Florida Crystals CISO Expands Beyond Security
Christine Vanderpool is the CTO and CISO for Florida Crystals, a multi-billion-dollar sugar manufacturer, but like many in the security community, her role has expanded to include so much more. Her duties today include everything from security and innovation to enterprise architecture, IT supplier management, communications, data privacy and zero-based budgeting, among other things.
While Vanderpool jokes the company’s leadership gave her these additional jobs to “stop her from getting bored,” they’ve also served as a way to understand better the depth of the organization she has been tasked to keep secure.
“Too often as CISOs we focus on the traditional security roles of our job and do not take the time to understand the whole organization,” Vanderpool said. “I’ve been able to really understand the processes in our company, the supply chain, finance, legal challenges, and the ‘crown jewels’ that may be at higher risk.”
Vanderpool joined Florida Crystals in a traditional CISO role, following more than a decade at Molson Coors, expanding roles in information technology and security. As she’s grown in her career, her mission continues to expand beyond the CISO office and into part of a company’s larger leadership and technology team, along with that of a valued mentor.
Speedily changing technology
Vanderpool leans on an experienced team to fill in some of the gaps to take on these extra responsibilities. Her additional tasks allow her to expand her knowledge of Florida Crystals while empowering team members to take on more responsibility as she serves in a mentorship role.
Her current special project focuses on risk and business continuity planning for the company. While Florida Crystals excels at sugar manufacturing, the company features many different components from factories and real estate to an investment banking arm and an all-inclusive resort, among many other business interests.
“There are a lot of different areas that someone does not immediately see when they look at our company,” Vanderpool said.
“I want to look inside the core business and try to create a top-down strategy that looks at our security and risk profile to move the organization forward.”
Along with empowering others in her department, Vanderpool also makes an effort to understand the needs of each employee and ensure a cohesive working arrangement. By keeping employees happy and engaged, she ensures they continue to grow.
That structure allows for a highly functioning department that can expand beyond its traditional operating limits. Part of this mentorship, Vanderpool says, includes finding ways to keep work fun when possible. Years ago, she had the habit of ensuring every Friday meeting included a bad “dad joke” to keep everyone loose.
“I found out from a co-worker that when I left that company, they continued to make a bad joke of the week,” Vanderpool said. “I thought, ‘that’s pretty awesome. People remember that stuff.”
Understanding the Role of the CISO
One area Vanderpool tries to focus on, and she advises to those she mentors, is that CISOs need to understand the business case for security operations better. CISOs must tell a strong security story so their work is seen beyond just the backroom technology.
For instance, when she first started with Florida Crystals, some company leadership did not understand the full importance of information security. “There was this thought, ‘Oh, we make sugar, what information do we have that people want?’” Vanderpool said. “As a CISO, it was my job to get them to understand that things like customer information, banking data, and supply chain partnerships all offer security risks that we must plan for or we could end up with a real problem.”
As she continues to expand her roles, Vanderpool advises other CISOs to, of course, push for the security needs of their organization but also to see how they fit in the overall picture. She finds herself in an enviable position where the company leadership will approve security measures if she sees the business case. That doesn’t mean she goes full force on everything she immediately needs.
“It’s about getting past that single vision of security and how the full enterprise can be successful,” she said. “When we get beyond our scope, though, we can see how else the business can succeed. It’s about knowing when security is needed and when other parts of the organization may need those resources so you all can be more successful.”
Read the CISOs Connect™ Magazine CISO Spotlight Edition here: https://bit.ly/3Z2tIGc