A Deep Dive into Security and Vulnerability Management

Alexander Schuchman, Chief Information Security Officer, Colgate-Palmolive

Alexander Schuchman, Chief Information Security Officer, Colgate-Palmolive

Q1. Could you brief us about journey that you've had so far?

-I began my career at Colgate 25 years ago. My career journey is slightly different than most other CISOs. I started my career in the application development and architecture side of IT and then moved to the moved to the security world using my deep understanding of the applications that run our business and our overall global infrastructure to guide my security program. I only began working in security for the last four years, and to me, the most interesting thing is that security covers every part of our company’s business areas. My interactions with key business stakeholders additionally gave me the unique background as to their key business objectives to help shape my security transformation program.

Q2. How has the pandemic affected you and what are some of the major pain points in the market lately?

-Having to immediately change from a traditional workforce in an office environment to a fully remote workforce overnight was not a difficult challenge for our organization as we had been enabling our employees to allow for remote work over the past few years. The challenge was more difficult for employees who were not familiar with remote work and thankfully they adapted over time and even embarrassed the use of technology to remain connected to other employees. We did face some unique challenges for remote onboarding and off-boarding of employees during the pandemic due to geographic lockdowns and had to design creative solutions to meet these ever changing challenges.

Q3. What are some of the recent trends with respect to security and technology that you would like to mention here today?

-There are a lot of companies investing in endpoint security, ensuring that there are many types of detection of vulnerabilities. As a result, there has been a large growth in endpoint security and cloud security solution providers. Furthermore, there has been a rise in the number of start-ups providing code scanning solutions and shift-left security controls as part of the development process. I have seen a lot of advancements in the last couple of years, I could tell that cloud development areas have seen the biggest changes as companies are embracing new development methodologies and the power of cloud native services.

“There has been a large growth in the end point security and cloud security providers”

Q4. What are some of the strategies that you have leveraged to overcome the current pain points of the industry?

-The key is having a security strategy with visibility across your entire organization with the proper alerting, logging, and monitoring and being aware of everything that’s going on in the ecosystem from the operations point of view. Furthermore, vulnerabilities are often seen at rapid successions with intensified severity but also with mid-tier and small software vendors. The intensified attacks expose us to vulnerabilities and we’ve aligned closely with CISA’s advisories to guide us on prioritization. The security industry has seen many zero-day vulnerabilities in the last few months and appears to be accelerating, making vulnerability management another key focus area.

Q5. Any advice for our professionals and fellow colleagues in the field on how they can be successful here?

-As the security industry continues to grow, the complexity of security also grows, with different types of devices with non-traditional computing environments. Therefore, the security industry is a good growth area for someone looking to get into the security world. At the same time, a challenging one as the complexity is rapidly increasing. Additionally, keeping up to date on technological trends can help tackle the challenges in the industry.

Weekly Brief

Read Also

Fighting Fraud is a Combination of Effective Preventive Systems, Use of Skillful Staff and Employee Awareness

Fighting Fraud is a Combination of Effective Preventive Systems,...

Kim Siren, Head of Fraud Management at OP Financial Group
Intentionality Is The Key To Increasing Diversity In Information Technology

Intentionality Is The Key To Increasing Diversity In Information...

Rosemarie Lee, Vice President and Chief Information Security Officer at BlueCross BlueShield of Tennessee