Lessons From a Fortune 100 CISO, A Fireside Chat with Elevate Security

April 8, 2021

Watch playback from Elevate Security's 'Digital Fireside Chat' Series

April 8, 2021


Elevate Security recently hosted a webcast event featuring me and our CMO Suresh Balasubramanian in conversation with Tony Spinelli, a prominent digital CIO & cybersecurity pioneer. Tony has been a CISO for 20+ years.

His experience includes leading cybersecurity at First Data, Equifax, Tyco and Capital One. He is currently CIO at broadcaster Urban One, the largest distributor of urban content in the country.

Tony brings his lessons and perspectives on leading security today. Our discussion covers a wide range of related topics, from the ever-evolving role of the CISO to key areas to prioritize in 2021.

In his wide-ranging career, Tony has witnessed the CISO position become more broad to encompass the full gamut of enterprise risk. He has confronted the many challenges of cybersecurity in highly regulated environments.

He explains that his overarching approach to the job is to gain greater visibility into potential security vulnerabilities and threats, so that everyone in the enterprise enjoys more “freedom of action”. Part is this effort is to think like the bad actors, but it also means understanding employee needs and behaviors. He believes that security awareness should never forget the human element in an organization’s culture.

This is a highly interactive Q&A session. Some of the questions that Tony and I address include:

  • How should CISOs best manage their team and resources?
  • How do you discover your security blind spots?
  • How do we determine what is enough end user freedom or restriction, by use case?
  • What are the secrets to getting executives more compliant with security?
  • How do you get budget approval?
  • How has COVID and the WFH transition affected security decisions?
  • How has the definition of “attack surface” changed?
  • Are phishing attacks still the most important risk to mitigate?
  • What causes CISOs to ignore employee risk?
  • How do you reduce friction on the security team?
  • How do we move away from a reactive incident management approach?
  • How do you determine what is important for the Board to know?
  • What do you think of benchmarking?
  • What are the consequences of the Zero Trust security model?

Tony also talks about his involvement in the effort to establish the first security nonprofit called the Global Center for Cybersecurity. The consortium is dedicated to industry workforce development and freely open for all to join. It currently includes enterprises, vendors, government, universities… and Elevate Security!

This engaging and informative webcast is well worth the time investment. You’ll emerge with a list of actions to take right now to improve your organization’s security posture.