A desire to grow is the overarching principle that has shaped Tomas Maldonado’s career.

Maldonado, the CISO of the National Football League, has been in the profession for about 25 years. He trained in university as a computer scientist, but decided he didn’t want to be a programmer. So as the internet evolved, he decided to take more networking classes.

He “stumbled into” information security at Schroders, a small investment bank, after they advertised for a network security officer and trained him.

“I knew the network angle, but I didn’t have the skillset of what is known as cybersecurity. The company allowed me to learn and grow,” he said.

‘Grew up’

In 11 years at Goldman Sachs, he “grew up,” starting off as a hands-on technical cybersecurity person, then moving up the ranks to vice president, where he built the company’s first data-loss prevention program.

He moved to JPMorgan Chase “to grow my leadership and management style.” He served as the Chief Information Security Officer for the Corporate Technology & Risk line of business, and after four years there, left for chemical manufacturer International Flavor and Fragrances to be in a capacity where he would report to the board and step outside information technology.

The combination of working in financial services, where he learned and refined cybersecurity skills and controls in a highly regulated industry, and working in a very creative company like IFF, “prepared me for where I am today, at the NFL, running its security program,” he said. He’s been there three years.

Most viewed

Maldonado’s work at the NFL, where he provides cybersecurity services for the league’s clubs and stadiums, is different from prior experiences, he said. For one thing, the Super Bowl is the most viewed sporting event in the world.

“Our product is our sport,” he said. “The NFL being a high-profile brand, and the Super Bowl being the most-watched show in the world, we have to meticulously prepare as cyber attacks in all environments proliferate.”

Biggest influence

The different opportunities and different industries have influenced him more than the CISO world, Maldonado said.

“The security and technical aspects I grew up learning influenced me along the lines of seeing where technology is shifting and moving,” he said. “But adapting to different industries and learning what motivates them is more fascinating to me.

“I really like the fact that I’ve been able to travel with these opportunities, and meet people in different countries,” he said. “What I’ve found in that travel is that there is a lot more that connects us and binds us as people than separates us. That’s been very rewarding. It’s allowed me to be more flexible and more thoughtful in how I implement my security program.”

Helping colleagues 

It’s also important for Maldonado to help colleagues grow. With other peers, he hosts thought leaders on a weekly podcast to share their origin stories. “It’s a way to help provide mentorship ‘in bulk’ by leveraging our platform, he said.

He’s served on advisory boards for several companies, helping to shape the next generation of security solutions to meet business use cases. He is currently co-chair of Evanta’s New York CISO group, and is an active member of Security Current, he’s hosted its Security Shark Tank event.

Deepfake threat

One thing that’s very top of the mind for Maldonado is the emerging risk around deep fake technology, where existing video or images are manipulated to insert someone else’s likeness.

“We have very public celebrity-type people with a lot of footage on them, and you could easily create a video of one of the players, or any one of the coaches or any one of the NFL senior executives and use that for something malicious,” Maldonado said. “So trying to find creative ways to mitigate that particular risk, and working with companies that are looking to protect against that risk is very near and dear to my heart. It’s more apparent in this industry than prior industries I’ve worked at.

Keeping cool

”Being calm under crisis is probably the most significant contributor to a CISO’s professional success, Maldonado said. 

“You’ve got to be a good listener to be a good leader. You need patience. But being calm under crisis is probably the most important trait, because people look to us to be that calming factor for them,“ he said. “Whenever you have an incident, people are looking to you to be decisive, to be that leader, to be that coordinator, to be that calming voice in the midst of all of the chaos,” he said. “If you’re not able to exercise that level of calmness under that level of stress, it will be challenging for you.”

Different adversaries

To unwind, Maldonado tries to spend as much time as possible with his family, and he likes to travel. His last personal trip was to Hawaii, where he went right after the Super Bowl to decompress, and he’s interested in traveling to the Seychelles or Maldives.

“I need some sand between my toes, a nice, cold beverage in my hand, and the sun just beaming on my body,” he said.

He also enjoys scuba diving.

“Nobody can reach me underneath the water on my mobile phone or any other electronic device,” he said. “When you’re underwater, you’re there for how long you can be there and nobody can touch you. You’ve got sharks and other stuff, but those are different types of adversaries.”

Read the CISOs Connect™ Magazine CISO Spotlight Edition here: https://bit.ly/3Z2tIGc