IT Hot Topics 2019 was a success! We’d like to give a big shout out to all of our conference go’ers, speakers, sponsors and Carolina Advanced Digital teams for making this our hottest conference yet. We hope to see everyone back at the Grandover Resort next year!
We recently spoke to Chuck Kesler, CISO at Pendo and a seasoned IT Hot Topics speaker. Chuck led a rockin’ breakout session at this year’s IT Hot Topics Conference! Check out our Q&A with Chuck to learn why going back to the basics and developing security policies is important to the cybersecurity industry:
Tell us about yourself and the company you work for.
Pendo is a fast-growing startup based in Raleigh whose mission is to improve society’s experience with software. We were founded in 2013 by alumni from Rally Software, Red Hat, Google and Cisco, who had a vision for providing product managers with tools that would help them build software people love. With Pendo, product teams can understand product usage, collect feedback, measure NPS, onboard users, and announce new features in app— all without requiring engineering resources. Pendo now has over 300 people, and in addition to our Raleigh headquarters, we have offices in San Francisco, New York, London, and Israel.
What sets Pendo apart from its competitors? How does your company keep up with the ever-changing nature of the security industry?
I believe that our passionate and diverse teams here at Pendo, along with a constant focus on our core values, helps set us apart from our competition. In particular, one of our core values is “Maniacal Focus on the Customer,” and I see this on display every day when different groups at Pendo come together to address a customer need.
With respect to security and privacy, we understand that our customers trust us to protect the data that they send to us with the utmost care. Although not all data we receive is highly sensitive, we know that some customers need to send us sensitive data that is personally identifiable information (PII) or protected health information (PHI). Therefore, we treat all data that we receive as if it is highly confidential.
Keeping up with the ever-changing threat landscape and the constant evolution of security products and services is a daunting challenge, even for seasoned information security professionals. I find that keeping up with the industry requires constant engagement with my peers, and conferences like IT Hot Topics are a great place to do that.
What topic(s) did you speak on at the IT Hot Topics Conference?
I presented a session titled “Back to Basics: How to Create Effective Security Policies.”
What is your experience with creating effective security policies?
As CISO at Pendo and at Duke Health over the past seven and a half years, and managing Symantec’s security advisory services consulting practice prior to that, I’ve had to develop or improve many security policies as part of implementing security programs in a variety of different types of organizations and industries.
Why do you feel this topic is important?
Most security controls can’t be effective without good policies to back them up. Developing policies is an arduous task, and something that we often try to avoid because it’s more fun to work with cool new security technology. But focusing on getting the fundamentals right in information security can pay huge dividends. And that starts with good policies.
What are three takeaways you hope attendees received from your session?
I hope that attendees have developed an understanding of the following:
- The steps and principles required to create effective policies
- How to align policies with the organization’s business, operational, technical, and regulatory requirements and constraint
- A process for developing and implementing policies to ensure that they are understood and adopted by the organization.
What were you most looking forward to at the 2019 IT Hot Topics Conference?
IT Hot Topics has always been a unique event because it brings together top notch security and IT speakers that often present at national conferences, but in a smaller, more intimate environment.
What trends are you seeing in the cybersecurity field?
I’ve noticed more of my CISO peers talking lately about needing to get back to the fundamentals of information security, and not assuming that the latest technology will provide a silver bullet. I’ve also seen more boards and executive teams wanting to understand the risks the organization faces, which is helping to ensure the “tone from the top” is being set appropriately.
Why do you feel they are important and/or how do you see them impacting the industry? As mentioned earlier, there are no silver bullets. Good security starts with the fundamentals and with the CISO and the security team being engaged with the business.