We are more dependent on technology than ever. Threat actors aim to take down enterprises, industry sectors, and economies. Criminals deploy and distribute malware and ransomware on a scale never before seen. That’s why a big theme of our discussion with Pete Chronis, CISO of Turner Broadcasting, is about CISOs aiming high for transformational change in our industry.
As the CISO of a $10 billion media, sports, and entertainment company, Chronis oversees his company’s information security operations, architecture, governance, compliance, and business continuity programs. He also invented several innovative proprietary IT security technologies that together have blocked more than 750 billion threats and prevented $100 million in fraud.
In this Q&A, Chronis talks about the NTSC’s legislative influence, the unique nature of this organization, and why CISOs need to join now to have maximum impact on shaping our future efforts.
Why did you join the NTSC?
Joining the NTSC offered me a great opportunity to influence some of the macro issues behind the cybersecurity challenges we face as CISOs. Collectively, our voice is much more powerful than any individual CISO on their own. If we band together through an organization such as the NTSC, we are given an opportunity to make transformational change in the cybersecurity industry.
Why is the NTSC's mission so important?
Cybersecurity challenges are only going to grow, and they are not going away—especially as technology becomes more embedded into our everyday lives. As we’ve seen recently with major malware and ransomware threats that have been distributed in impactful ways never before seen, these challenges face us on a global scale. Such threats can now take out entire companies, and threat actors can target entire sectors and economies. The NTSC and its group of CISOs has a unique opportunity to address these threats on a policy level and influence the way our country evolves, adapts, and prepares for the future.
Nationally, I think we need a cybersecurity moonshot to be successful and transform the industry to meet these future threats. The federal government will play a key and critical role in making that happen. Right now, no one at the federal level has the experience and confidence to take on that type of transformational change. That gives the NTSC an opportunity to create awareness at the federal level through crafting, guiding, and shaping legislation in a way that helps us make meaningful cybersecurity progress.
And while the primary mission of the NTSC is to influence policy discussion and debate, we’re also finding many opportunities to work with other industry groups and explore how we can use our collective influence to address major CISO pain points. We have an opportunity to improve the craft of cybersecurity, boost enterprise cybersecurity, and influence vendors and other players in the technology ecosystem to up their game. A rising tide lifts all boats, and we can holistically address cybersecurity through legislation, partnerships, and enhanced collaboration among CISOs.
What are a few examples of ways that you've benefited from participating with the NTSC?
I've taken advantage of the many opportunities given by the NTSC to participate with CISOs. I find that the conferences, roundtables, and other NTSC gatherings really feature the best of the best inside our community—the folks who you’re reading about in the newspapers and trade publications who are driving change in our industry.
When we get together, we don’t talk about the same old things that I typically talk about with other CISOs. We’re focused on making a big difference and helping change the industry. This interaction with CISOs helps me become better at my job and benefits my company as we devise a cybersecurity strategy for the long-term.
As a group of leading edge practitioners, the CISOs who have joined the NTSC are collectively going to accomplish some impressive things. However, in the interim we’re all going to be learning a lot from each other—and that’s unique compared to other organizations I’ve joined.
For CISOs currently not participating in the NTSC, why do they need to get involved? What are they missing?
There’s a lot of noise out there. Many, many organizations want a piece of a CISO’s time. We’re forced to pick and choose how we want to be engaged or involved. But with the NTSC, I have joined a very dynamic group of individuals who are thought leaders in the industry aiming for real change.
Also, CISOs who join us now have the opportunity to shape the NTSC while it’s still relatively new and growing. Getting involved and engaged now will give a CISO a real chance to shape the organization, leave their mark, and create a lasting impact on the cybersecurity community.
And in case CISOs are wondering how they might participate within the framework of the NTSC, Executive Director Patrick Gaul has been a phenomenal leader because he lets people run with ideas if they feel passionate about something. Sometimes, other organizations tend to get bogged down in minutia and committees. We have just the right amount of structure, but we also act like an entrepreneurial organization. We’ve got members who are hungry for change, and some of the initiatives we’re engaged in are meaningful and actionable now.
I would encourage CISOs to take a serious look at the NTSC. Turner has gotten so much back from our participation with the NTSC and I have to remind myself that it’s only the first year. We aggressively look forward to paying our dues for the next year because we want to continue being a part of this organization—not only contributing financially but also contributing to the NTSC’s endgame. I participate in many CISO groups and organizations, but this is the most rewarding professional organization that I’ve found so far.