EP 7: Lee Vorthman: How Security Leaders Influence Company Culture
In episode 7 of the "In Security" podcast, Lee Vorthman, Chief Security Officer (CSO) at Oracle, joins our host, Mike Cataffo, to delve into the fascinating world of leadership in security. Lee emphasizes the importance of staying curious about technology, understanding business operations, and practicing candid leadership. The conversation also explores the challenges of managing the human element in cybersecurity and the role of established frameworks for aspiring security leaders. Lee introduces the "switcheroo" technique as a unique approach to leadership.
Watch the episode here:
Key Takeaways:
- Generalist Approach: CISOs must understand various facets of technology, reinforcing their role as generalists.
- Understanding Business and Building Relationships: It’s important for security leaders to understand business risk tolerance and foster cross-departmental relationships.
- Influencing and Affecting Change: Building relationships and carefully communicating risk can help security leaders influence people toward more robust security measures.
About the Guest:
Lee Vorthman is the Chief Security Officer (CSO) at Oracle, a leading technology company known for its comprehensive suite of software and hardware products and services. His responsibilities include overseeing the security strategy and operations and ensuring the safety of client and partner data, assets, and reputation across the advertising ecosystem.
How Security Leaders Influence Company Culture?
In a captivating discussion, Lee Vorthman, the Chief Information Security Officer at Oracle Advertising, illuminated the nuances of influencing company culture as a security leader.
In this episode, Lee emphasized the role of curiosity about technology, particularly its disruptive potential. This mindset often paves the way for a successful Chief Security Officer (CSO).
He also drew attention to his blog, 370 Security, where he led conversations and shared his experiences to contribute to the broader cybersecurity discourse. Lee advised beginning with established frameworks for those aspiring to become security leaders. He highlighted the wealth of information available, suggesting that these frameworks (NIST, CIS, Cloud Security Alliance, ISO) provide a robust foundation for strategy development.
One of the key areas discussed was the people component of a security leader's role. Lee explained that while deploying technology was relatively straightforward, managing the human element and fostering change across organizations is the real challenge.
"The biggest challenge is convincing people that there's a problem,” Vorthman explained, “Once they're convinced, we spend most of our time discussing possible solutions and determining the most reasonable one."
Drawing from his military experience, Lee underscored the value of candor in leadership. He emphasized that being upfront and honest with your team while providing a clear path for improvement fosters trust and understanding.
Additionally, he discussed the CSO's role beyond managing internal teams. For example, it’s critical to understand the business and display empathy towards the rest of the company. This often involves translating technical issues into business terms to help other company leaders understand why specific issues are a problem and prioritize fixing them.
Building alliances and relationships with all top-level executives is important for success as a security leader. This network of relationships, even those that might seem irrelevant initially, can prove invaluable when addressing specific business risks or issues.
Lee's continually evolving approach to leadership includes techniques like the "switcheroo," which involves nudging people out of their comfort zones to stimulate new ideas. The conversation underscored the understanding that while managing technology may be straightforward, managing people isn’t — and security leaders must be able to do both.