George Finney
Chief Security Officer
Southern Methodist University
June 2020
A short stint pursuing stock brokering. Law school. Startups. Like many security leaders, George Finney, CSO at Southern Methodist University, started his career in cybersecurity by accident.
What was no accident, though, was his decision to stay.
“I think cybersecurity is the place for me where I can make a difference. I see it every day,” Finney said.
In a way, I’ve always been in security, I just didn’t know it. It has been a cool journey.
In advance of publishing his latest book, “Well Aware,” which breaks down cybersecurity into nine habits and is approachable to the layperson, Finney took some time to reflect on his journey — and lessons learned — as a security executive.
“The biggest part of being successful as a security leader is believing that people can make a difference. If you believe that people are successful, they will be, and that perspective determines your outcomes,” said Finney.
Being an “Obsolete” Leader
With the evolution of and increasing reliance on technology, the role of the CISO has grown exponentially. Along with the reporting structure, roles and responsibilities, the attitude in the field of cybersecurity is also changing.
“First and foremost, I see myself as an educator. My style is to make myself obsolete; I am not a micromanager,” said Finney. Leadership requires trust that people are going to make the right security decisions and to trust them. As cybersecurity continues to increase in relevance in our personal and professional lives, employees need to be empowered to make the right decisions.
In time for Security Awareness Month, Finney’s second book, “Well Aware” will be available on October 20, 2020.
“One of the reasons I named it ‘Well Aware’ is because I love the approach of human resources. We can learn so much about what we should do for security and awareness; we ought to be emulating them,” said Finney.
“People get excited about those programs and incentives that are offered. If we can follow that same model with security, we can make people want to make a difference,” he said.
Remote Leadership
Maintaining a sense of community and adjusting to leading a team of remote workers has required a different style of leadership. Many organizations shifted to remote work with a tight turnaround, equipping people with technology and teaching them how to use it. At Southern Methodist University, the IT team worked diligently and quickly to train faculty and students on video conferencing in order to resume operations.
Staying connected virtually and recognizing that work will simply look different during the pandemic is a key component to leading with empathy. Daily check-ins to ensure that he is getting “face time” with his team and personally opening up and being vulnerable have helped to provide a sense of camaraderie.
“I haven’t heard a lot of people talk about it, but the level of intimacy, in a way, is heightened. Seeing what other people have in their homes, or kids, dogs, and cats making appearances. This allows us to connect in a deeper way than we had before, “ said Finney.
Community Collaboration
“Some people might talk about projects they’re working on or some technology they have implemented. But for me, the greatest achievement has been to help build people up. Any impact that I can make for human beings is huge,” said Finney. Finding a sense of community within your team and collaborating with peers is essential for professional development.
Higher education has unique challenges in that there are thousands of personal devices and moving pieces to secure. The security vendor landscape includes thousands of solutions, and while that technology is essential, finding the right fit for your organization is often a challenge.
“Our environment is kind of like a hotel in that we have three thousand residents. It is also like a WiFi hotspot, a medium enterprise and a research enterprise,” said Finney.
Collaborating with peers has proven helpful when selecting the right solution for the job.
If I can talk to another CISO for 20 minutes, that conversation is worth more than a three-month pilot project,”
A Connected Future
There is an unofficial motto in security, “people are the weakest link.” Finney said he does not agree.
“I want to be able to empower the people around me to make decisions that we can all believe in.” Partnering with the business by taking a proactive approach allows for building relationships early in the process. In Finney’s experience, this makes better progress with less expense and work.
“Our strategy has been to find a way to contribute to new initiatives and demonstrate the value of whatever we are working on,” said Finney. Maintaining flexibility and keeping user experience in mind will lead to being seen as a business enabler and someone that is approached first and involved early.
The role of the CISO or CSO has historically required being a “jack of all trades.” But, as more people enter the field we are seeing increased specialization.
“The future is one of specialization but that also means that the role of the CISO is even more important to be a connector. To help break down barriers and to help people understand the language of security across departments,” said Finney. “That, I think, is the future of security. We need to be more connected.”
Special thanks to George Finney and Southern Methodist University.
by CISOs, for CISOs
Join the conversation with peers in your local CISO community.