Steve Levinson
Steve Levinson – Online Business Systems – VP, Risk, Security, and Privacy & CISO As the Vice President of Online Business Systems’ Risk, Security, and Privacy Consulting Practice, and Online’s Chief Security Officer, Steve leads a vibrant, pragmatic, risk-based, business-minded security consulting practice that focuses on right-sized security, including advisory services, governance/program management and risk assessments (PCI, HIPAA, ISO, NIST, FedRAMP and preparation for SOC2) technical security services (vulnerability scanning, penetration testing, red teaming, and secure code development), data protection and privacy, cloud security, and specialized security services for the healthcare and financial industries. Steve is considered a thought leader in the cybersecurity community, delivering captivating presentations and webinars, and having penned dozens of insights for many publications. Steve is an active CISSP, CISA, and QSA with an MBA from Emory Business School and has over twenty years of IT security experience, and over 25 years of IT experience. Steve’s strong technical and client management skills combined with his holistic approach to risk management resonates with clients and employees alike. He has performed or participated in hundreds of risk assessments and compliance assessments, starting his consulting career with Verisign and AT&T Consulting, where he provided cybersecurity consulting leadership. Since then, Steve has served as a key strategic advisor for hundreds of clients and has gained the trust of many industry partners and affiliates, earning him a seat as a respected voice around the PCI SCC’s Global Assessors Round Table. In addition to serving as virtual CISO for several clients, Steve has also performed security architecture reviews, network and systems reviews, security policy development, vulnerability assessments, and served as cybersecurity subject matter expert to client and partner stakeholders globally. Wherever Steve’s travels take him – and he travels a lot – he makes friends and finds time in his busy calendar to gather as many local like-minded security professionals, colleagues old and new, to share ideas, foster connections, and build on ideas. His true professionalism and his earnest nature, together, make up the ‘magic’ that fuels the passion of those he leads. It was exactly this combination of Steve’s vision, passion, and his connections around the world that recently helped form Online’s EMEA division, expanding the organization’s security and digital transformation footprint internationally. Keeping up with the latest security trends and threats is easier than keeping up with Steve; when he’s not connecting with clients or fighting cybercrime, Steve is making meaningful memories with his family, keeping pace with his beloved pups, catching the early surf just after sunrise, or charging down a mountain slope. “Where’s Stev0?” is a common phrase jested amongst colleagues around the virtual Online office. But not to worry, if you miss him, he will circle back again soon.
You have to transform. Competition is fierce. Business is changing. Customers expectations are increasing. Technology is advancing and making things we only dreamed about 5 years ago a reality.
Can you truly embrace digital transformation while maintaining the security posture of your organization? You can.
But you have to start with the right ingredients.
Start with the right ingredients
A right-sized Cybersecurity program is a critical component of any business. When it comes to transformation initiatives, too often the speed of business outpaces the speed of creating/maintaining successful controls to adequately protect key assets.
Cybersecurity is a critical ingredient to any digital transformation. Security should be the butter that is melted into the digital transformation ingredients prior to baking. And if we stick with the baking analogy, there are many other aspects of security that need to be sprinkled into our batter right from the very beginning.
“Cybersecurity solutions play a critical role in the success of any digital transformation initiative, and it will always be most effective when considered from the very start of the journey.” -John Frejuk, Vice President, Digital Transformation
A cup of vision
Your DT team must include members of your security team, right from day 1. You want all team members, regardless of where they come from in your organization, to establish a common vision and purpose for the digital transformation project.
You want everyone involved to understand why they are on the journey and what outcomes they should expect. This requires constantly revisiting your organization’s strategic plan and tying your cybersecurity and digital transformation initiatives back to the roadmap.
A dash of people
To be successful, every digital transformation project requires that the key contributors have a clear understanding of the security considerations in play. Business analysts and security practitioners must work together to analyze the criticality of the data involved in the project and the associated assets. As everyone embraces the vision, they also have to come to an agreement on how data will be accessed, maintained and stored.
Image by David Dewitt
A pinch of industry requirements
It is imperative that the digital transformation team has a clear understanding of any industry requirements or regulations that impact the downstream processes or data. This may include the PCI DSS (Payment Card Industry Data Security Standard) for payment card data, HIPAA for healthcare data, or privacy laws for personal data.
We still see many examples of initiatives that don’t plan for these requirements early on, and subsequently face delays and challenges late in the process when compliance issues surface. The security team can not only provide guidance on what compliance requirements may be at play, but they can be a great source of insight into best practices that truly set the company up for success.
A teaspoon of Client expectations
Many digital transformation projects are launched to improve the customer, partner or employee experience. Often those experiences require access to personal data and your digital transformation plans should be created to ensure that adequate controls are designed and baked in to address any contractual requirements to meet client expectations pertaining to due care of their data.
While this is not an exhaustive list of all the security considerations that should be accounted for throughout the DT cycle, I hope these few ‘ingredients’ help you think about your DT journey differently.
Secure Digital Transformation is possible.
Submit a Comment