The Secret CISO: Insights and Reflections from Cybersecurity Leaders

Cybersecurity Today

Published: Fri Apr 18 2025

In this episode of Cybersecurity Today titled 'The Secret CISO,' host Jim Love, along with guests Octavia Howell, Daniel Pinsky, and John Pinard, delves into the personal and professional experiences of Chief Information Security Officers...

Summary

Podcast Summary: "The Secret CISO: Insights and Reflections from Cybersecurity Leaders"

Podcast Information:

Title: Cybersecurity Today
Host: Jim Love
Description: Updates on the latest cybersecurity threats to businesses, data breach disclosures, and how you can secure your firm in an increasingly risky time.
Episode: The Secret CISO: Insights and Reflections from Cybersecurity Leaders
Release Date: April 18, 2025

Introduction

In this special episode titled "The Secret CISO: Insights and Reflections from Cybersecurity Leaders," host Jim Love delves into the personal experiences and professional insights of three seasoned Chief Information Security Officers (CISOs). Joined by Octavia Howell of Equifax Canada, Daniel Tinsky of CDW Canada, and John Pinard of Duka Financial Credit Union, the discussion transcends technical jargon, exploring the human aspects of cybersecurity leadership.

Personal Journeys to the CISO Role

Octavia Howell – Equifax Canada

Background: Octavia boasts nearly 19 years in the security industry, transitioning from network security engineering to overseeing data and cloud security.
Quote: “[...] I think I'm on the journey to get to where I need to be.” [04:15]

Daniel Tinsky – CDW Canada

Background: With over 22 years in information security, Daniel’s interest in cybersecurity was sparked unexpectedly during a summer job in an IT department.
Quote: “We’re just all people trying to do our best on a day to day basis.” [08:45]

John Pinard – Duka Financial Credit Union

Background: John brings over 40 years of IT experience, evolving from a programmer to VP of IT Operations Infrastructure and Cybersecurity.
Quote: “Cybersecurity is still part of my role along with a number of other things including AI and operations and infrastructure.” [08:48]

Expectations vs. Reality of the CISO Role

Octavia Howell:

Initially viewed executive roles as the "holy grail" but has since recognized the multifaceted nature of the CISO position.
Quote: “If you would have asked me that maybe 15 years ago... then I would say probably no.” [04:23]

Daniel Tinsky:

Saw the CISO role as the pinnacle of his career aspiration but acknowledges the discrepancy between expectations and reality.
Quote: “I think what I've come to learn over years is we're just all people.” [05:09]

John Pinard:

Reflects on the evolution of cybersecurity from non-existence to a critical component of his diverse role.
Quote: “The time you run into problems is when you think about it after the fact.” [10:29]

Perception of CISOs within Organizations

Jim Love raises a pertinent question:
“Do you think people perceive you as the 'police' of the organization?”

Daniel Tinsky:

Acknowledges the traditional view of CISOs as enforcers but emphasizes the need to position security as an enabler.
Quote: “Information security needs to be successful for the business to be successful.” [13:15]

Octavia Howell:

Strives to avoid the "saying no" stereotype by fostering understanding and collaboration.
Quote: “Instead of saying NO, we say KNOW.” [15:57]

John Pinard:

Highlights the educational role of CISOs, sharing real-world hacking stories to emphasize security importance.
Quote: “We need to make sure that your backups are working.” [28:06]

Challenges Faced by CISOs

1. Pressure and Stress:

John Pinard: Shares his experience with a ransomware attack, emphasizing the prolonged recovery process and the constant vigilance required.
- Quote: “Nobody has any idea just how painful it is until you actually get hit.” [10:39]
Daniel Tinsky: Discusses the cumulative stress from years in incident response and shift work.
- Quote: “There's pressure or stress in my day to day job but to me that was way worse.” [20:21]
Octavia Howell: Balances the constant on-call responsibilities and the need to anticipate and prevent unexpected breaches.
- Quote: “The thing that bothers me the most is when I'm surprised.” [22:58]

2. Resource Constraints:

Octavia Howell: Faces challenges in hiring experienced leaders amidst budget constraints.
- Quote: “We need people who can think strategically, not just task-oriented.” [33:03]
John Pinard: Struggles with staffing senior cybersecurity roles due to high demand and limited budget.
- Quote: “Finding senior people that know what you need them to know is a very difficult challenge.” [34:17]

3. Constant Evolution of Threats:

Octavia Howell: Describes the perpetual race to keep up with evolving cyber threats.
- Quote: “When you think you reach close to the finish line, the goalpost gets moved.” [25:12]
Daniel Tinsky: Embraces the continuous learning required to stay ahead.
- Quote: “We’re constantly trying to hit a moving target.” [28:08]

Leadership and Team Development

Daniel Tinsky:

Emphasizes the significance of leadership in fostering team growth and learning from failures.
Quote: “Everything rises and falls on leadership.” [28:12]

Octavia Howell:

Focuses on cultivating a team that is proactive and curious, ensuring members have clear career aspirations.
Quote: “Ensure that you have a wide breadth and truly build relationships with people.” [42:13]

John Pinard:

Advocates for investing in team education and sharing real-world cybersecurity incidents to enhance awareness.
Quote: “Educate people as to why we’re saying no or how they could go about doing things differently.” [17:21]

Advice for Aspiring Cybersecurity Professionals

John Pinard:

Stay Curious and Keep Learning.
- Quote: “Stay curious and always want to learn, especially in this industry.” [40:55]

Daniel Tinsky:

Embrace Failure as a Learning Tool and Find Mentors.
- Quote: “Don’t be afraid to fail part of learning. Find a leader to attach yourself to.” [41:19]

Octavia Howell:

Diversify Relationships and Stick to Your Career Plan.
- Quote: “Don’t only associate with security professionals... Have a plan and don’t pivot from it.” [42:58]

Conclusion

Jim Love successfully navigates through the personal and professional landscapes of CISOs, uncovering the often "secret" emotional and strategic challenges they face. The episode underscores the importance of continuous learning, strategic leadership, and the delicate balance between enforcing security and enabling business growth. Listeners gain invaluable perspectives on the human side of cybersecurity leadership, making this episode a must-listen for both aspiring professionals and seasoned veterans in the field.

Notable Quotes:

Jim Love: “The bad guys only have to be right once.” [29:40]
John Pinard: “Cybersecurity is still part of my role along with a number of other things including AI and operations and infrastructure.” [08:48]
Octavia Howell: “Instead of saying NO, we say KNOW.” [15:57]
Daniel Tinsky: “Everything rises and falls on leadership.” [28:12]

Engage with the Host: Jim Love encourages listeners to share their thoughts on the episode, suggesting topics for future discussions. Reach out via editorialechnewsday.ca, LinkedIn, or YouTube comments to continue the conversation.

This summary captures the essence of "The Secret CISO: Insights and Reflections from Cybersecurity Leaders" episode, highlighting the key discussions, insights, and personal reflections shared by the guest CISOs.

Summary

Podcast Summary: "The Secret CISO: Insights and Reflections from Cybersecurity Leaders"

Podcast Information:

Title: Cybersecurity Today
Host: Jim Love
Description: Updates on the latest cybersecurity threats to businesses, data breach disclosures, and how you can secure your firm in an increasingly risky time.
Episode: The Secret CISO: Insights and Reflections from Cybersecurity Leaders
Release Date: April 18, 2025

Introduction

Personal Journeys to the CISO Role

Octavia Howell – Equifax Canada

Background: Octavia boasts nearly 19 years in the security industry, transitioning from network security engineering to overseeing data and cloud security.
Quote: “[...] I think I'm on the journey to get to where I need to be.” [04:15]

Daniel Tinsky – CDW Canada

Background: With over 22 years in information security, Daniel’s interest in cybersecurity was sparked unexpectedly during a summer job in an IT department.
Quote: “We’re just all people trying to do our best on a day to day basis.” [08:45]

John Pinard – Duka Financial Credit Union

Background: John brings over 40 years of IT experience, evolving from a programmer to VP of IT Operations Infrastructure and Cybersecurity.
Quote: “Cybersecurity is still part of my role along with a number of other things including AI and operations and infrastructure.” [08:48]

Expectations vs. Reality of the CISO Role

Octavia Howell:

Initially viewed executive roles as the "holy grail" but has since recognized the multifaceted nature of the CISO position.
Quote: “If you would have asked me that maybe 15 years ago... then I would say probably no.” [04:23]

Daniel Tinsky:

Saw the CISO role as the pinnacle of his career aspiration but acknowledges the discrepancy between expectations and reality.
Quote: “I think what I've come to learn over years is we're just all people.” [05:09]

John Pinard:

Reflects on the evolution of cybersecurity from non-existence to a critical component of his diverse role.
Quote: “The time you run into problems is when you think about it after the fact.” [10:29]

Perception of CISOs within Organizations

Jim Love raises a pertinent question:
“Do you think people perceive you as the 'police' of the organization?”

Daniel Tinsky:

Acknowledges the traditional view of CISOs as enforcers but emphasizes the need to position security as an enabler.
Quote: “Information security needs to be successful for the business to be successful.” [13:15]

Octavia Howell:

Strives to avoid the "saying no" stereotype by fostering understanding and collaboration.
Quote: “Instead of saying NO, we say KNOW.” [15:57]

John Pinard:

Highlights the educational role of CISOs, sharing real-world hacking stories to emphasize security importance.
Quote: “We need to make sure that your backups are working.” [28:06]

Challenges Faced by CISOs

1. Pressure and Stress:

John Pinard: Shares his experience with a ransomware attack, emphasizing the prolonged recovery process and the constant vigilance required.
- Quote: “Nobody has any idea just how painful it is until you actually get hit.” [10:39]
Daniel Tinsky: Discusses the cumulative stress from years in incident response and shift work.
- Quote: “There's pressure or stress in my day to day job but to me that was way worse.” [20:21]
Octavia Howell: Balances the constant on-call responsibilities and the need to anticipate and prevent unexpected breaches.
- Quote: “The thing that bothers me the most is when I'm surprised.” [22:58]

2. Resource Constraints:

Octavia Howell: Faces challenges in hiring experienced leaders amidst budget constraints.
- Quote: “We need people who can think strategically, not just task-oriented.” [33:03]
John Pinard: Struggles with staffing senior cybersecurity roles due to high demand and limited budget.
- Quote: “Finding senior people that know what you need them to know is a very difficult challenge.” [34:17]

3. Constant Evolution of Threats:

Octavia Howell: Describes the perpetual race to keep up with evolving cyber threats.
- Quote: “When you think you reach close to the finish line, the goalpost gets moved.” [25:12]
Daniel Tinsky: Embraces the continuous learning required to stay ahead.
- Quote: “We’re constantly trying to hit a moving target.” [28:08]

Leadership and Team Development

Daniel Tinsky:

Emphasizes the significance of leadership in fostering team growth and learning from failures.
Quote: “Everything rises and falls on leadership.” [28:12]

Octavia Howell:

Focuses on cultivating a team that is proactive and curious, ensuring members have clear career aspirations.
Quote: “Ensure that you have a wide breadth and truly build relationships with people.” [42:13]

John Pinard:

Advocates for investing in team education and sharing real-world cybersecurity incidents to enhance awareness.
Quote: “Educate people as to why we’re saying no or how they could go about doing things differently.” [17:21]

Advice for Aspiring Cybersecurity Professionals

John Pinard:

Stay Curious and Keep Learning.
- Quote: “Stay curious and always want to learn, especially in this industry.” [40:55]

Daniel Tinsky:

Embrace Failure as a Learning Tool and Find Mentors.
- Quote: “Don’t be afraid to fail part of learning. Find a leader to attach yourself to.” [41:19]

Octavia Howell:

Diversify Relationships and Stick to Your Career Plan.
- Quote: “Don’t only associate with security professionals... Have a plan and don’t pivot from it.” [42:58]

Conclusion

Notable Quotes:

Jim Love: “The bad guys only have to be right once.” [29:40]
John Pinard: “Cybersecurity is still part of my role along with a number of other things including AI and operations and infrastructure.” [08:48]
Octavia Howell: “Instead of saying NO, we say KNOW.” [15:57]
Daniel Tinsky: “Everything rises and falls on leadership.” [28:12]