Training the next generation of cyber leaders starts with creating an opportunity-led environment where embracing mentoring, support and empathy are part of the industry landscape, said Michael Baker, vice president and IT chief information security officer for DXC Technology.
Baker has been in his role at DXC for 18 months managing the internal cyber program of significant global scale and complexity. And he’s tackling challenges ranging from the day-to-day priorities of leading cybersecurity across 130,000 company users to broader industry considerations such as strengthening the talent pipeline, encouraging collaboration and staying ahead of emerging risks.
Baker also heads WashingtonExec’s CISO Council, drawing on over 22 years of experience in various cyber leadership roles. His expertise includes program development, transformation, nurturing talent, industry collaboration and a strong focus on managing cyber risks in business.
But developing the next generation of cyber leaders is one of Baker’s passions. And to be successful, today’s leaders need to prioritize industry mentorship and create an environment where stretch opportunities are provided for individuals to grow into with proper support, he said.
“The talent crisis is not going to solve itself,” he said. “We have to lean in and train the next generation — and just flat out give people a chance. My challenge to everyone is to give passionate candidates a chance to grow into a role rather than always seeking the perfect candidate. This fosters a great culture, creates natural succession planning, and fills vital roles much faster.”
Getting Started
If there’s one piece of advice Baker would give his younger self, it’s this: be patient.
“I think people come out hot and heavy thinking they’re going to conquer the world tomorrow,” he said. “But my career path was a long journey of being adaptable to change, embracing discomfort, and having a mentality of constantly learning and growing.”
Becoming skilled in any area — whether technical skills or leadership abilities — is a process closer to a marathon than a sprint, he said.
“Learning leadership from the ground up just takes a lot of time,” he said. “You have to trust the process and seek out people who will mentor you and show you the way.”
Like many in the industry, he discovered his passion for technology at a young age, tinkering with an early bulletin board system powered by a modem in high school. As the internet came of age in the ’90s, Baker joined the young avantgarde of early adopters.
Early in his career, Baker landed a job with a Big Four accounting and consulting firm doing cyber penetration testing and ethical hacking. Over the next 14 years, he worked in various client service roles across different industries. This experience enhanced his business knowledge, improved his technical skills and honed the leadership abilities that contributed to his current success.
Before DXC, Baker made the jump to serve as CISO for a prominent government contractor. Today, he still prioritizes a mentality of constantly learning. And that always means seeking new challenges to learn and grow.
Cyber Considerations
“A few years back, a CISO could have been viewed as more of a technical role, a back-office role,” Baker said. “But now, it’s increasingly in the boardrooms. Being able to communicate and tell stories is essential for any successful CISO.”
As technology and business interconnectivity grow yearly, cyber threats also increase in volume and variety. This includes more state-sponsored activities, criminal ransomware and extortion, supply chain risks, widespread software vulnerabilities and rising insider threats., Baker said.
Because of the changing threat landscape, it’s increasingly important to make sure “the little things are done right” and that foundational security practices like multifactor authentication and endpoint detection and response are done across the enterprise; doubling down on processes that demand precision in execution, he said.
“A big focus area from a strategic perspective is aligning our capabilities and technology evolution across a comprehensive zero-trust strategy,” he said of the work he is doing at DXC. “That’s really about maximizing the value of the tools that we have in place to ensure we continuously authorize the people and machines that touch our networks, applications and data.”
Another looming threat for CISOs is ensuring software security throughout the supply chain, especially when using cloud providers or software from companies with varying security standards.
“We have to be very cognizant of supply chain security and the software and services that we consume,” Baker said. “I think across the industry we have a tendency to focus on new technology, but we always have to be focusing just as much on upskilling the workforce and improving the processes that allow us to maximize the value of that technology.
Staying Healthy
Baker, a father of two preteens, likes to spend his free time running or taking long walks. He also values having in-person interactions for both mental health and networking, and for collaborating with industry partners.
In any job — but particularly one with constant demands — there’s one thing Baker considers essential to physical and mental health, even more vital than regular exercise or healthy eating.
“I think the biggest thing is the boundaries that you put in place,” he said. “We have an amazing privilege to work at DXC in a virtual-first environment. I think a lot of people can get stuck in a little bit of a trap. It’s very hard to separate yourself from your work. I think the most important thing, no matter what you do — whether it’s gardening or running or playing with your kids — is to set those physical and emotional boundaries with work, prioritize your day-to-day activities as much as you can, and take time off to rest and recharge.”
DXC Going Forward
Baker said his team is working across a comprehensive zero-trust strategy to overlay DXC’s existing programs and add enhanced capabilities over time.
“The key here is how we can maximize the value out of our existing technology capabilities and ensure alignment across people and process,” he said. “I would say of equal importance is that we’re continuing to evolve our cyber risk-aware culture across DXC where every employee is #AllInOnCyber, and doubling down on risk management and data protection practices.
“One of the things our IT group is really focused on is living an agile mindset,” Baker continued. “Whether that be a new tool or an improved user experience we align across a service model and an agile mindset to deliver business value to DXC with increasing velocity.”
But his biggest goal is to grow the competency, confidence and capability of his team as part of a broader effort to maximize each employee’s career experience and trajectory.
“We want to deliver value to the business to grow quicker and more efficiently with the resources we have,” he said. “But we truly want to be an example to our customers and colleagues in terms of the value that we provide to our 130,000 users. We want to be best in class, not only to protect our critical data but to demonstrate the art of the possible for what a cyber team can accomplish at such a large global organization.”