Chief Information Security Officers (CISO) have one of the most taxing roles in the workplace today, whether they’re in the private sector, government or education. Not only are CISOs charged with keeping proprietary information safe, but also the personally identifiable information (PII) and protected health information (PHI) of their employees as well as the PII of their customers out of harm’s way. Moreover, they’re asked to deliver on this mission in the face of constant and increasingly sophisticated cyber attacks.
So imagine being responsible not only for the security of all of this data, but also helping guide your organization in delivering on information security best practices as it delivers best in class data management solutions to leading organizations in the public and private sector.
This is the role that Phil Ferraro, Global Chief Information Security Officer for NetApp, stepped into a few months ago. Far from being daunted by the challenge, Ferraro relishes the opportunity to put his extensive security career to work in support of NetApp’s employees and customers. With a career that spans both the public and private sector, Ferraro is uniquely suited to understand the challenges that NetApp and its customers face in the era of ransomware, phishing attacks, and other crimes against data.
“Having started my career in building IT infrastructure for the federal government in the 1990s, I was well-situated to transition to a security role,” Ferraro shared in a recent interview with GovDataDownload. “In these early hands-on roles I developed a good understanding of how all the parts of the IT ecosystem connected and where this introduced security vulnerabilities; so it was a natural progression to obtain my CISSP and the vendor-specific security credentials,” he continued.
After putting his data security expertise to work to protect the Department of Defense in Latin America and Europe, and to protect Federal Communications Commission data as its Chief Information Security Officer, Ferraro joined the private sector working for several Fortune 500 companies before joining the NetApp team this year.
In addition to guiding the company on how to best protect its own data, Ferraro is closely aligned with NetApp’s product team to ensure that state of the art security protocols are built in from the ground up. “It’s rewarding to be able to use all the knowledge I’ve gathered throughout my career – especially the more specialized knowledge about regulatory guidance and controls – and put it to work to benefit NetApp and our customers,” Ferraro said.
It’s interesting to note when talking with Ferraro that he references knowledge and insight more readily in conversations than security products or solutions. “It is important that organizations invest in state of the art security solutions, but no tool matters if people don’t understand the ‘why’ of security,” Ferraro explained. “I want our team to know not only how to avoid clicking on an unknown link, but also understand why that one action could adversely affect the company in myriad ways from brand and reputation to IP confidentiality and shareholder value,” he continued.
In an era where The Economist has called data the new oil and others have called it the new bacon, Ferraro’s philosophy on data security is one that will serve both NetApp and its customers well in the months and years to come. Data, whether stored in a Department of Defense data center or being accessed by citizen developers to fuel an open government project in the City of Seattle, truly is the critical component for both business and mission success.