Keith O'Sullivan, CISO at Standard Industries. PHOTO: Cybercrime Magazine.

Help Wanted: Chief Breaker Of Things, Cybersecurity Experience Preferred

CISO at Standard Industries shares his outlook on recruiting and retaining staff

Ruth Bashinsky, Senior Editor

Northport, N.Y. – Aug. 7, 2019

Keith O’Sullivan used to hack into websites for the thrill of it. Now he makes a living out of defending against it as the chief information security officer at Standard Industries, one of the largest industrial companies in the world.

It was the ‘90s when the dot-com era hit and the internet and the digital world was a staggering new concept.

During that time, O’Sullivan was a student attending Seton Hall University studying psychology and in-between classes teaching himself coding, different programming languages, and other technologies.

“It was really fun and back then was easy to do. I had a knack for taking apart pieces and putting them back together,” he explains.

O’Sullivan soon realized that technology was his magical potion and was determined to break into this new and evolving world. After graduating he followed his pursuit.

“I wanted to get my foot in the door with any type of business on the tech side,” he recalls.

Plus, a little help from his big brother [he admits] didn’t hurt.



“I seriously started from the ground up. I was fortunate to have a brother in the tech field. I took the first help desk role. I was learning as much as I possibly could. The next stop was consulting. If there’s anything you know about consulting it’s that you are the expert when you are really not, but you better figure it out fast. It taught me how to learn technology quickly.”

His persistence paid off in a big way.

Today, as the senior vice president, IT Risk, and CISO, at Standard Industries, part of O’Sullivan’s job is to protect the company’s 180 plus manufacturing facilities that employ 15,000 people and operate in more than 80 countries.

Clearly, O’Sullivan takes his job very seriously.

“Back then the CISO role didn’t exist. Now you have guys like me that are stopping you,” says O’Sullivan, who spoke candidly during an interview at the Auditorium on  Broadway, on the campus at New York Institute of Technology (NYIT).

“When I say CISO, I think of a person that is preventative, proactive, not someone that is going to react when the incident happens. It is somebody who is constantly thinking of the emerging threat.”

According to the Cisco/Cybersecurity Ventures 2019 Cybersecurity Almanac, the 5 most cyber-attacked industries over the past 5 years are healthcare, manufacturing, financial services, government, and transportation.

A major concern for industry here and abroad.

As cybercriminals lurk about, O’Sullivan is armed and ready for any (cyber) battle headed his way. His expertise in securing cloud-based services, mobile applications, and cyber intelligence comes in handy as he leads a team of information security specialists that are passionate about what they do.

And as a former vice president, global information security at CBS, CISO at Time, Inc., head of IT security at Conde Nast, and information security manager at Horizon Blue Cross Blue Shield of New Jersey, O’Sullivan has a few tricks up his sleeves.

One of his strategies, he explains, is to keep his teams small as opposed to building an army so his staff can immerse themselves in the field.

“People in this role are not in it for the money but for the love of security,” he shares.

And, with cybersecurity threats on the rise, O’Sullivan is keenly aware that the demand for talent is high.

Cybersecurity Ventures predicts that the industry will fall short by 3.5 million jobs by 2021 up from 1 million in 2014.

“Recruiting is the hardest part. Retaining is a little easier,” says O’Sullivan, who understands that the job description may cause people to run and hide if they don’t feel that they meet all the requirements. “We tend to put a lot of requirements in our job descriptions — 10 to 15 are hard to meet. If I had a requirement for my role, I probably wouldn’t meet it either.”

His goal is to get the right people in the door and mentor them along the way.

“I look for the same type of person I was back in the day,” he says, “not necessarily a college degree in cybersecurity but somebody who likes to break things, somebody who likes to think like the bad guys and the bad girls.”

This further illustrates his point. “I was looking on Linkedin the other day and someone had chief breaker of things. I thought let’s get her down here. Those are the type of things I look for.”

Ruth Bashinsky is the Senior Editor at Cybercrime Magazine

Ask The CISO Archives


SPONSORED BY FORTINET

From the start, the Fortinet vision has been to deliver broad, truly integrated, high-performance security across the IT infrastructure.

We provide top-rated network and content security, as well as secure access products that share intelligence and work together to form a cooperative fabric. Our unique security fabric combines Security Processors, an intuitive operating system, and applied threat intelligence to give you proven security, exceptional performance, and better visibility and control–while providing easier administration.

Our flagship enterprise firewall platform, FortiGate, is available in a wide range of sizes and form factors to fit any environment and provides a broad array of next-generation security and networking functions.

The Fortinet corporate brochure explains how we deliver comprehensive network, endpoint, application, and access security.

Learn more at Fortinet.com.