Blog

Stepping into Leadership: Q&A with Target CISO Rich Agostino

In anticipation of the R-CISC’s Retail Cyber Intelligence Summit, our team had the opportunity to ask a few questions to Target’s new CISO, Rich Agostino. We wanted to learn more about his approach to strategic leadership, how he is addressing the threat landscape and advice he has for up-and-coming leaders in the industry. Read his thoughts below!

To learn more about stepping into leadership, join Rich and other retail CISOs at the second annual Retail Cyber Intelligence Summit, taking place October 3-4th at the Hyatt Regency in Chicago. Rich is the opening keynote for day two of the conference. He’ll share a presentation on Stepping into Leadership: Staying Ahead of Today’s Threats and the Evolving CISO Role. You can find the agenda and the link to register at summit.r-cisc.org.

Here are Rich’s answers to some important questions:

Q: What is unique about security and your role at Target?
A: I have experience working across multiple industries, but what was unique to me when joining Target was the power of the Target brand. Target continually invests in the innovative technology and best-in-class team to create the most secure shopping experience for our guests in stores and online. In retail, we are so close to the guest and are responsible for protecting so many consumers and given the volume we have coming in our stores—it’s a responsibility that we take incredibly seriously.

Q: What should threat analysts trying to advance their career know?
A: The rapid pace of technology innovation and changing threat landscape means you’re never done, there’s always something to learn and somebody on the other end who is trying to outsmart you.

It’s critical for security professionals to understand their business. Threat analysts can’t just rely on collecting intelligence; they need to know how it applies to their company and make it actionable to drive more secure outcomes. Most of the time, security teams need to influence action and that can only happen if you know how to make your updates relevant to the business leaders.

Q: Why is proactive cybersecurity more important than ever?
A: Proactive cybersecurity is essential for any organization that’s serious about security. Companies need to continuously test their detection and response capabilities and their program effectiveness. It’s core to our program at Target, has helped us test our technical capabilities and prioritize projects and provides us the opportunity to test our company’s enterprise response.

###

About Rich Agostino, CISO, Target

Richard Agostino is the senior vice president and chief information security officer at Target Corporation. He has extensive experience in information technology, risk and compliance and driving enterprise security initiatives across large global organizations. In his current role, Agostino is responsible for Target’s Information Security organization, helping to enable Target’s enterprise strategy by protecting the company from security threats, and ensuring a secure shopping experience for our guests in stores and online.

Agostino joined Target in September 2014 as vice president of information security where he played a major role in the advancement of Target’s information risk and security strategy. Prior to Target, he was with General Electric for 12 years where he held various executive roles in information security, technology risk and audit.

Agostino is a member of the PCI Security Standards Council Board of Advisors, where he works alongside his peers to enhance payment security standards. He earned his bachelor’s degree in management information systems from the University of Connecticut and is a Certified Information Systems Auditor.

 

 

Read More
Worth the Investment

I’m a bit behind in my reading, so just finished the PYMNTS.com article, “Don’t Bite the Phish Hook,” from August 23 which references RiskIQ’s 2017 State of Enterprise Digital Defense Report. The article suggests that companies “Invest in three things: people, process and tech.” I would add one other – an Information Sharing & Analysis Center (ISAC).

For retail and consumer-facing industries, such as hospitality, gaming organizations, restaurants and, increasingly, consumer product companies, the Retail Cyber Intelligence Sharing Center (R-CISC), which houses the Retail ISAC, provides the opportunity to have hundreds of other eyes and systems assisting you through dynamic sharing of indicators, threat actors and vulnerabilities. They’re also assisting you with best practices in remedies and solutions.

Through the R-CISC, information security executives from large companies with sophisticated programs down to those from smaller to mid-size companies with more limited resources work together to make true the saying “a rising tide raises all boats” – defeat the common threat of cyber attacks. In my conversations with companies big and small, I hear time and again how valuable the information shared within the R-CISC is to their operations. Some have quantified it to demonstrate a positive return on investment for their membership dues. All realize that we’re stronger together.

If you haven’t looked into joining the R-CISC, I encourage you to drop me a line at suzie.squier@r-cisc.org. For pennies on the dollar, the R-CISC can extend your reach and network to fight cybercrime, and be a complement to your information security team without adding to your headcount.

Read More
Overcoming Legal Barriers to Information Sharing

The R-CISC team is working hard to strengthen support for our members to share openly and actively within our trusted community. We’ve teamed up with Hunton & Williams to gather insights for overcoming legal barriers to information sharing.

We understand that companies are challenged to provide better visibility, understanding, and gain support to engage in peer-to-peer information sharing among internal business units, general counsel, or other stakeholders. Last week, the R-CISC invited Lisa Sotto, partner at Hunton & Williams, to join a member-exclusive webinar and share her thoughts on how companies can approach and overcome legal barriers to information sharing.

Click the button above to review key learnings we’ve compiled into a guidance document. We hope you find the information to be useful to your own internal conversations. This document outlines helpful facts regarding the Cyber Information Sharing Act (CISA) including key benefits, legal protections, considerations and limitations.

Interested in learning more? Adam Solomon, associate at Hunton & Williams will provide a deeper dive into Overcoming Legal Barriers to Information Sharing during a session at our annual Retail Cyber Intelligence Summit October 3-4 in Chicago. Learn more about this and other exciting sessions at http://summit.r-cisc.org. For a limited time, attendees are invited to enjoy complimentary registration by using promo code SUMMER when registering.

Email membership@r-cisc.org to subscribe to receive weekly retail community intelligence, updates on upcoming events and webinars. Ready to become a member? Contact Corey Nihlean, Account Development Manager at corey.nihlean@r-cisc.org.

Read More
Retail Cyber Intelligence Summit: Featured Speaker Says Hello!

You are not going to find more retailers, hospitality/gaming, CPGs and other consumer-facing companies on any other cybersecurity program then at the Retail Cyber Intelligence Summit.

In anticipation of the event, one very special keynote speaker wants to introduce himself to the R-CISC community and those attending the Summit…

Click the link below to meet Don Yaeger, keynote speaker and New York Times Best Selling Author!

 

Details for Don Yeager’s exceptional thought leadership in both a keynote session and an interactive CISO workshop below:

    The Great Teams Understand “The Why”

    The Great Teams Understand “The Why”. They are connected to a Greater purpose.  Learn how to constantly remind your players and employees of who they are in service of while being acutely aware of downstream beneficiaries. The more a company creates “mission moments” for employees and team members to understand that Greater purpose, the better off the team will be when it comes to enduring any challenges along the way to achieving its goal. In this captivating session, Don Yaeger shares his findings from interviews with Olympic Gold Medal winners like USA Basketball Head Coach Mike Krzyzewski (Coach K), 2014 NBA Most Valuable Player Kevin Durant, and USA Basketball CEO Jerry Colangelo, as well as 4-Time Super Bowl champion quarterback Tom Brady, brilliant thought-leader Simon Synek and longtime Medtronic CEO Bill George.

    Strategic Leader Forum: Patriots vs. Mercenaries

    In a fast paced and forever changing retail cybersecurity environment, how can strategic leaders build a team of patriots? How do they coach their workforce to focus on the teams’ collective purpose, and why does it matter? The concept of patriots vs. mercenaries embodies an approach to psychological leadership that urges its members to champion the idea that their work is important, and that every day these patriots are excited to be a participant on the team. Don Yaeger facilitates an important and concentrated discussion around leadership and building a cybersecurity team of individuals who support, defend, and devote themselves to their profession.

There is still time to register for this exceptional two-day program, taking place October 3-4 at the Hyatt Regency in Chicago. R-CISC members received 3 free registrations. For non-members, the rate is a low $495.

 

See you there!

Alex Brown
Community Manager

Read More
Letter from Suzie: You Think the Total Eclipse Will Be Cool?

If you think the total eclipse will be cool, wait until you see the 2017 Retail Cyber Intelligence Summit: Securing Retail 002! And you don’t need special glasses!

In addition to the great line up of speakers, like “The Importance of Women in Cybersecurity” panel on Day 1 and Target’s Rich Agostino kicking off Day 2, we’ll have workshops for three separate groups:

  • CISO Benchmark Working Group
  • Fraud Working Group
  • Intel Task Force (which is meeting on Monday, October 2)

The program is really coming together with pertinent, timely sessions for all levels of information security team members. NEW THIS YEAR: an interactive mobile app that will allow you to ask questions for the presenter and other participants can crowdsource which questions they want answered first! Plus, interactive polling to gauge the your views and thoughts.

On the evening of Tuesday, October 3, we’ll also host the Members Gala where we’ll celebrate how far the R-CISC has come and announce the winners of our Peer Choice Awards! Get excited!

I’m looking forward to reconnecting with many of you and getting to know a lot more. Register today and book your hotel rooms before the September 8th room rate deadline.

See you there and enjoy today’s total eclipse.

 

Suzie Squier
Executive Director

PS. Check out our own Senior Analyst Neal Dennis on “Using Cyber Threat Intelligence Wisely” on Dark Reading this Wednesday, 8/23 at 1:00 PM EDT.

Read More