Secret CSO: Howard Taylor, Radware

Name: Howard (Chaim) Taylor

Organisation: Radware, Ltd.

Job title: CISO

Date started current role: February 2019

Location: Tel Aviv, Israel

Howard Taylor has over 40 years of experience in IT infrastructure, operations management, information security and technology risk management. Prior to joining Radware, Taylor served as a principal consultant for BDO Israel, where he supported both hi-tech start-ups and large companies, such as Teva and Amdocs. Before his move to Israel, Taylor had a 29-year career as vice president of technology risk management with JPMorganChase. Taylor was one of the first CISOs in the banking industry, responsible for establishing the security strategy for the firm’s initial internet presence, policy development and regulatory compliance.

What was your first job? To pay my way through college, I worked for New York University’s datacenter, programming their computer billing system. This is where I developed my love for computing hardware and operating systems.

How did you get involved in cybersecurity? Back in the good old days, there was a saying “Nothing happens without a bad audit!” An external auditor was ready to shut down a major funds transfer/clearing application unless all the controls (security, change management and business continuity) were dramatically improved. They gave us a year to perform a miracle, and I was tasked to do it! I built my firm’s first technology risk management team.

What was your education? Do you hold any certifications? What are they? I have a B.S. in computer science from the City University of New York, School of Engineering. I never had time to pursue certifications as I always had too much work in the queue. However, I highly recommend the CISSP certification for aspiring CISOs.

Explain your career path. Did you take any detours? If so, discuss. My start in IT infrastructure management provided me with the best foundation to become a risk management professional. I was familiar with the processes and procedures from end-to-end. I understood the security challenges and quickly built the relationships necessary to address them. Once I left JPMorganChase to become a consultant, these skills really paid off. I was able to swiftly move from client to client and from one technology to another. Now, as the CISO for Radware, an industry leading security company, I am satisfied with the direction my career has taken. No detours to report.

Was there anyone who has inspired or mentored you in your career? In my first risk management assignment at JPMorganChase, I worked very closely with two senior partners from a major accounting firm. They were getting close to retiring and saw me as part of the new generation to continue their security and risk management mission. Following many heated discussions and a lot of hard work, we dramatically Improved the control environment and kept the business in business! They taught me an approach that has stayed with me until today. Basic principles never go out of fashion.

What do you feel is the most important aspect of your job? Maintaining balance! The CISO must address many requirements, even though some will conflict with others. For example, R&D needs wide open access to everything from everywhere. Customers demand tighter controls and extensive monitoring. Core business services must be protected from internal and external threats. The CISO must evaluate these objectives and define ways to bring harmony to the chaos.

What metrics or KPIs do you use to measure security effectiveness? Not having your security incidents reported as front-page news is a great KPI! (Just kidding). Defining and tracking the right security KPIs remains a challenge. The KPI’s for Radware’s program focus on basics, such as patch management operating system update status, progress on remediation plans, incident response times and security awareness training statistics. These may not be the most exciting KPIs, but they are significant indicators of program security health and success.

Is the security skills shortage affecting your organisation? What roles or skills are you finding the most difficult to fill? Radware has a reputation as great place to work. We also have an excellent HR recruiting team. So, it may take a little time, but they manage to find the best candidates.

Cybersecurity is constantly changing – how do you keep learning? Radware is a security company, filled with many experts who are ready to share their knowledge. In addition to internal information sharing, Radware offers white papers, webinars, and other information to the public via the Radware.com website.

What conferences are on your must-attend list? I have never found conferences to be of great value. If I don’t have the information I need at home, I make a few calls to find it.

What is the best current trend in cybersecurity? The worst? I feel the best trend is the newly energised focus on basic housekeeping, such as patch management. This was brought to the forefront by the Solar Winds incident. The root of many cyber breaches is poor cyber-housekeeping. The worst trend today is attempting to implement “process automation’ without having well defined processes. Some CISOs view tools as a way to better secure their environment. If they don’t have defined control objectives and processes, the tools may not provide the ROI they expect. An avoidable waste of resources.

What's the best career advice you ever received? The best career advice was to leave my IT infra comfort zone and move into the security and risk management space.

What advice would you give to aspiring security leaders? Cyber security is a business enabler! Work closely with your business and find ways to implement their requirements in a secure way. In short, avoid saying NO!

What has been your greatest career achievement? I am still working on it! I receive tremendous satisfaction from watching the success of the young cyber security professionals I have worked with.

Looking back with 20:20 hindsight, what would you have done differently? NOT ONE THING!