Michael Speas, VP, Chief Information Security Officer and Infrastructure at Western & Southern Financial Group, speaks with Michael Sutter, CEO of Enlivened Tech, in a video interview about his career trajectory, his responsibilities as CISO, and the evolving role of the CISO in light of the changing business landscape.
Speas embarked on his career journey over three decades ago, initially focusing on networking and gradually emerging as a cybersecurity expert. His trajectory saw him becoming the de facto network and firewall expert, and eventually, a seasoned security professional.
Joining Western & Southern Financial Group five years ago as CISO marked a pivotal chapter in his career, where his responsibilities expanded from securing networks to addressing emerging challenges in cybersecurity and ensuring the protection of data shared with trading partners.
As the CISO at Western & Southern Financial Group, Speas outlines two critical dimensions of his role: thought leadership and people leadership, which he says are equally important.
Thought leadership involves guiding the organization in understanding and effectively managing cyber risks, evaluating risk acceptance, and aligning the cybersecurity program with the changing business landscape.
People leadership is crucial for nurturing and developing staff to ensure they can grow in tandem with the organization.
Speas emphasizes the shift from simplistic management approaches to a more empowering leadership style, helping individuals solve their own problems and navigate challenges.
When asked about the evolution of the CISO role against the backdrop of the changing business landscape, Speas highlights the critical necessity for CISOs to develop robust business acumen. While addressing cybersecurity concerns is paramount, aligning these efforts with broader business objectives becomes equally crucial, he says.
He further stresses the need for CISOs to contextualize their cybersecurity programs within the changing business landscape, ensuring they contribute directly to organizational goals.
Speas goes on to showcase an example of past success in managing and improving an organization's cybersecurity strategy. Upon joining, the organization was in the nascent stages of expanding its cybersecurity department and enhancing processes and controls.
Motivated by new regulations and the increasing sophistication of threat actors, Speas collaborated with internal key stakeholders — compliance, internal audit, law, and enterprise risk — to develop a multi-year program.
This initiative implemented key controls and demonstrated success through metrics, key risk indicators, and key performance indicators, showcasing effective risk management, and the organization's commitment to cybersecurity, while also justifying the investment.
Concluding, Speas states that such a transformation is impossible without involving the whole company involved and buy-in from key stakeholders of the organization. His team started with 20 members and is currently 145-strong.
CDO Magazine appreciates Michael Speas for sharing his invaluable data insights with our global community.