Les McCollum is a firm believer in leading by example and he has applied this perspective ever since he taught himself to program on an Apple IIc as a kid.
“I have been very intentional about my career and development,” said McCollum. “I learned each vertical within technology to ensure that I understood the technical acumen of things as well as developing the business acumen that would be needed to compliment technology.”
It is his commitment to continual learning and pursuit of perfection that helped McCollum climb the corporate ladder right up to the executive floor where he is the Managing Vice President and Chief Information Security Officer at the International City Manager Association Retirement Corporation (ICMA-RC), which manages state and local pension funds, handing over $50+ billion in assets.
McCollum was introduced to security when the first firewall was installed in his organization. This wetted his appetite and interest in the field. As his career progressed, he took on more and more responsibilities for security activities until he reached his current role of CISO.
CISO as a member of the Executive Team
During his eight years at ICMA-RA, McCollum has steady expanded his responsibilities with the organization. He was promoted four times within his first five years and as a Managing Vice President he reports directly to the CEO as a member of the executive team.
“Reporting to the CEO is a great benefit for my operation, as I have autonomy to operate the division as required, including control over the security budget which is not dependent on the technology budget but instead is driven by risk management,” McCollum says.
Being part of the executive suite enables candid and engaging discussions regarding risks, resources, and priorities. This allows McCollum to have direct visibility with the board which helps to set the priorities and ensures that the security strategy is synergistic with the company’s business strategy. He attends all of the quarterly board meetings where he can provide specific information on the status of the security program, give direct feedback on the overall cyber risk, collect the resources required to mature the program, and provide advice to other internal organizations on how security can work with them in their digital transformation initiatives.
To McCollum one of the greatest benefits of being part of the executive team is that “it demonstrates to our clients and our competitors how serious we are about security.”
Suggestions on How To Elevate CISO Position
McCollum recommends that CISOs operate security as a business function, not as a support function. “I spend less time talking about security at the table than I do about the business.”
He believes that the “CISO has to develop business acumen in order to show the value of cyber security and the security function within the organization.” To make this work CISOs must build their overall understanding of the business and must articulate to other business leaders how cyber security enables sales, marketing, manufacturing, finance, human relations, and all of the other organizational components. CISOs should strive to develop rapport with other business functions to show the value of security. By building relationships it is possible to become involved at a time when security and privacy advice can be given without slowing projects down.
McCollum believes that by being a full member of the corporate team, security has a chance to influence digital transformation initiatives by offering security assistance and guidance. There aren’t necessarily security technologies directly connected to digital transformation but by being a business-oriented advisor, security can be involved in those initiatives early in the process.
Expand Your Search to Address Cyber Skills Shortage
Another area McCollum is quite passionate about is giving back to the community by expanding the pool of cybersecurity professionals. To this end, he has taken the opportunity to mentor future security leaders by bringing in interns to get practical experience.
“I’ve had yearly security interns and they have gone on to be very successful.” McCollum has had brought in 12 college interns and 11 of them have been retained by his organization or they have gone on to work for other organizations, including Cisco and Microsoft. He believes this is a small way to help alleviate the shortage of cybersecurity workers.
The ICMCP’s vision is to achieve “consistent representation of women and minorities in cybersecurity through programs designed to foster recruitment, inclusion and retention – one person at a time.” McCollum also was a Board Member of the Information Technology Senior Management Forum (ITSMF) which is dedicated to cultivating executive talent among African-American IT professionals. He currently serves as the Technology chair providing technology leadership and guidance for the Board and Executive Leadership of ITSMF.
McCollum reiterates that “there is a large untapped reserve of potential workers if we can create opportunities for them. Women and minority candidates can add tremendous value and be very successful if given the opportunity.” He recommends that CISOs use the resources of those institutions when looking for cybersecurity professionals and diverse candidates.
Dreams, and Never Stop Learning
Les McCollum is driven by a goal he set early in life. “I knew I wanted to be a CIO one day but I also wanted to become an effective CIO so I needed to learn each vertical within technology.” To reach that goal he has worked and managed at the Help Desk, did network administration, performed and managed application development, handled security, and made sure he understood how technology is important to business goals.
Technology is not all McCollum has concentrated on. He has a certificate in “Helping Individuals Lead Successfully” (HILS). With that certificate from Staub Leadership International he has honed his ability to be a stronger coach, motivator and negotiator. And he hasn’t stopped learning. McCollum is enrolled at Georgetown University in a Master of Professional Studies in Cybersecurity Risk Management program.
“It is important to add value so I strive towards continuous personal improvement.”