Tim Mullen
CISO
Travelport
June 2020
While difficult to imagine, cybersecurity was once a relatively new field.
When Tim Mullen, CISO at Travelport, started working in information security, it was more of an untapped area of technology than the mainstay it is today.
Reflecting on the appeal of a career in cybersecurity, Mullen said, “It is challenging, requires innovative thinking and work, and the constant changes keep things interesting.”
Not wanting to be seen as “the office of no,” Mullen has encouraged his team at Travelport to alter that assumption and to help drive forward others’ business goals. Being a true partner to the business has helped naturally embed security into the culture of the company. These cultural shifts, with Mullen at the helm, have resulted in the cybersecurity team being part of the solution, giving them direct involvement and visibility throughout the organization and helping Travelport innovate securely.
Mullen took some time to share his insights on strategies to stay engaged and innovative, lessons learned, and the future of information security.
What can you tell us about the cybersecurity strategy you’ve implemented at Travelport that stands out from what other companies may be doing?
Cybersecurity continues to evolve at Travelport to keep up with ever-changing security threats in the market, and my team has deployed a layered security strategy to combat these threats and protect our data assets, employees and customers of our company. This layered strategy deploys best of breed security solutions at every different security layer in the environment. Travelport continues to make investments in new tools and capabilities, along with headcount increases within the cybersecurity organization. We use our internal employees, security solutions, as well as 3rd party external security providers to cover all the layers of our security.
We continue to invest and grow with the expanding security market, as we are tasked with protecting all forms of personal data, payment data, customer information, and proprietary data within the Travelport environment.
How do you stay knowledgeable about innovative practices, processes, or technology for your role?
I think it is important to gather and share knowledge and best practices from outside of Travelport, and so I make it a point for myself or one of my team to regularly attend IT security industry conferences. We are active members of prestigious industry groups – like our role in advancing the CISO governing body of Evanta for Atlanta – where we can share and gain value from sharing best practices and lessons learned. Internally, we provide paid training and encourage employees to pursue advanced certifications to effectively utilize products purchased from vendors. And, personally, I make it a point to regularly read up on industry news shared on LinkedIn, in outlets like Dark Reading and other industry sources.
What are some of the interesting and more challenging initiatives you have led your team through at Travelport that have benefited your company’s own digital transformation?
We rolled out an enterprise-wide access management solution across the organization using innovative features and functionalities in our corporate and commercial environments, such as single-sign-on, provisioning, multi-factor authentication, and role-based access controls and certifications. Since Travelport operates in more than 180 countries around the world, this was a significant milestone to achieve.
We’ve expanded our application security program and have fulfilled 24/7 SOC with built-in data analytics to better monitor issues and concerns in our environment around the clock.
We’ve implemented and followed a three-pronged approach focused on monitoring and consuming threat intelligence and data analytics — a heavily invested, in-depth defense against cyber threats and rigorous incident response plans.
What technology capabilities do you see shaping the future of information security?
Data privacy, information security, and online threats are exponentially growing at such a fast pace that security will increasingly become embedded across all roles within the business. Best practices and measures to help the good guys win can’t just fall on one person or team. It is the whole company’s responsibility to maintain effective security practices. Travelport has bought into implementing security across all areas of the business, and along the way, we’re seeing more people outside of security being very proactive in raising questions and issues to our team.
What are the top three lessons you’ve learned on the job?
- Security is always changing and evolving. Do not get comfortable because there is always going to be a new threat that must be addressed, and it is best to stay steps ahead and proactively prevent any potential risks.
- You’re never the smartest person in the room. Lean on your team, other colleagues, and make it a point to research and keep learning.
- Nothing can replace hard work and work smart. If you put the time and effort into doing things right or figuring out the best course of action, you will get rewarded. My team is hard-working and goes above and beyond to push the envelope and we come up with cool things that bring value to the company.
Special thanks to Tim Mullen and Travelport.
by CISOs, for CISOs
Join the conversation with peers in your local CISO community.