Let me start by introducing myself – my name is Chris Bush and I am the Head of Security at ObserveIT, the Insider Threat Management company helping organisations protect valuable assets and data. My career doesn’t begin here at ObserveIT so let’s rewind a bit.
I have been in the technical and security industries for a little over two decades. I started my career in the mid-90s working the front office at a training and testing center that provided classes and certification exams to hopeful Microsoft, Cisco, and Novell students. My daily routine consisted of answering phones, registering people for exams, keeping a watchful eye over those testing, and setting up classroom environments for incoming students. By no means was this a “sexy” job, but it was an invaluable one; through constantly refreshing the classroom environments I was exposed to a variety of technologies - everything that was cutting edge at the time. After a year, I graduated into their engineering services team where I spent most of my day onsite doing installs or troubleshooting technical problems for our customers.
A few years later, I worked as a Systems Engineer in a global Fortune 500 company. Back in the day Systems Engineers were the sous chefs of IT; they had their hands in everything. For me, it was where my understanding of security evolved into more than just a thing you configured… it became a discipline, a way of life. We were coming off the heels of the Melissa virus, (one of the first mass e-mail viruses) and were entering the infamous Y2K spectacle. Even though the Y2K thing ended up being a dud, it set the course for one of the most challenging decades for IT and security professionals because of the proliferation of Internet and email-based worms spreading across the globe; the variety of malware and the speed at which they were infecting systems grew at an alarming rate.
As the world struggled to catch up to those exploiting security flaws, the discipline of IT Security grew. During this time, I joined a global pharmaceuticals company, where I spent 13 years building a diverse set of skills. I started in a pure security role taking on the Sisyphean task of building a global detection and response program. From there, I transitioned into a role in the legal department supporting eDiscovery initiatives followed by several years in internal Investigations - where I was neck deep dealing with what we now define as an “Insider Threat.” Eventually, I was promoted to a pure security role as Head of Security.
My years and experience honed at the Pharma company were invaluable; I gained insight into so many different yet related disciplines and observed how seemingly disparate functions interconnected and synchronised to keep things humming along.
“Life is a journey with problems to solve, lessons to learn, but most of all, experiences to enjoy.”
Fast forward to 2016, the year I joined my first startup. Jumping from a big Pharma that operates like a well-oiled machine to a relatively small tech startup in Boston initially was a shock to the system, but incredibly liberating. As many of you can attest, the startup pace is frenetic and buzzes with an unmistakable high energy. This spirit and passion is what allows startups to keep the needle moving forward and to recover quickly. Startups can be bold, unapologetically creative and develop a style that moves, shifts and changes at lightening speed. My first startup experience was a great one, I met some of the most wonderfully peculiar and exceptionally skilled security professionals and I’m proud to call them my friends.
In February, I joined ObserveIT as Head of Security because they offer many of the things important to me at this point in my career. The corporate culture here is fantastic, the energy is palpable as soon as you pass through the door. Leadership communicates clearly and transparently ensuring all team members are working toward the same goals. ObserveIT has a clear identity, they know who they are and they know where they are going. Leadership expects everyone to be supportive and encourages mentoring and cultivating interesting problems to solve. Here’s the thing though, the same “IT” factor that makes startups enticing makes them equally unnerving because the same unbridled freedom to create encompasses an equally unbridled freedom to go off the rails. As a result, success in the realm of startups requires an unmitigated adherence to internally fostered discipline.
My vision for security at ObserveIT is simple with a duality of purpose. As ObserveIT’s security practitioner and evangelist, I aim to increase awareness (both internally and externally) regarding the potential impact threats imposed by insiders (employees, contractors and partners) can have on an organisation. I am hopeful I can add to the collective knowledge of the security industry, arming other organisations with valuable insights that help them make informed decisions while I also gain important insights from others. In other words, my role is not only to speak, but also to listen.
Secondly, I aspire to build ObserveIT’s internal security as an ongoing structured practice that becomes embedded in our corporate culture, delivers cost effective protection of our business, and is pragmatic, clear and consistent in its operation. The objective is to have a clear understanding of the challenges, set reasonable expectations, and proceed with a purpose.
I’ll keep you posted on my successes, unexpected obstacles and learnings as I tackle the Head of Security role here at ObserveIT.