“Cyber security shouldn’t be considered a competitive advantage, but a collaborative effort,” writes Rich Agostino, CISO, Target—and speaker at the 2018 Retail Cyber Intelligence Summit. As part of our series from speakers and sponsors of this year’s Summit, we recently asked members of the Information Security Team from Target to respond to a few questions about retail cybersecurity.
R-CISC: What is the most exciting (or frightening) development you’ve seen lately in your field?
Jodie Kautt (Sr. Director, Information Security): I am really energized by the amount of innovation that is occurring in our industry, and not at security vendors, but at retailers, financial institutions, etc. In particular, it’s been exciting to see the creativity our teams are bringing to integrating the sec into secdevops. Truly integrating security into devops is our most effective path forward and this transformation has pushed many of us to think of security differently, driving the innovation.
R-CISC: If you were given an extra hour every day, what would you do with it?
Kautt: I would love more time for creative thinking. I am a thinker and too often I don’t get this daily reflection time.
R-CISC: Do you think there is a need to create a big change in retail cyber security? If so, how would you do it?
Kautt: We need more information sharing across our industry. We all have a shared mission and I would love to see us come together more to learn from one another. It sounds simple, but for some reason we still aren’t there. This is going to come with all of us just picking up the phone more and connecting when we see something that others could benefit from knowing. We have made progress, but we need to do more.
R-CISC: Did you experience a personal, “game on” moment in cyber security?
Brenda Bjerke (Sr. Director, Information Risk Management): Every day is “game on” in the cyber security industry. From high level strategy down to the smallest detail of a particular security setting, having the right expertise and vigilance is critical to protecting companies from ever-changing threats. In my job, I focus on quickly assessing risk and the potential impact of issues so that my team can prioritize and focus on the most critical work.
R-CISC: Do you have a top tip for making a positive impact in retail cyber security?
Bjerke: I think that making a positive impact can be achieved by embracing diversity and inclusion. By doing this, we can better understand our guests and community and build a stronger team. Creating an inclusive culture not only attracts good talent and builds a team that represents the guests that we serve, but it also helps to retain top talent. Sometimes it’s hard to understand where to start, it’s as simple as showing up and actively participating in Diversity and Inclusion events which demonstrates your willingness to learn and support. Also, by incorporating an invitation for team members to share during interactions can be a great starting point by asking, “Is there anything else on your mind that you would like to discuss?”
R-CISC: What is the key point you want attendees to learn as a result of attending your session/why is it important to them?
Rich Agostino (CISO): Often times, cyber security professionals think the most important thing we can do to reduce the impact of a security incident is through our technical response. However, I hope attendees leave the session thinking about how to plan and practice the critical skills for leading an organization through a security crisis.
R-CISC: What skills or characteristics do you think are most important for your job or the retail cyber security sector?
Agostino: Prioritization is key in a world where new threats are coming at us every day, so CISOs need to quickly assess situations and take decisive actions. The ability to influence our organization and industry is critical as well, because in security our success relies most heavily on our peers, leadership team, end users and the community.
R-CISC: Why is the R-CISC Summit important to the retail community?
Agostino: All companies, including retailers, need to constantly adapt to stay ahead of today’s cyber threats. Cyber security shouldn’t be considered a competitive advantage, but a collaborative effort. Each company’s willingness to actively share information is crucial; the more we share, the better we become at defending our companies and strengthening the capabilities of the retail industry. The retail community is well positioned to meet the challenges ahead and I am proud of the progress we have made.