Secret CSO: David Smith, Nuix
Human Resources

Secret CSO: David Smith, Nuix

Name: David Smith

Company: Nuix

Job title: Chief Information Security Officer (CISO)

Time in current role: One year (previously 24 years in US Secret Service)

Location: Washington, DC, USA

Education: I have a Master of Science in Cyber Systems and Operations from the Naval Postgraduate School and a Master of Arts in History from the University of Michigan. 

David Smith is Chief Information Security Officer for Nuix. He spent more than twenty-four years as a Special Agent for the U.S. Secret Service, specializing in computer forensics, information security management, and cyber-crime training and investigations. He also accumulated over three thousand teaching hours as the supervisor in charge of Electronic Crimes training at the Secret Service’s training academy outside of Washington, D.C.


What was your first job? My first full time job was working as a computer operator and analyst for the Federal Bureau of Investigation. 

How did you get involved in cybersecurity? I was involved early in computer forensics and electronic crimes investigations, and when cyber security began as a dedicated field it was a natural fit for me.

Explain your career path. Did you take any detours? If so, discuss. After spending a few years as a computer analyst at the FBI, I started my career as a Special Agent for the U.S. Secret Service.  During my time there I began with computer forensics and electronic crimes investigations; transitioned into the early days of cyber security management and information governance; spent seven years designing and teaching cyber-crime investigations and forensics training courses for law enforcement; then moved back into cyber security management and information governance.

Was there anyone who has inspired or mentored you in your career? I have been very fortunate to have had plenty of great mentors and leaders, both within the forensics/cyber world but also in other areas of leadership.  Chris Pogue has taught me a lot and has been a good influence.  There are too many other people to mention by name, but they have definitely shaped my career.

What do you feel is the most important aspect of your job? The most important aspect of my job is to improve and maintain all facets of security for my company -- not only information security, but also physical and personnel security.  Part of that includes leading and encouraging everyone to be active in following security best practices.

What metrics or KPIs do you use to measure security effectiveness? I use a variety of metrics depending on the particular security category in question.  Some aspects of security are easier to measure than others, of course.  For many security categories I borrow some of the ideas behind the U.S. Government’s Federal Information Security Management Act (FISMA) and the associated Risk Management Framework (RMF).

Is the security skills shortage affecting your organization? What roles or skills are you finding the most difficult to fill?  I am fortunate that my organization takes security very seriously, at all levels of the company.  Speaking in general terms of global cyber security, not just for my company, the greatest skill shortage tends to be in the newest areas of technology, such as cloud computing security.  There is often a gap from when many organizations adopt a major new technology until colleges and major training organizations develop specific security training to discuss the security of those new technologies.

Cybersecurity is constantly changing – how do you keep learning? I attend traditional training courses and conferences, I read a lot of newsletters and blogs, but most importantly I talk about cyber security issues with as many people as I can. 

What is the best current trend in cybersecurity? The worst? The best trend is the rapid catch-up of law enforcement and judicial systems around the world.  More and more police and law enforcement agencies are dedicating resources to cyber-crime investigations, and more nations are trying to improve their cyber related laws and judicial processes to keep up with the rapidly changing world of cyber-crime.  We have a long way to go, but the progress in the past year or so is very encouraging.  The worst trend is the tendency of some people and companies to spread “cyber hysteria” rather than meaningful information. 

What's the best career advice you ever received? Wow, I have received so much good advice in my professional career from so many great people.  If I had to pick one, it would be from a friend of mine who is an executive leader in the U.S. Secret Service.  He said “the minute you think you are smarter than the next guy, you have lost.”

What advice would you give to aspiring security leaders? Organization and focus are critically important to being a successful security leader.  It is so easy to spend every minute running around putting out security fires, real or imagined, and before you know it you are not really making progress on your information security goals.  Devise a plan and specific processes to execute that plan, and stick to those processes with everything you have.

What has been your greatest career achievement? I am most proud of the fact that I provided cyber security training to thousands of law enforcement personnel from over 80 countries.  There is no better feeling than having a detective who attended one of my classes from a distant country email me to say that my training led to the arrest of a major criminal.

Looking back with 20:20 hindsight, what would you have done differently? Honestly, I would not change anything.

 

What conferences are on your must-attend list? I try to attend different conferences each year, rather than sticking with the same ones. There are just so many conferences now compared to years past; any given cyber security professional really needs to think about what they want to get out of a conference: general knowledge, specialized information on a specific topic, networking with peers, etc. I will say that my top go-to conference is the Open Source Digital Forensics conference which is usually in the autumn in the Washington, DC area.

What is your favorite quote? My favorite quote is a verse from the New Testament, Romans 12:21: “Be not overcome with evil, but overcome evil with good.” That phrase is hopeful, kind, positive, strengthening, joyful, and applies perfectly to all of us who practice cyber security.

What are you reading now? I am currently reading Last Days of Socrates by Plato.

In my spare time, I like to… Read and listen to music.

Most people don't know that I… am an obsessive record collector with thousands of music CDs and vinyl records spanning all sorts of genres and eras.

Ask me to do anything but… eat mushrooms. Because I won’t.


  

PREVIOUS ARTICLE

«The CMO Files: Sarah Taylor, SmartFocus

NEXT ARTICLE

C-suite talk fav tech: Mark Banfield, Datto, Inc.»
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Should the government regulate Artificial Intelligence?