Industry Insights

CIO Classified: How to create a culture of security

With technological innovation accelerating faster than ever—and the pandemic entering a new phase—CIOs have never faced more uncertainty and complexity. That’s why we’ve partnered with Caspian Studios to sponsor Season 3 of the CIO Classified podcast. 

CIO Classified is a podcast for CIOs, decision-makers, and technology leaders that want to push their business forward and stay on the cutting edge. Each episode features candid conversations with leading CIOs discussing their most pressing challenges and how they solve them. 

Listen to the latest episode for insights and actionable strategies that you can bring back to your own organization today.

Episode summary

In this episode, Red Hat’s CIO Mike Kelly and Sumo Logic’s CSO George Gerchow discuss:

  • The importance of building a robust security culture
  • The critical role CIOs play in shaping the employee experience 
  • How to foster innovation in a secure environment

Episode soundbites

“The job of IT is to eliminate friction from people to be able to do their work. And if you think through what it’s like for people to use the things you’re out there peddling and the experience sucks and you don’t step up to fix it, then you’re failing in my opinion. You have to be the number one experiencer of these things. You need to have a mindset that says, “Is this really the best we can do?” You have to want to delight people, and you don’t want them to go off and do things on their own. That’s just non-productive work, and it’s our department’s role to do that.” — Mike Kelly, CIO at Red Hat

“To be a security leader today, you have to have three fundamental skill sets: 1) Knowledge of the business, 2) Technical breadth, and 3) You’ve got to be able to sell your program at a board level, the customer and prospect level, and to your team. You have to get an organization excited about security, which is really hard to do.” — George Gerchow, CSO at Sumo Logic

“A lot of my job is to make sure we’re applying tension to decision-making. People get enamored with technology quite easily, and they don’t want to go through a privacy impact assessment. They don’t want to do the required checks and somebody, in some cases, has to be the bearer of perceivably bad news… It’s all about setting expectations. It’s not that we don’t want you to have the software. We want you to do your homework, so if you bring the software into our enterprise it doesn’t blow everything up.” — Mike Kelly, CIO at Red Hat

“Security is not one size fits all, because if it’s not touching critical data then I just really don’t care and don’t want to stop things or slow things down… The number one thing that I’m focused on now, if I put my IT hat on, is how am I going to streamline that process and get out of the way. As a security person, that’s always been my and my team’s goal is to put a process in place, make it seamless, and then get out of the way as fast as we can.” — George Gerchow, CSO at Sumo Logic

Episode guests

Mike Kelly, CIO, Red Hat

Mike Kelly is Chief Information Officer for Red Hat, leading IT teams that provide the tools and technologies that enable Red Hatters every day. Since joining the organization in 2016, he has been responsible for global Red Hat IT functions including strategy, security, data and analytics, delivery, and operations. He led the development and implementation of the Red Hat on Red Hat program, a peer-to-peer initiative for Red Hat customers that shares authentic stories about how internal IT uses its own products.

Before joining Red Hat, Kelly served in senior leadership roles from 2007 to 2016 at McKesson Corp., including as Senior Vice President of IT Shared Services, Chief Information Officer of McKesson U.S. Pharmaceutical, Senior Vice President of Enterprise Application Services, and Chief Information and Chief Technology Officer of McKesson Specialty Health, a division of McKesson. Prior to that, he served in a variety of leadership roles, including Chief Information Officer at Oncology Therapeutics Network (OTN), Senior Program Director in Office of the CEO at SAP, and a Principal Consultant at Capgemini.

George Gerchow, CSO, Sumo Logic

George Gerchow is Chief Security Officer at Sumo Logic, bringing over 20 years of information technology and systems management expertise to the application of IT processes and disciplines. His background includes the security, compliance, and cloud computing disciplines. Mr. Gerchow has years of practical experience in building agile security, compliance teams, and modern day Security Operation Centers in rapid development organizations. These insights make him a highly regarded speaker, and invited panelist on topics including DevSecOps, cloud secure architecture design, virtualization, compliance, Bug Bounties, and operational security and compliance. 

George has been on the bleeding edge of public cloud security and privacy since being a co-founder of the VMware Center for Policy & Compliance. Mr. Gerchow is also an active Board Member for several technology start-ups and the co-author of the Center for Internet Security – Quick Start Cloud Infrastructure Benchmark v1.0.0 and the MISTI Fundamentals in Cloud Security. He is a Faculty Member for IANS – Institute of Applied Network Security https://www.iansresearch.com and Cloud Academy https://cloudacademy.com.

Don’t miss an episode

New episodes launch every two weeks. Subscribe to the podcast to get notified when new episodes go live.

Would you recommend this article? Yes / No