Leading Cybersecurity as a Key Business Driver


Manage episode 300316365 series 2643387
By Steve Moore. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

On today’s episode we are joined by Dr. Tim Proffitt, managing director of information security at a Houston based company as well as a professor at several institutions. He discusses his own education as well as his experience educating others and how this impacts his job.

Advice to Younger Self

Young Tim wasted a lot of time doing unnecessary things. Tim would advise his younger self to not waste so much time playing video games and late night TV.


Proffitt has always valued seeing things through. He always planned on getting a bachelor's degree and decided to continue his education. After qualifying for a new masters program, he wanted to see that through. Proffitt then saw it through to getting his PHD. He values expanding his knowledge and challenging himself.

Would Proffitt advise doing the same? It depends on self reflection and the individual. Formal education is not required for being successful in your field but it can develop some great traits. If you can see what you would get out of your masters degree, then go for it.

Getting a masters does not always equate to earning more money. However, when you choose to go through with this program, you will be stretched. It will open doors you didn’t have access to before.


Credentials are important at a certain level, but experience is just as important. Listing and talking about your credentials and experience can help some conversations and hinder others so self awareness is important.

Successful Written Communications

Proffitt explains that seeking out writing skill sets is important. It takes time and effort. Bouncing ideas off someone can be very useful too. Find that resource and mentor. A simple Google search can help you find seminars that can assist you in bettering your writing skills, as well.

Networking, Mentors and Career Arcs

Seek out and try to find a mentor early on in your career. A mentor is someone that can offer help and advice during your career. Proffitt wishes he found a mentor sooner.

After you become a CISO what is the career arc? A progression often occurring is becoming a member of the board of directors. It could also be becoming a CEO or beginning to teach.


What would Proffitt suggest to people thinking about teaching? Teaching at a community college would likely require a master's degree. Teach one class and see what you think. His goals were to be an engaging professor and getting students to want to go into his field. You can change the generations and introduce new people to the field.

How does being a college professor better Proffitt at his day job? He can view the challenges with a different lens by interacting with the viewpoints of his students. It forces him to think in different ways.

What Do We Miss in Security?

We often do not dive deep enough into issues. There is always more information about why things are the way they are. Taking time to listen to the engineers is important and can aid in decision making. People may be managing problems, but not reaching the core.

Every security program should be expending time on a risk register. This can transform the business. Presenting a simple risk register can be very profound. Consider using tools such as the 5 “whys?” or a SWOT analysis.

What Do CISOs Not Get Enough Credit For?

No credit is given when things are running smoothly. However, when things are not running well, they are criticized quickly. A lot of people don’t realize the manpower behind having the internet and technologies work. How does this get solved? As leaders, more credit can be given if metrics are improved. Proffitt dives into metrics and discusses which provide the most value.

New CISO/Advice

One piece of advice that Proffitt has is to develop a feel good security packet to outline your security processes to an extent. Your sales team and liaisons can hand this out to help make people comfortable. It is pretty easy to build a template that will answer most of the questions coming at your industry. Obtaining this information shouldn’t be too difficult. This packet will be relatively simple to assemble.

What does being a new CISO mean? You have to be a business enabler. You must help people get to their goals in a secure fashion.


Exabeam Podcasts

66 episodes