BIZTECH: How are you collaborating? Do you belong to formal or informal organizations?
ESTLICK: We have both formal and informal alliances. The most formal is through the Retail & Hospitality ISAC, where I sit on the board. Larger, more mature organizations share what they know to the benefit of small and midsized businesses, and for them, it’s the only avenue from which they can get insight into what’s affecting the industry. It’s also an effective sounding board if you’re moving forward with an initiative.
On the informal side, any security leader will tell you that they spend a lot of effort grooming and cultivating professional networks, so that when they’re presented with issues or problems, they can leverage those networks.
I have peers both inside and outside of the retail industry that will reach out to me unsolicited for perspective, and I feel comfortable doing the same thing with them.
FARSHCHI: After the 2017 Equifax breach, one of our first steps was partnering with global organizations trying to work toward the same end, like the World Economic Forum, the Better Identity Coalition and the World Bank. We partnered with the NFL and the Department of Homeland Security to stage and practice a crisis exercise in advance of the Super Bowl. We even created our own group, Atlanta for the Advancement of Security, a council of CISOs from Atlanta-based companies and government agencies, to enhance cybersecurity practices.
Because we’re a member and also a host of several alliances in the security community, we get much meatier information than we would with an automated feed.
HAYSLIP: Internally, we work with the companies that are in our portfolio. On the outside, we’re members of the Financial Sector ISAC. And, as a CISO, I’m very active in the security community, participating in roundtables and local organizations.
MORE FROM BIZTECH: Learn how to keep your organization's video meetings secure.
BIZTECH: Can you provide some examples of how you’ve collaborated with others?
ESTLICK: On a tactical level, there’s constant information sharing. Someone might say, “We’ve just been hit with X.” On the back end, it could be the tip of the iceberg. You can see it moving from organization to organization, and everyone can work together to get safeguards in place.
FARSHCHI: We’ve brought in security leaders from all over the world to look at our facility and processes so they can use them as a blueprint. And the beauty of it is that it’s not just a one-way conversation. In many of those discussions, we come up with new ideas and insight that we can implement.
HAYSLIP: For one issue, I reached out on a CISO channel and had multiple leaders, and vendors as well, walk me through what they had done. After lots of conversation, I found the solution that was best for us. Collaborating saves money and time.