Cyber security leadership and management are two high-level competencies necessary to successfully manage a cyber-security division that generates the critical degree of security, trust, and stability (STS) that a business requires. Although leadership and management skills are required for all information systems security officers (ISSO) and/or chief information security officers (CISO), they must be purposefully developed. This learning route will focus on the key objective elements (KOE) by exploring the alignment of information security plans with organizational strategy, regulatory systems, and operational excellence, using industry standards, frameworks, and models as a guide.
With an extensive background in security strategy and program design, privacy, identity management, and threat management, Clewin McPherson, Chief Information Security Officer at Exiger, focuses on the firm’s global information technology operations, information security, and risk management programs. His current role at Exiger is his third field / job iteration.
Innovative Cyber Risk Prevention Solutions
The most severe cyber security threat is the industry’s lack of genuinely competent security experts. While this is improving, there are still a lot of tool companies out there who don’t grasp security principles and can’t properly deliver sufficient security programs.
At Exiger, the team has assisted its clientele in mitigating cyber-attacks connected to supply chains and key infrastructure, emphasizing ‘the danger of the insider’ – this increasingly requires real-time monitoring of third-party risk and even inherent risk from complicated supplier networks. Compounding this difficulty, which is caused by vast volumes of data, enterprises have swiftly changed into a new work paradigm that allows them to work from anywhere, at any time, and on any device. “We must – as an industry – commit to improving the status quo. This starts with transparency into your vendor and supplier network, and then prioritizing critical relationships,” says Clewin.
Exiger is assisting governments and enterprises in making the world a safer place to do business by developing revolutionary risk technology that addresses supply chain and other third-party risk exposures. Its practical experience includes financial crime, money laundering, cyber security, ESG, supply chain, and other areas.
Evolving as an IT Professional
Clewin began his career as a high school chemistry and math teacher. He became a consultant and worked over ten years assisting big financial institutions and Fortune 500 customers in becoming more safe, agile, and compliant.
Clewin formerly worked at Ernst & Young as the Manager of Information Security, Information Technology Advisory Services. Clewin oversaw projects with Fortune 100 banking and insurance firms to design, develop, and deploy corporate identity and access management services, third-party security risk management programs, and information security governance activities throughout his tenure there.
Clewin developed IT and security policies, standards, and procedures to better identify, priorities, and mitigate risk; metrics to provide insight into the performance of security controls; and identity and access management services to centralize identity management, account provisioning, and de-provisioning as part of these programs.
Clewin considers himself very fortunate in his career. He says, “I have not experienced too many barriers other than (maybe) not taking as many risks as I could have.” In fact, he has benefited from incredible mentors and sponsors who have helped him navigate an enviably steady career path.
Clewin describes three main reasons for his growth as an IT Professional:
- Networks Matter. Clewin has a great network of professionals and mentors who are driven by excellence, committed to staying up to speed on the latest trends ( as cyberspace is so fast moving) and driving thought leadership about the best strategies to mitigate risk and threats.
- Projecting Value. Clewin decides to execute and deliver on 1 technical project a year. This way, he still has his hands on the keyboard, but he is not a bottleneck for his team.
- Going Back to Basics. Reading, webinars, and podcasts on security, business, and personal development. Clewin asserts, “My “Practical Unix & Internet Security” textbook from undergrad is still one of my go-to reads when I am facing a new technical challenge. Leveraging my foundational education has always worked for me.” He also attributes his security foundation to his tenure at Purdue University’s Center for Education Research in Information Assurance and Security (CERIAS).
He adds, “Outside of work, meeting new people and getting to know people in all walks of life energize me. Sometimes, this means traveling to try new things (recently, it manifests as trying new foods).”
Team that Leads Under one Vision
At Exiger, the management team founded the company after recognizing the importance of cyber security to the effective execution of its mission. Clewin says, “Security is a business partner and a differentiator for us.” Clewin likes to be consistent inside and outside of work. Inherently, he is an enthusiastic protagonist and advocate. He says, “I love my team and seeing them grow and become strong leaders.” He thinks the team thrives when diving into new projects and tackling new challenges.
Clewin sees data governance and cyber security as two rings that are inextricably linked. The company’s systems have been created to meet the highest standards in the classification of data that the team manages. This has allowed the team to negotiate ever-changing rules (such as GDPR, PDPA, and others) with minimum damage to the business. According to Clewin, the team did an excellent job of delegating responsibilities for data management and security to appropriate levels within the business.
Enthusiastic Leader of the Exiger
Clewin’s responsibility at Exiger is to work with the executive team to identify and mitigate security threats within the company. He is also accountable for considering and comprehending how security might be a competitive differentiator for the services offered by the organization to its clientele. Clewin’s current focus is on the company’s platform and SaaS solutions, although this has shifted dependent on Exiger’s development phase and where management has invested in the firm.
Leveraging the best components of his previous work experience, Clewin is a highly operational as the CISO at Exiger. He attributes his security foundation to his tenure at Purdue University’s Center for Education Research in Information Assurance and Security (CERIAS).
Clewin asserts, “My happiest moments day-to-day are when I hear someone who is not part of the security team identifying an issue or a design decision that we should NOT pursue because of the potential security risk.” He adds, “Outside of work, meeting new people and getting to know people in all walks of life energize me. Sometimes, this means traveling to try new things (recently, it manifests as trying new foods).”
Notes on Leadership
“Early in your career, raise your hand to try many things but get really good at something that matches who you are,” says Clewin. “As you advance, maintain your technical skills, but refine and strengthen your softer skills– like influence, management, and communication. Always try to remain authentically yourself.”
According to Clewin, effective leaders breed other leaders. He believes that being a player/coach, listening with understanding and compassion, and being honest with his/her team accomplishes this. Clewin considers timely, straightforward, and pragmatic feedback to be a gift. He recalls the leaders who possessed such characteristics, and he finds himself copying aspects of them in his own capacity.