Shawn Bowen
CISO
Restaurant Brands International
June 2020
A little over a year into his role and the first ever CISO at Restaurant Brands International and its related entities, Shawn Bowen has had his work cut out for him. Educating the organization on cybersecurity has been on track, but when you add in a global pandemic, the importance of cybersecurity awareness can get lost.
To address this, Bowen has made it his mission to continue to educate his colleagues on the importance of cybersecurity so they can better understand and prepare for possible threats.
Bowen relates the understanding of IT and security to a person’s financial intelligence. While you don’t have to be an investment banker to retire, you need to know investing basics. That’s where Bowen comes in. “I am really passionate about cybersecurity, I want to help people learn it, I want to answer questions for people all day long.”
Bowen serves as his organization’s trusted security advisor in a variety of innovative ways.
Identify Advocates in Your Organization
Bowen notes that he “wants the willing, no matter what your rank is.” Meaning, find people who are interested in cybersecurity at any level in your organization: your cybersecurity champions. He notes that it’s more important for most of the staff to know a little about cybersecurity than a small percentage of staff know everything about it. It’s with this approach that people will start proactively reaching out to Shawn when they have questions and creating a more open dialogue about security throughout the organization.
Find Common Ground with Your Advocates
The term “cybersecurity” can sound daunting and sometimes uninteresting. To showcase how security plays a role in everyday life, Bowen recommends finding ways in which it relates to people’s preexisting interests. He gives the example of a colleague who loves math. Every so often he shares news with her about the intersection of math and cybersecurity to highlight how security is integrated into parts of our lives that we may have never known about.
“For me, if I can find the willing and spend a half hour or hour with them and give them the exciting pieces, or the stuff they are concerned about, now I have people who will come to me or say in a meeting, ‘Hey, we should ask Shawn about this,’” said Bowen.
I send them things that they are interested in and remind them that cybersecurity is always here, and I care about their interests.
Don’t Bombard People with Too Much Information
BLUF: Bottom Line Up Front. That’s how Bowen kept his communication in his decades of military experience, and it’s what he brings into his new role now.
He fully admits that his passion for cybersecurity often comes out in full force and can overwhelm people with too much information. Bowen regularly works on tempering his passion to match others’ appetite for learning cybersecurity.
“[I ask people] how much time can you give me if I send you something? I don’t send things on a schedule, that would be a subscription. I want to send things that matter. If you can only give me 15 minutes, then that’s all I’ll take,” said Bowen.
Be Available
Bowen states that no matter what, being available is a priority in order to successfully educate people.
Ask me anything you want, let’s go to lunch, coffee, or whatever you want. I want to answer any question that anyone has.
He compares it to an Air Force phrase: be credible, humble, and approachable. When it comes to being approachable, Bowen says, “I have my phone on me, you can contact me any time you want. There is no reason to not be approachable, particularly regarding something I am passionate about. Why would you not want to be approachable? This is something I truly love!”
Special thanks to Shawn Bowen and Restaurant Brands International.
by CISOs, for CISOs
Join the conversation with peers in your local CISO community.