Looking toward the future is what guides Dr. Jamaine Mungo, Chief Information Security Officer at Philadelphia International Airport.
“I see myself as a captain on a ship, always looking ahead toward the horizon, not just thinking about now, but thinking about the future,” Mungo said. “That helps me to really look out to see what’s coming down the line so that we can be prepared to be proactive and not reactive.”
Innovation is a major pillar of his security program.
“When I speak of innovation, I’m looking at automation and the use of AI to really help dig into the data so that it is beneficial to our environment,” Mungo said. “My team does a great job at ensuring the required controls are in place and maintained to keep us moving ahead and planning for the ‘when,’ not the ‘if.’ I’m really excited about that.”
Staying innovative is his top advice to security practitioners just entering the field.
“Coming in, you’ll see many problems,” he said. “Bring that level of new eyes on a problem to develop a strong solution so it will never be a problem again.”
Having started on a customer help desk, listening to users and hearing their problems, was a formative experience.
“Having a customer service base, and then turning problems into solutions, has helped me evolve over time,” said Mungo. “Throughout my career I have kept that in my back pocket.”
Before arriving at Philadelphia International Airport this year, Mungo secured government agencies and corporations, with roles at Lockheed Martin, Comcast, and the Office of the Attorney General of New Jersey. His experience has given him a grounded understanding of what it takes to secure environments big and small, helping him to know what areas to lock down to keep that level of security at an optimal presence, he said.
The sheer size and complexity of an airport is a challenge but being prepared along with having a plan in place is very important.
“But I’m always optimistic, knowing that I have the proper resources in place, all the proper controls in place, to ensure that the environment stays secure, that flights can take off and land, and passengers are happy,” Mungo said.
Sharing knowledge has always been a big part of Mungo’s professional life. At PHL, knowledge-sharing has come to play an even bigger role.
“Within the aviation industry specifically, there’s a huge component of knowledge sharing, through forums and groups,” Mungo said. “Ten, fifteen years ago, there was not a lot of knowledge sharing. But now, with a constant level of threats, and potential impacts on an environment, people tend to share. Knowing what’s going on in someone else’s environment can help you out on your own, so you’re not spinning your wheels in the mud trying to figure something the next person has already figured out.”
The landscape on which CISOs operate is so wide that they have to wear many hats when it comes to governance, risk, compliance, vulnerability management, threat intelligence, and talking to senior management and the board, Mungo said. Another crucial component is knowing the business, he added.
“You’ve got to know how the business operates, how it functions, how it makes money, who the key stakeholders are, and what’s being done to grow the business,” he said. “Knowing how the business functions allows me, as a CISO and a leader, to function and be aligned with the business.”
Looking ahead, Mungo sees already-prolific ransomware attacks getting smarter day by day.
“The reason they’re so successful is because they prey on the user sitting behind a keyboard,” said Mungo, author of Anatomy of Cyber Attacks: Exploitation of the Weakest Link. “Companies have invested millions of dollars into using protective solutions to secure their environments, but all that gets compromised when a user gets exploited. That’s the biggest trend I’m seeing over the years, exploiting the actual user.
“Another trend I see is adversaries targeting third party companies, because they have fewer controls in place. So I would say having a strong third party risk management program in place is crucial.”
As an industry veteran with more than 25 years of experience, Mungo has accumulated a great deal of knowledge that he is committed to passing on.
“I’ve always been a big fan of giving back to the community or to academia,” said Mungo, who holds a doctorate in Cybersecurity and has been a professor at Cornell University, Purdue University and North Carolina A&T State University.
“When it comes to academia, I know that I’m giving back to the next generation of leaders and equipping them with the knowledge and toolsets that will help them in their career or to get started in the career they make and help them excel.”
Successful CISOs listen and learn, Mungo said.
“You’ve got to have that customer service base level. Are you talking to people? You’ve got to know how to listen to people, first to understand the problem, and then to develop a solution.”
They also need to set goals and objectives, and know how to articulate messages if they want to influence and lead, he added.
“We’re talking to a wide range of people, so having the ability to communicate is definitely key,” Mungo said.
Mungo is deeply committed to community service, serving as president of the Kappa Iota Lambda Alumni Chapter of Alpha Phi Alpha Fraternity, Inc. , which honored him with the Leader of the Year Award for his dedication to community development and engagement. He leads various regional programs supporting youth development, college preparedness and career development.
“I’ve always been an advocate of supporting, uplifting and serving the community, to give them what is needed to thrive,” Mungo said.
Aside from his community work, Mungo spends off-duty time running, going to the gym, and playing football and basketball to relax and decompress.
“I tell my friends, you don’t just have to work,” he said. “Have something else to do to really balance yourself after your day job. I do that all the time. It helps with release of stress to focus on something other than work. Burnout is really real.”