Seth McCallister, Chief Information Security Officer, HUB International
Protecting information assets for a Fortune 500 company and managing a farm may not appear to have much in common, unless you’re viewing both through the eyes of insurance company CISO Seth McCallister. Both are macro organizational systems with micro components, he says. And the organizational work flow at HUB International in Chicago where McCallister works parallel the life patterns at McCallister’s 31-acre farm in Woodstock, Illinois.
“I’m into larger design aspects, and the larger design aspects of all the different components of my farm versus all the different components of how a security program would be put together – or how technology would be put together – is very interesting to me,” he says.
McCallister’s love of sustainable farming – in which one part of the agricultural system nourishes another – and his fascination with computing both took root around the same time. He was six when his grandparents gave him his first computer. The first thing he says he did was take it apart with a screwdriver and put it back together. “I had a keen interest in figuring out how things worked.”
“I started coding when I was really young,” he says. “I had hooked up my first modem at school.”
By sixth grade he was contributing to bulletin boards, and by high school his hobbies included computer hacking and all aspects of connecting to other systems. “For me, this was a discovery that was like finding another world. I enjoyed connecting with other people over the computer,” he says.
As a budding computer expert, McCallister progressed from working at an Internet service provider (ISP) at age 16 to starting a service provider business of his own. “We built that business a little bit, and then I made a pivot as we were unable to get seed funding,” he says. So, he decided to go to college, but before he would even start class, the U.S. Air Force sought him out for a special project.
For the next five years, he acted as a technology consultant for the Air Force in San Antonio, Texas. “I worked as a civilian doing system administration before being given the opportunity to design the first Active Directory implementation for the Air Force,” he says. He also spent a bit of time working on the Air Force’s secret messaging system, says McCallister. “I’m not quite sure how they discovered me and the small business I ran, but it was really an interesting time for me. I learned so much and really grew up during that time.”
His stint as a security engineer for the Air Force led to his next position as an information security consultant for TEKsystems, where he served as the technical lead for a variety of products. After a year with TEKsystems, he moved to Zurich Financial Systems as a security architect and worked with the business units on new projects to design and implement security solutions across the international enterprise’s network.
From there he landed the role of head of global information security at Beam Suntory, where he built the security program from the ground up.
Following that experience, he took on his current CISO position at HUB International where he blends the business role with technical elements. “We are in the process of taking our environment 100 percent to the cloud,” he says. “We have a whole data analytics program that’s launching within our company. We are redefining the process across the company from an operational perspective because we are growing quickly through mergers and acquisitions. We do almost one M&A activity a week,” he adds.
McCallister says he finds the fundamental security problems to be similar across industries. Even hacking methods are consistent, McCallister says. So, too, is human nature upon which hackers prey. “People want to help other people at their core.”
“The big risks we’re always fighting are phishing, social engineering and malware types of incidents. Breaches tend to start with some type of malware in the environment, and how quickly you can find it and eradicate it is pretty important. APTs [advanced persistent threats] aside, I think a lot of companies aren’t detecting these types of incidents quickly enough. We’ve put a lot of effort into our program to really up our detection and response—to figure out when we have had an incident, how fast can we react, how quickly we can eradicate that from our environment before we fall victim to a larger breach.”
McCallister describes himself as “a builder.” He says he thrives when accomplishing things and seeks challenges in his professional life. And as a veteran cybersecurity professional, McCallister has seen significant changes in the CISO role as it matures from an IT security role into a business function. He advises people entering the space today to follow their passion and ensure they have at least some technical acumen. “This industry is amazingly technical. The devil is definitely in the details and it’s important to have some amount of rooting in how things work, because that is what will snare you up eventually.”
Being a CISO can be stressful but invigorating, says McCallister, who finds balance through working on his farm and being in nature. As an only child, he says he spent “a ton of time out in the forest.” Even today, he and his wife travel on the weekends as part of a competitive catfishing team.
Together they have transformed the farm, which formerly belonged to his grandparents, with “blood, sweat and tears” over the past decade. Today they raise pigs and poultry and grow 45 varieties of pears, plums, and apples in an orchard as well as cultivate a French style vineyard producing 15-20 gallons of grapes a season.
“You just have to respond, whether it’s farming or situations within your organization,” he says. “You have to roll with the tide.”