The finalists for WashingtonExec’s Chief Officer Awards were announced March 25, and we’ll be highlighting some of them until the event takes place live, in-person May 11 at the The Ritz-Carlton in McLean, Virginia.
Next is Chief Information Security Officer (Private & Public) finalist Gilberto “Gil” Vega, CISO at Veeam Software. Here, he talks key recent achievements, primary focus areas going forward, shaping the next-generation industry leaders and more.
What key achievements did you have in 2021/2022?
Having a strong data protection team is critical to keeping both our company and clients’ data secure. Over the past year, we have placed a focus on growing our team with award-winning industry professionals. From adjunct professors to licensed attorneys and certified instructional designers, these individuals’ talents go beyond just being security experts.
The diversity of this team has helped us to best serve the unique needs of our over 400,000 customers across the globe while focusing on the internal cybersecurity mission at Veeam.
In 2021, I led the transformation of Veeam’s vulnerability management program for the company’s software products. These efforts included input and engagement from multiple Veeam customers. Through implementing multiple efficiencies, threat modeling and risk management principles, Veeam has been able to reduce the mean time to remediation for software flaws by nearly 30%.
What are you most proud of having been a part of in your current organization?
I’m most proud of the culture that has taken root at Veeam during my tenure. Veeam’s culture is “security-first,” with an extreme focus on not only internal cybersecurity, but also developing the world’s most secure backup solutions and making sure that we protect our customers’ data. Part of this culture is recognizing the need for cybersecurity education during a critical time for data protection.
I was honored to have spearheaded a user training program and educational campaign at Veeam focused on informing our employees about key security behaviors to address human cyber risks both inside and outside the workplace. We can tell people what threats to keep an eye out for, but without continued, updated education, these threats will evolve and outpace general knowledge, so it’s important that companies see cyber education as an ongoing initiative.
From junior staff to C-suite, we all must play a part to keep our company and customers’ data secure. Our customers have recognized our efforts to better prepare them for the challenges of today’s dynamic and dangerous cyber threat environment.
What has made you successful in your current role?
With over two decades of experience leading cybersecurity programs across multiple industries, including public sector, financial services and software, I’ve worked with a wide range of individuals who have taught me lessons that prepared me for success, whether I knew it at the time or not. These experiences taught me the value of servant leadership and best practices for prioritizing an organization’s mission, both crucial skills in my role as CISO.
During my time at DHS — just after the agency’s creation in 2003 — I was lucky to have a CIO as a mentor to not only teach me the aspects of successful executive leadership, but also challenge me to continue to grow early in my career. It was this experience that had a major impact on my success not just as a security expert, but also as a leader.
My early mentors taught me that leading successful cybersecurity programs requires the development and strengthening of personal and professional relationships. Cyber is a team sport and requires the deep understanding of business processes. To get to the root of those processes and protect them, you must thoroughly understand them.
What are your primary focus areas going forward, and why are those so important to the future of the nation?
As cyber events continue to occur at a historically high rate, my priority remains keeping our customers’ data protected, especially regarding infrastructure and supply chains. This isn’t just my priority though — it is shared across the public sector.
As seen with the inclusion of the Cyber Reporting for Critical Infrastructure Act in the recent omnibus appropriations bill, there is a strong focus from the federal government on protecting our infrastructure during what has proven to be a critical time for our nation’s security.
Serving in the U.S. Army in Desert Shield/Desert Storm and Operation Just Cause, and as a civilian SES alum, I know firsthand the importance of keeping my country protected. To fully support our national security missions, we must continue to deliver our federal customers and their partners with resilient and secure data protection solutions. Working at Veeam has allowed me to be an integral part of these efforts.
Looking forward, rapidly occurring cyberattacks will continue to pose a major threat to the security of our nation. For my part, I will strive to ensure that we are ready to support our customers when bad actors attack.
How do you help shape the next generation of government leaders/industry leaders?
Throughout my career, I have challenged myself to take on opportunities considered to be above my abilities, which has fostered my growth as a leader, even if those challenges led to failure. Making mistakes is part of human nature, and I let the lessons I learned failing guide me to understand what success felt and looked like. Encouraging emerging talent to take risks and potentially fail helps to develop a new generation of government leaders that are resilient and clever.
I maintain formal and informal mentor/mentee relationships with current and former colleagues, peers and superiors. I find that it’s not only incredibly rewarding to remain engaged, but it’s necessary to remain abreast with all the changes in our industry.