George LLano has seen much in computing over recent decades. The Chief Information Security Officer at Deluxe Entertainment Services Group of Burbank, Ca. has intimate knowledge of hardware and software and has closely observed the evolving role of CISOs.
“It is important to be able to navigate between the business needs and technology to meet those needs. As a CISO with technical acumen I can go one-on-one and challenge my employees and allow them to mature themselves,” LLano says.
Growing with computers
While at college, LLano started out by pursuing a degree in electrical engineering. One night at work followed by a succession of others, he was increasingly fascinated as he saw IBM PC’s being unboxed. It was early on, but he foresaw the move from mainframe infrastructure towards personal computing. The evolution — or revolution — was happening before his eyes.
“When I saw the new computers, I said ‘wow, it’s awesome,’ and I started to spend a lot of my free time doing PC work,” he recounted. “And then, before I knew it, I landed at a company that allowed me to become a PC tech, and I started learning how to do networking. I organically grew into being in security which was literally grassroots at that time.”
LLano switched from studying electrical engineering to computer science because he said he could see the “great potential.” “I started off at Viacom as a network engineer. It was an amazing opportunity working at that organization. Cisco had just been exploding in the market as an engineering company and we were installing their new switches and routers that were going to revolutionize the media industry.”
Setting standards, gaining deep knowledge
At the forefront of technology and security, as a next step at Viacom, LLano built the information security team from scratch. “I was employee number one, patient zero,” he recalled. LLano worked to build up his credentials in the field and gained further certifications.
“I think it’s important for anyone in this kind of career to have foundational credentials in order to be reputable. I studied for my CISSP, and then I went to more advanced certifications such as SANS training, I then went on to become certified as an ISACA information system auditor. I did about 10 certifications, which provided me some clout. After the certifications were completed I felt a need to round myself out academically and I went for my master’s degree in cyber security over at Penn State. To continue to mature my career I then decided to pursue a PhD in digital forensics at the University of Fairfax. You can never have enough degrees or certifications to help move your career along.’”
LLano said that his deep understanding of how systems work has given him the ability to get the best out of his team. From Viacom, LLano moved to iHeartMedia where he focussed on aligning the then rudimentary security structure with modern best practices.
Marrying security with corporate requirements
The importance of maintaining an appropriate level of security while still affording the company the ability to take the appropriate risks to increase profits is paramount and the CISO must be able to dovetail with the C-suite to help them understand what needs to be done.
“The other half of the role is how to become an influencer, someone who is a thought leader on the corporate / business side. Traditionally, there’s a CFO, the COO, the CEO the CIO. These are individuals who have always been sitting at the table and now you’re coming in and you’re telling them about cyber risks that could potentially slow down revenue streams. They’re looking at you in a different way, as someone who could be an obstacle, rather than a valued asset. So, you need to understand the business needs and find a way to show how security can actually be an enabler in the organization.”
The CISO role is evolving as they gain more knowledge in their field through experience acquired from the previous generations, LLano said.
“I think that CISOs are getting better educated. I think that as a result of the previous CISOs who were pioneers into this field, a lot of knowledge has been distributed to others emerging CISOs.
“Through that knowledge exchange, CISOs are paving a new path for newcomers and they are going to be better, faster, smarter, more involved and integrated into the business.”
Downtime decompression
When he’s not at his desk, LLano likes to go out and run four to five times a week, putting in five or six miles at a time. He says it’s the perfect way to be able to think clearly.
“It’s a great place to be because it’s alone time, it’s almost like dreaming with your eyes open. It gives you an opportunity to analyze the things that have occurred over the last couple of days and for you to reflect and consider ‘what can I do to make things better? Or what am I going up against the next week or the next couple of days?
“I think that every CISO needs some alone time and some time to reflect and to organize their thoughts. Sometimes just sitting in a Starbucks having coffee just listening to some tunes to decompress is enough.”