Why building trust in business is critical for sustainable growth: A conversation with Billy Spears, CISO at Teradata

36:23 VIDEO

This episode features an interview with Billy Spears, CISO at Teradata. Teradata is the connected multi-cloud data platform for enterprise analytics, solving data challenges from start to scale. Billy has more than 25 years of industry experience. He is an award-winning technology executive, author, speaker, and podcast host. He is also an adjunct professor of cybersecurity at Webster University. Prior to joining Teradata, Billy served as CISO at Alteryx. On this episode, Billy and host Andy Schneider discuss harnessing AI for better business intelligence while managing the risk posed by it, the push and pull of growing trust, and how to use security to drive the business forward.

Time Stamps

Understanding the current and emerging threat landscape
Is phishing becoming more prevalent?
What threat does generative AI propose to security?
How can you harness AI for better security?
What advice would Greg give someone just entering the cybersecurity field?
How can CISOs be business enablers?
When is something “secure enough”?
What makes a great security leader?
Open Transcript

[00:00:00] Billy: a few things that we can do, to continue to shape and, of evolve as a business leader. One, understand your business. Two, be able to read, the financial sheets and understand what things like ARR and a C V and TCV are. Be able to translate the, business and financial terms into your security portfolio and be able to tie your outcomes. Two business objectives, meaning it’s not just about the security stuff you can deliver, but how does the security drive the business forward, whether it’s through protections and mitigation outcomes, or whether it’s from driving new business to your business by building trust and thinking about resiliency.

[00:00:38] Andy: Welcome to to Cloud. I’m Andy Schneider Field CISO EMEA at Lacework, and today we have our special guest, Billy Spears. Billy is CISO at Teradata, the connected multi-cloud data platform for enterprise analytics solving data challenges from start to scale. Billy brings more than 25 years of experience and he’s an award-winning technology executive, author, speaker, and podcast host. Billy, welcome to the show.

[00:01:03] Billy: Hey. Thanks, Andy. Glad to be here.

[00:01:05] Andy: So when we first, talk to each other, you mentioned that you have like more than 25 years experience. So that’s a long time. And what we share both of us is that we started mostly directly with security. we bring in like almost 50 years of security experience. So let’s start with the, first part. Every time when I talk to Caesars, what’s for me very interesting is what is the most pressing challenge and priority right now 

[00:01:32] Billy: I think when you’re talking about the cloud, the most pressing challenges I see today in cybersecurity, start with the landscape. inside that landscape. We have sophisticated cyber attacks, data breaches, and more prevalently across the globe. Privacy concerns, there’s other things below that like cloud security risk, emerging technology, supply chain attacks. You know, we can even get into things like the skills gap in regulatory compliance, but I think. All folks, or companies, in order to tackle these challenges, they should really focus on things like multilayer defense strategies, securing their sensitive data and adopting cloud security measures.

[00:02:07] Andy: So, if we look at that, what do you think? Did the threats really change? So if we look back like 10 years where the cloud was still new, more on-prem environments, did it really change or did it somehow keep the same and just the technology evolved?

[00:02:23] Billy: Well, I think technology continues to evolve and attackers become, smarter over time. So I think as technology evolved, the threats become more sophisticated. I don’t know if the base part of the threats change so much as the, methods of the attackers and the exploitation risk.

[00:02:41] Andy: I remember when, like phishing was one of the. common attack factors where attackers came in. So it’s not like the sophisticated, super zero day exploit, mostly across phishing. and personally I see that phishing became way better. Uh, how do you see that? 

[00:02:58] Billy: So, phishing is the most prevalent way to attack anyone because it’s attacking the human, right? So the idea behind phishing is what pretext or, or what, scam can I come up with to get you to interact with me to ultimately lead towards, you know, exfiltrating something, whether it’s, Native knowledge or your most precious credentials or something in between, like maybe you’ve gotten emails or, or texts that say, Hey, go to Best Buy and, send me over some gift cards. So, are we getting better? in some cases, yes. In some cases, no. companies have to take the, challenge to really. amplify their protections against, phishing. And there’s, there’s a lot that goes into that. It’s not just, uh, one size fits all.

[00:03:42] Andy: I had recently a couple of discussions about generative ai, so like Chat G P T and so on. Do you think that this is really changing phishing, like there’s that big fear of many CISOs that, you will never be able to detect phishing anymore like we did in the past? Or do you think it’s just like hyped?

[00:04:02] Billy: I don’t think generative AI is hyped at all. I think it’s, it has remarkable capabilities, I think in, some of the models. You know, like for example, chat, G P T, I don’t believe. They’ve updated the model since maybe 2021. So the data that they’re pulling comes from sources that are a couple years old, and that begins to get stale over time. Now, and I’m not fully up to date, but I know Microsoft released a whole bunch of new capabilities yesterday with Chat g pt, and their particular platform. So the, the idea of can AI solve phishing or enhance the attacks of phishing? I think that they definitely can enhance the attacks. AI can also help, uh, mitigate the risk of phishing. However, you’re gonna need a whole lot more, data to really have high degrees of accuracy because remember, AI is, is models that push and pull from whatever sources that it’s getting its input from. So it may not be the best at understanding the total landscape of your company or your methods or your policies or the things that you do in your layered protection model.

[00:05:07] Andy: it’s a cat mouse game. So if the attackers find new ways of, technologies that they can misuse, defenders will find new ways to defend against these new attacks,

[00:05:18] Billy: you know, just a little bit more there. I think, you know, again, I don’t, I don’t want any of the listeners to, listen to this and go, wow, Billy said whatever about generative ai. I think there’s a lot of pros there. creativity, innovation, what you use it for, right? The sky’s the limit. Uh, and we, we have to do a really good job of making sure that whatever you’re using it for has protections around. it’s a new capability, right? So we have to have some protections to make sure that we don’t go in with a blind eye and create more risk as a result.

[00:05:47] Andy: I had that experience with my son. I have a seven year old son, my older son, and he’s bored by school, so my wife and I, we asked ChatGPT to give him some math lessons, maths, so, but only addition. He’s not good in subtraction for only addition. And then ChatGPT created like, pages of additions, but some were subtractions in it. And then we said, but you, you added subtraction and then ChatGPT apologized for it. Said, oh, you’re right. I did an arrow. So I still believe that it’s not hype, but there’s the potential. we shouldn’t overestimate what, AI can do. It’s still. The beginning, but you are right. I see that the sky is the limit, so we’ll have a lot of potential

[00:06:27] Billy: Yeah. And also the models like we talk about chat, g p t, it seems to be the, the most prevalent today. But really, what kind of models is the AI or are your particular, type of ai, what is it using? and we could get way in depth on this kind of stuff, but if we keep it high level and just say, Hey, listen, generative ai, there’s pros and cons and we should consider those things. as we continue to move forward, I know in my world there’s tons of discussions around this right now. Uh, and we, we need to consider all those things and come up with a collective point of view.

[00:07:00] Andy: if we move away from generative AI to machine learning, I think that’s, for me the better term to call it. Still machine learning. Machine learning and security. I’ve heard that, like for a decade, but do you think that we have like some kind of breakthrough that where, the cloud allows real machine learning rather than having it before? Or how do, how are you with machine learning and security?

[00:07:25] Billy: Yeah. Well, I think, again, you’re talking about algorithmic models, right? So you think you, you can use the. AI to enable some things, and you can use the machine learning to do things like, automate or create efficiency. You can create, personalization. You can, uh, use it for data augmentation and simulation. You can use it to make your base better because it’s learning from itself, right?

[00:07:51] Andy: Mm-hmm. Mm-hmm.

[00:07:52] Billy: can also use it for, for better business intelligence. When you start thinking about how do I get to the root of what I’m trying to solve in security, you have. All of this data that comes in, how do you consume that data with any sort of consistency and then deliver out the maybe anomalous results or the spikes of risk at the appropriate point of time? And this is, the future for us. you don’t have unlimited humans that throw out the problem. So you’re going to need to use technology or augment that technology to, to solve the need. And I think, AI and ML chunks through it, but I think AI does that. It’s, we’re talking about unlimited consumption and being able to sift through to the finite detail potentially. I mean, again, there still has to be a whole bunch of, calibration and con and configuration associated with that. But I absolutely think you can get through analyzing vast amounts of data and then generating that sophisticated outcome that’s expected through the security sort of, logging.

[00:08:51] Andy: Agree. there was one thing, I read an interview from you, I dunno which one was it, but it was about the evolving role of a CISO. So how the C role has changed over the, let’s say decades almost. And one thing that was driving me my whole career is that. getting out of that, let’s say chasing incident, chasing alerts and becoming more like a business enabler. So turning security into a business enabler was always something driving me. And I read a couple of similar statements from you. So what’s your take on how can security or cs, become more business enablers?

[00:09:32] Billy: Well, I think the first thing is to learn a business.

[00:09:34] Andy: the 

[00:09:34] Billy: I know that sounds pretty easy, but not, not always. I, I think when you take a ciso, security leaders are in different places in their career. So if you’re a junior or you’re, you’re stuck in the middle, you may not understand what’s being asked of you when they say, what’s the role of the business of security inside of a company? So for me, the first thing I say is we continue to evolve significantly over periods of time. If you take decade by decade or year by year, even the changing landscape of our business and the growing importance of what we do of protecting digital assets is key. So a few things that we can do, to continue to shape and sort of evolve as a business leader. One, understand your business. Two, be able to read, the financial sheets and understand what things like ARR and a C V and TCV are. Because when, when you’re on calls with, with salespeople asking you for things, those are the kind of terms they’re gonna use. Be able to translate the business and financial terms into your security portfolio and be able to tie your outcomes. Two business objectives, meaning it’s not just about the security stuff you can deliver, but how does the security drive the business forward, whether it’s through protections and mitigation outcomes, or whether it’s from driving new business to your business by building trust and thinking about resiliency.

[00:10:57] Andy: Yeah, I, I love that, especially reading the financial report. So it’s my recommendation. There are these tips out there, the first 100 days of a ciso, and they’re like tons of tips. And I usually just say, read the financial report, then read again, read it again, and read it again until you really understood, what is driving the business, what is making the numbers, where are the crown rules? What is bringing value to the organization? I really love that. Brilliant. let’s move on to more, a learning side. So, if we think about security, we always try to make things secure, but, we know that actually there is no such thing of security. So, what’s, what do you think about that? Is there really security and, when are we secure enough?

[00:11:44] Billy: Well, I think there is security. I think what we do is we manage a, series of protections or safeguards to try to build security into our companies or products or whatever it is. You’re, you’re protecting into some, agreed upon tolerance structure, meaning how much does it cost for security to get to X? How much extra would it cost to get to y. And does X align with our business or does y align with our business? Because I think the idea, if you, come into a company and say, I wanna solve all security things, while that’s helpful, that might also stall your business from growing. Or you might be using money from other investments, to prevent some, I don’t know, some new innovative thing from occurring. Now, again, no way am I advocating that we, we should just do things without security being included. I’m saying it’s, a risk driven posture and we need to make sure that the security team is building definitely past the basics, but into where the business feels, about the, risk that it’s carrying forward, because you’re never gonna solve everything.

[00:12:52] Andy: Right. So if we look at the security leader, so the CSO or whatever title the person has, maybe the title will change in the future to make it more confusing to everybody. So, if we take the security leader, what makes a good security leader in that, let’s say, I wouldn’t call it sandwich, but in between, how should the modern security leader be like,

[00:13:15] Billy: the great security leaders that I run into in the business, they’re also business enablers. and so there’s lots of ways of doing that. the approach for me, I think security acts as a business enabler by first protecting our assets. second building trust. We need to support digital transformation all around the business, which is constantly occurring anyway. Now, some of the more, I think, rudimentary things, we need to ensure compliance. Compliance is big, it’s pervasive, it’s global. that’s very, very important. We also need to enable secure collaboration. Meaning how, how can our people continue to talk to each other if. In security leaders minds, the old adage was, I’ll just shut things down and you could only use a certain flow of things. Well, shutting down collaboration also shuts down innovation. So how do you collaborate more but do it securely? How do you promote things like business continuity? So planning for the bad thing to occur. Also, how do you use security as a competitive advantage? And thinking about reducing costs, you don’t necessarily have to up your security spend by a tremendous percentage To do something new. You can always, consolidate. You can work with other teams and partner and maybe, uh, you go in on the cost together. Right? But overall, I think, by prioritizing security business can create this secure and resilient environment that fosters growth, innovation, and long-term success. And people can be really proud of it. They can say, listen, working with our security team, we’ve been able to accomplish all the things I just talked about. And it has grown, whether it’s the organization itself, the software you sell or things in between. It’s helped us grow our business because more and more people want to do business with us over our competitors.

[00:14:59] Andy: Let me dive deeper into two, two parts that you mentioned. The first one was trust. The second one was resilient products. I really like both of them, but, I know that trust is like essential. It’s like the glue that holds everything together in, in a, let’s say, leadership position and if you drive business, but how do you build trust? Also to your team or to your peers, to the executive team? how do you do that?

[00:15:27] Billy: I actually love this topic, Andy. So the answer that I’m gonna say from a CISO platform, I’m sure the audience is gonna look at their phone or devices or take their EarPods out and say, what did he just say? But the way that you, you grow trust is you extend trust. In our business, we talk about a zero trust environment, meaning we wanna validate our verify before we allow things through in human interaction. If you want to gain trust, You have to extend trust first. So take that trust, fall with your peers. Expect that they’re there for the right reasons. Expect that they’re gonna deliver on their end of the bargain. Expect that they’re gonna do what they say they’re gonna do. And then credibility of all those actions enhance the, trusting relationship over time. But much like, going to school, I’d like to think that you start with an a. Because the company hired you and they have a whole philosophy of how you got there. Now can you keep the a that’s based on our interaction over time. So I wanna make sure that I follow through and, and keep my commitments and do the things that I say. I also wanna make sure that, you know, I’m constantly advising you on strong security practices, because I want to enhance our relationship confidence over time. And I wanna make sure that, uh, you’re more likely to engage me because I’ve demonstrated that commitment. with you in, in your group, regardless of where you are around the business. And that’s true for CEOs and boards and other things. We wanna make sure that we’re all committing to, uh, the same set of standards for lack of a better term, and that we, keep up our under the bargain. As a ciso, it’s not my job to go say, wow, you know, sales and marketing, here’s my 2 cents in what they’re doing. it’s my job to say, here’s how security can help them be successful. And that’s true for legal and HR and finance and, product teams and IT teams and everywhere else. I, I don’t have to go in and, and have some sort of disagreement with, our CIO instead our at Teradata, our CIO is, is my partner. I want to make sure that she’s as successful as she can be, and I wanna make sure that I’m a trusted and valued partner to support that success over time.

[00:17:33] Andy: it’s almost like almost an advisor position to help everyone getting better in their job.

[00:17:40] Billy: there’s an equal part to that too. We have to listen. Well, it’s easy for CISOs to come and tell people, here’s what we think we’ve done wrong, but we, we need to take, the criticism equally. So if we, if we listen, we can learn, uh, if we think about criticism as a gift, then every time someone tells us something, I think the more it stings, the more you have to really interpret what you’re hearing and, and figure out ways to get better. Don’t wait a week, a month, or a year. Try to figure out how to incorporate some of those, some of the things that you hear right away. And watch how everything around you begins to change in a, for a positive way.

[00:18:16] Andy: absolutely. So the second one that I wanted to deep dive a little bit was that resilient product. So, what is needed to build a resilient, let’s say, digital product? Let’s keep it on the digital level, so maybe even cloud digital product on a cloud environment or something. So something modern. So what do you need to do that?

[00:18:35] Billy: I think you have to prepare for disaster. So incident response is a huge one ton of things. Sub things in incident response around planning all the way through. the after actions after response occurs, you have to think about your disaster recovery strategies and helping the business maintain its operations, throughout something negative that’s occurring because that’s important. anytime you can support minimizing downtime and in protecting, you know, critical systems, enabling things like B C D R security measures. Uninterrupted services ultimately leads to minimal financial loss, but it also helps, I think, improve the relationship with your customers because they’re counting on you in some cases to make sure things are up. For example, what would we the world do if like Amazon or, or Azure went down, like we would all be in the same place saying, wow, this is a problem. So we’re counting on them to keep their systems up so that, you know, our companies can continue to do all the great things that, that they’re accomplishing.

[00:19:32] Andy: Yeah. Fully agree. I remember I did a. Let’s say a third party risk analysis in my last company. And we thought, we have to, like, first of all’s, like, bcm, traditional, like looking how to keep business continuity and, uh, the digital products up and running. We found out we totally rely on aws. All of our services, everything is on like aws. the biggest risk would have been if AWS would’ve been down, but we thought if AWS is down, And GCP is down. So these were the two hyperscalers. No one would notice if our business is no longer available because nothing would work anymore. Literally nothing.

[00:20:12] Billy: Yeah, it’s likely they would be down too. and I think even in those processes, right? I think if your, company has a strong crisis management plan where, you know, security incident response is just one of many crisis strategies that you have to think about, it all evolves down into, you know, two or three major categories. Now, if you make your plan much more sophisticated to the audience, then good for them. But it really starts with, great preparation, a swift response. You know, the thorough investigation of whatever’s happening, and then there’s after things. So whatever comes with continuous improvement or the, post projects or making the plan better or more resilient or whatever, that’s important. So anytime disaster strikes, if you have a, good plan, a solid plan that’s been practiced, vetted, everybody knows their roles, it can definitely alleviate a lot of pain and a lot of stress right away.

[00:21:00] Andy: Let us really look way back, like we said in the beginning, we both have, a long career, but. Were there some, key events in your career, let’s say in your career where you said this is like one of the most impressive or important learning that still influences my decisions today?

[00:21:20] Billy: biggest learning for me, I think is recognizing that collaboration is the key to enhancing security. Over a very long time, I’ve come to understand that often I am not the smartest person in the room. You know how hard it was for me just to say that on a recorded conversation. Uh, and you know, I’ve learned to really value the collective expertise of people like my team, others throughout the company, and the broader community of cybersecurity collaborators. So for me, it’s value, the input from others, learn from others, and solicit input always because collaboration is the key to success.

[00:21:56] Andy: That’s really great. Collaboration is key to success. I really love that we have to take that, note down later. it’s because it’s really so important and admitting that. for me the same, I’m not the smartest person. Sometimes I feel like I know everything about security, but I actually had a similar experience with developers because they usually never wanted to follow my policies and what I said that they shall do. So I just asked them what they would do and actually they came up with brilliant ideas. So I learned that I might not be the smartest person if it’s about security. They are actually really good in, in their parts as well. 

[00:22:35] Billy: Yeah. 

[00:22:36] Andy: like that. Yeah. So, and were the things that you learned that just didn’t work.

[00:22:42] Billy: I think there, there’s so many things when you think about, that you, you want to try because, you know, for me, I’m an innovative person, right? But throughout my career, there’ve been, there’ve been a few situations where initiatives I was trying to implement didn’t achieve a desired outcome. and there’s several, right? However, in each instance, I embrace the setbacks as learning opportunities, always engaging in open dialogue, adapting my approach and reinforcing, I think the, key here is reinforcing trust to overcome the adversity and then drive a successful result. So, set differently while you have setbacks, and I’m being careful not to, out some of those on this conversation. You know, embracing them and taking the setbacks as a gift. And again, using that collaborative style learning has always been the key for me to overcoming, that type of adversity.

[00:23:30] Andy: if we look back, you, you mentioned that you started with security, but was there like a key moment where you said, I want to become a cso, or did it just happen? 

[00:23:42] Billy: I think that’s the part of, your career where you’re like, Hey, listen, I’m ready to take the reins, or I’m ready to lead. And, and in my career, yeah, there was, there was key moments. You know, you’re, you’re on teams, you’re working to solve things. I think as an individual contributor, a lot of people think, okay, I’m really good at what I do, so I could do something better. But I think when I really realized I was ready to be a CISO is when the sort of epiphany hits you in the face and you’ve, the people around you are telling you that you’re a good leader and you’re, You’re helping people improve their lives. and I think for me, that’s the philosophy that I’ve been able to embrace when I really felt like I could help people in their career, grow the career, help the organizations that I work for, uh, improve their overall security portfolio, but still serve the community around me. Then I felt like it was, it was my time to step out in the light you know, manage my own program and continue to grow myself.

[00:24:45] Andy: Do you have like a tip for, I mean there there are many people out there that want to start in cyber. We have a talent shortage. Uh, how big it is, it’s, there are many numbers out there, but do you have like a tip for someone who wants to start? So are there any things that you can share?

[00:25:01] Billy: if you wanna start in cyber, I say learn lots, talk to people and get a mentor and try. You know, a lot of people in cyber think that, Hey, if I’m not 15 layers deep, technically I can’t do it. That’s not true. There’s a lot of jobs in cybersecurity or information security or security itself, depending on where you are and how you. communicate the role that are not technical at all. You know, we have program leaders and we have, auditors and you have risk type people and you have people who love to just write. We have professional writers in cybersecurity. You have, folks that, that love to tinker with technology. That’s important. We have engineers, you have architect mindsets in different. Technologies in different environments and different ecosystems. And then you have leadership. So you go from the individual contributor to managers. You have people that are really good with people, and I think a misnomer with managers is, I can’t manage a team unless I’m so deep and understand what everybody’s gonna do on the team. I don’t think that’s true. I think a great leader is someone that brings the best out of the people they work around. And can influence a positive outcome. And so there’s lots of tips and tricks and techniques and psychological ways to get that stuff done. But good humans can lead great people and great people will ensure that they’re taking care of the humans that are out in front of them. Uh, care of the tactical sort of details along that journey.

[00:26:30] Andy: No, that’s, brilliant. So I will listen to that myself a couple of times again. because I have, I’m a father of two kids, and actually you can replicate a lot of things, uh, with parenting, to also leadership. So really, really making people better by influencing them is one of the greatest achievements you can do as a manager and as a parent as well. Yeah, I really love that.

[00:26:54] Billy: For sure. Andy, one thing I wanna go back to, I forgot. As you’re talking, I’m like, oh yeah. Here’s four more things I think. Join professional networks. Join the networks, networks, networks. It’ll help you build a strong foundation. It’ll help you figure out your path. you know, I was joking with before this, conversation started, Andy, you know, we have 700 plus odd, some odd certifications. Go get some certifications, see if those things are relevant for whatever industry you wanna work in. and, and maybe you can get some hands on experience too. find ways to, to open up sandboxes or go into these learning platforms and, and gain some entry level experience. So to get you that, that foot in the door at companies. and then your career will take off. But I think the backbone here is networking with people that are already in the business. 

[00:27:38] Andy: you mentioned before you mentioned, search for a mentor. So now it’s not a ask for you, but if we have Caesars as listeners. Take your time and offer being a mentor for others that want to start in cyber. I think this is so important because asking for a mentor is one thing, but being open to be a mentee, that’s really very important. So, both need to come together. 

[00:28:00] Billy: listen, this is a total vulnerable thing to say. It’s true. I mentor lots of people, but guess what? I’m also a mentee to some people because I think, I don’t care where you are in your career and I don’t care how long you’ve, been in the business, you’re always gonna have blind spots. And I think mentors, it can help you grow and navigate, not only so you can see the blind spots, but navigate to the journey ahead because there’s always something that you wanna fulfill. There’s always a piece of the business you don’t see, and in your part of the business, you’re so deep in everything that you see that sometimes you gotta pop your head up and, and look at things around you and just continue to learn from peers or, or superiors or maybe folks in other companies that are doing the same thing you’re doing. They’re just using a different approach.

[00:28:41] Andy: approach. I love that. So we’ll make it quick, just a short, fast forward to your current role. So, um, you are now c at Teradata, and if you would now look into the future, what needs to change in the security industry?

[00:28:54] Billy: as we talked about, the role has evolved over time, for the future. we need to increase board level engagement. and, and I think CSO will continue to have more, significant presence at the board level. but it’s in your updates and talking about security risks and your incident response plans and the associated mitigation strategies. these play critical roles in influencing the outcomes and advocating. For appropriate, investment or appropriate support with board level oversight, I think emphasizing business alignment. We have to further align on security initiatives with business objectives, and associated risk management strategies. us security leaders need to work with other business leaders to ensure your security measures, enable things like digital transformation, innovation, and growth. but again, you have to always do that in, in the vein of effectively managing the associated risks, not just doing them to do them otherwise, they will fall subject to, to other priorities and, and whatnot. The integration of artificial intelligence and automation over time. I’m not saying tomorrow, but over time, CISOs will leverage AI and automation to enhance things like what we talked about earlier. Threat detection, incident response, security operations, and more. These outputs will, will drive analytics, machine learning algorithms and automation tools to augment our capabilities and stay ahead of these sophisticated cyber threats We talked about, uh, we need to focus more on privacy and data protection in too long in the industry. These two groups, security and privacy, continue to fork away from each other. Uh, one being more legal and one being more technical. In a discipline, but with the increasing importance of privacy, and the the implementation of, global stricter regulations, CISOs need to prioritize these things by design. So partner with your legal folks or whoever’s managing privacy, bring them closer to, core and, and co-lead initiatives to ensure collective compliance with these laws. protecting personal data and expanding your trust, building with customers and stakeholders. And then lastly, I think it’s important to have solid governance and metrics. while you continue doing all the things that you’re doing. Remember to take time out. Develop a, a robust security governance framework inside your company. Establish some metrics not only to measure the effectiveness of your program, but to communicate the evolvement of that program to others. Cuz you often know exactly what you’re doing. Well, you know what hurts, you know what you’re working towards, but do others get it? And are they aligned with the direction you’re going? Because these metrics provide insight not only to the organizational security postures. But it also supports informed decision making, downstream.

[00:31:38] Andy: I would really like to fast forward into the future just to see how things look like in, let’s say five years. So

[00:31:45] Billy: Yeah, 

[00:31:46] Andy: actually can’t do that. We actually can’t do that. So we come to an end. Let’s, let’s have some, very short, rapid fire questions. So what’s the one tool you can’t live without?

[00:31:54] Billy: Today we can’t live without, lace work’s, security posture management tool. That’s true.

[00:31:59] Andy: Oh, nice. I love that answer. Much appreciated. what’s the most important habit in it? Leader can have.

[00:32:06] Billy: Be consistent.

[00:32:07] Andy: Who do you look up in the space?

[00:32:09] Billy: there’s plenty of, of big name folks. I would hate to name a few and leave out a whole bunch, but there is a tremendous amount of, of security and technical talent. Also, CEOs, I’ve been fortunate enough to meet a lot of CEOs in this business, and I look up to them for taking the risk and starting their own companies and continue to evolve them. there’s too many to name and I wouldn’t wanna hurt anyone’s feelings, but I look up to a lot of folks, uh, in this business and appreciate, I’m grateful every time they answer the phone, when I ask them a really hard question.

[00:32:36] Andy: That’s great. So for anyone who wants to connect with you, where’s the best place to do that?

[00:32:41] Billy: For anyone I’m open, connect with me on LinkedIn or any of the groups, the public groups or platforms that I’m on, but LinkedIn or my Teradata email, so it’s just first name dot last name@teradata.com and I’ll respond as quick as I can.

[00:32:55] Andy: Thanks Billy. That’s all for today. So thanks to our listeners for tuning in. We’d love if, you take a moment to subscribe, rate and review, uh, the podcast and then we’ll see you next time on Code to Cloud podcast. Thanks Billy.

[00:33:08] Billy: Thank you, Andy. I appreciate the time.

About the guest

Billy Spears
Billy Spears

Billy Spears is an award-winning industry-respected technology executive, author, speaker, and podcast host. He has earned his reputation over two and a half decades of building scalable cybersecurity, information security, information technology, product security, and privacy strategic solutions that drive innovation and business growth within the federal government, private, and public sector organizations.Billy is an effective executive servant style leader that earns trusted business partnerships and is passionate about architecting strategic solutions, enabling resilience, and incorporating core principles driving digital transformations with agile, forward-thinking security strategies that consistently transforms with the business to deliver reliable system performance throughout the entire ecosystem amid constant and changing threats. Mr. Spears believes in raising awareness, influencing positive change, and using forward-thinking methods to lead modernization.

Billy currently serves on a number of advisory boards and participates in national tech, information security, and privacy groups to evangelize his craft through outreach. He has a passion for giving back to the industry while sharing inspiration and innovation with the community. He is a visual communicator that is often requested to serve as a keynote speaker at industry related conferences and events.

Try Lacework for free

Spot unknowns sooner and continuously watch for signs of compromise. Take us on a test drive to see for yourself.