When you meet Gary Hayslip, don’t let his calm demeanor fool you — underneath is a deep passion for and understanding of the “Internet of Everything” or IoE. To say his 25-year career in information security is impressive would be an understatement. From serving as Command Information Security Officer in the United States Navy to his more recent position as the City of San Diego CISO and deputy director, Gary has become attuned to the ever-evolving role of a CISO in organizations.
As I chatted with him across a boardroom table, I began to picture how IoE has the potential to create abundant opportunity and new risks. Imagine this: smart parking meters making your urban commute easier. Communications between your car’s GPS and parking meters in the vicinity help you find a vacant spot and pay the meter all from an app on your phone. Now imagine the adverse — a powerful DDoS attack using those same smart parking meters to send a flood of communications to an area internet service provider, overloading its network bandwidth, and debilitating internet service for its customers. It can be scary to think about.
According to the FBI, “deficient security capabilities and difficulties for patching vulnerabilities in these devices, as well as a lack of consumer security awareness, provide cyber actors with opportunities to exploit these devices.” For the record, this is why more organizations need the Gary’s of the world.
I caught up with Gary at the Webroot World Headquarters in Broomfield, Colorado, to talk about his decision to join Webroot, his views on IoT, and more.
Webroot: What made you decide to join the Webroot team?
Gary Hayslip: I had been working in the IoT and cybersecurity space around smart cities and smart communities for a while when I came across Webroot. Seeing the Webroot FlowScape® capabilities coupled with how their product suite leverages the power of machine learning to predict and protect against threats in the connected world we live in had me sold. At the end of the day, a forward-leaning company that can offer Webroot’s level of protection to both consumers and partners intrigues me.
Webroot: As an InfoSec leader, what will be your main area of focus at Webroot?
GH: To me, cybersecurity is a business critical function. The Office of the CISO provides enterprise risk management through current state assessments and forecasting. Ultimately, our consistent question to solve is “how can we better support departments across the organization?” I think I’ll bring a unique point-of-view to that question considering I was recently a customer. Along those lines, my insight from the customer point of view will offer an advantage with product strategy to reduce the risk for customers. As Webroot grows, I want to ensure the programs and strategies my teams create are flexible enough to grow alongside the company.
Webroot: What opportunity do you think Webroot can fill in the market?
GH: I see a significant amount of movement in getting IoT devices to market, but not a lot of readiness to make sure these devices can be scanned, monitored, or protected. FlowScape bridges the gap and allows you to see the devices communicating within your networks and gives context around what devices are doing. The Webroot product portfolio truly does protect users across devices, networks, and perimeters. Delivering comprehensive security solutions that detect, defend, and provide analysis to businesses and individuals is our sweet spot.
Webroot: What difference do you want to make in your new role?
GH: The biggest thing for me is making a resilient program ever better. Cybersecurity is a life cycle and breaches are part of that life cycle. It’s never lost on me that threats are constantly emerging and evolving. It’s only fitting for a best-in-industry organization to meet the threats where they live with constant preparation.
In addition to sitting on numerous boards and being an active member of ISSA, ISACA, OWASP, and InfraGard, Gary holds the certifications of CISSP, CISA, and CRISC. Be sure to check out his book CISO Desk Reference Guide.