other departments. As a result, Newborn now has the goodwill and support he needs from other departments to continue his progress.
Newborn knows that to be successful he needs to have regular communication with the CEO and senior leadership. “Right now, we have a workable process, however I am continuously refining it to improve both clarity and relevancy. I am still very focused on building the team up. I can get a reaction [from senior leadership] with a laundry list of risks we need to address. I have their support and I have a process to communicate our risk posture on a monthly basis, but we need to be more engaged in two-way communication about the strategic direction of the company and security.”
TRANSPARENCY HELPS PROVE VALUE
“Security has had a history of secrecy, where some have been hesitant to share program details and objectives with the business, but I believe we need to be transparent. Showcasing our wins builds up my team and highlights how security can positively impact the business. Likewise, we have to admit our failures and outline our plan for addressing those issues. There was no CISO role before me at Bloomberg BNA, so I need to be as open and trustworthy as possible, to help establish credibility and highlight the true value of the program.”
Subscribe
Stay up to date with cyber security trends and more