The finalists for WashingtonExec’s Chief Officer Awards were announced April 15, and we’ll be highlighting some of them until the event takes place virtually May 27.
Next is Chief Information Security Officer Award finalist Matt Stern, who’s vice president of cybersecurity and CISO at Intelligent Waves, LLC. Here, he talks overcoming career struggles, career advice, proud career moments and more.
What are your primary focus areas going forward, and why are those so important to the future of the nation?
My primary focus as CISO for Intelligent Waves is opening up the dialogue to real answers about cybersecurity. Security issues are created using technology, but technology will not solve those issues. We need greater rights for self-defense in cyberspace to protect the future of the nation.
Which rules do you think you should break more as an industry leader?
Anything related to compliance. Cybersecurity is the only industry where you can be compliant, follow the rules and still get penalized for a security breach! It’s like arresting the victim of a robbery. “Sorry, ma’am, that your purse was stolen, but because you didn’t follow all possible security procedures, we are fining you for lack of compliance with best personal security practices.” Does that even make sense?
Compliance doesn’t equal security. Right now, compliance equals added complexity to a workforce that cannot secure their information and systems in the first place. There is no deterrence to the threat actors. There is no effective defense. And the more complex we make everything, the less secure it becomes.
Society has flooded technology into everything to the level that it is impossible to secure. And then, we have thrown security controls and compliance standards that you need a Ph.D. to understand whether or not what you have in place meets the requirements.
What was your biggest career struggle, and how did you overcome it?
Thinking I am the dumbest guy in the room. I became involved in IT as a senior captain in the U.S. Army. I was an airborne ranger-qualified officer who was working a staff job in the mid-’90s, and all of this new computer stuff was happening around me. I broke my ankle on an airborne (parachute) practice jump and decided I needed something to fall back on when my Army career ended.
Since that time, my career has led to interacting with people that are pioneers of internet security. To quote retired Maj. Richard Winters: “I served in the company of heroes.” Men who served in Vietnam, Desert One and the conflicts of my generation. I have also served in the company of geniuses — men and women who literally built the technology we take for granted every day.
I have been blessed throughout my career of working with people who frankly allowed me to look good as their boss. I recognized early on that my job wasn’t to be the smartest guy in the room. My job was to employ the best and brightest, keep the bureaucracy away from them and enable them to do their job. I have also been blessed by working for bosses who trusted me and gave me a lot of room to maneuver.
I have sat in rooms full of people with IQs more like Zip codes than area codes. And I learned that small teams of competent individuals, properly motivated, protected and empowered can do incredible things. Being the dumbest guy in the room has always been OK for me. But it led to being part of some of the best organizations in the IT and IT security world.
I have been fortunate to continue to be surrounded by people who make me feel stupid, but somehow allow me to lead them and empower them to do great things.
What’s your best career advice for those who want to follow in your footsteps?
The best career advice I can give is never to accept the status quo. To be an effective CISO, you must always question everything and take nothing for granted. Most importantly, never rely on any technology to solve a human behavior issue that creates cyber vulnerabilities.
What has made you successful in your current role?
As CISO for Intelligent Waves, I focus on connecting the dots between people, technology and business processes. In my experience, understanding the psychology of technology creates the best and most effective cybersecurity assurance. It’s not about technology alone; it’s about how and where we can identify the vulnerabilities and devise the most effective strategy.
What are you most proud of having been a part of in your current Organization?
In 2020, I supported the Department of Defense as it was struggling with business continuity when COVID-19 hit. We will enable secure BYOD access to allow thousands of DOD teleworkers to continue communicating through our innovative virtual mobility solution.
We’ve partnered with DISA and other DOD organizations and commands. We provide the DOD with a highly secure virtual smartphone solution that lets users perform business tasks on government-furnished or -approved mobile devices. Our solution leaves no data on the device, guaranteeing 100% separation of personal and corporate data.