Secret CSO: Terence Jackson, Thycotic Software

What conferences are on your must-attend list? "RSA, Gartner IAM, CISO Executive Summit."

Thycotic Software

Name: Terence Jackson

Organisation: Thycotic Software

Job title: Chief Information Security Officer

Date started current role: December 2018

Location: Washington, DC

With more than 17 years of public and private sector IT and Security experience, Terence is responsible for protecting the company’s information assets. In his role, he currently leads a corporate-wide information risk management program. He identifies, evaluates and reports on information security practices, controls, and risks in order to comply with regulatory requirements and to align with the risk posture of the enterprise.  Prior to joining Thycotic, Terence was the Director of Cybersecurity and Professional Services for TSI, a Virginia based Inc. 5000 company.

What was your first job? My first job was a stocker at a Walmart Super Centre.

How did you get involved in cybersecurity? I’ve been a tinkerer all of my life, I got my computer around 8, which was a Commodore 64. My degree is in Information Systems, so all of my professional jobs have had a security element, but I formally pivoted into Cybersecurity full time in 2013.

What was your education? Do you hold any certifications? What are they? I have a Bachelor’s degree from Howard University in Management Information Systems. I hold over 15 vendor and non-vendor specific certifications.

Explain your career path. Did you take any detours? If so, discuss. Out of college I was hired as System Support Engineer by Sun Microsystems into their BOB (Best of the Best Programme) which was an intensive 6 month accelerated training programme on Sun’s products to prepare for deployment in enterprise environments. From there I moved on to General Dynamics, Northrup Grumman, and other public and private companies. Along the way I also started a consulting business focused on helping SMB’s harness the power of technology in growing their business. Prior to joining Thycotic I was the Director of Cybersecurity for TSI, an Inc 5000 company and top MSSP.

Was there anyone who has inspired or mentored you in your career? I’ve had a few.  Mark Putiyon who is the CEO of TSI, and Duane Graham the CEO of Clango have both played instrumental roles in the success I have achieved. They have both advised, encouraged, supported, corrected and pushed me to the place where I am today. I can’t leave out my wife, Ayanna Jackson, who is also a career coach who has added those finishing touches. Everybody needs a coach, right?

What do you feel is the most important aspect of your job? I think the most important aspect of my job is enabling the business to continue to achieve its business goals without being a blocker.  As the CISO, I am the risk cop, so I have to keep the business abreast of new threats and regulations along with protecting the company’s digital assets while also continuously assessing our risk appetite and implementing appropriate controls.

What metrics or KPIs do you use to measure security effectiveness? Some of the top metrics I look at are the number of systems with exploitable vulnerabilities, number of reported incidents and Regulatory/Framework compliance. (NIST, CIS, ISO)

Is the security skills shortage affecting your organisation? What roles or skills are you finding the most difficult to fill? I am proud to say the shortage has not affected my department yet.  We hire very talented individuals and augment our gaps with some managed services. As a security company we have very talented employees, so we also have options to promote from within.

Cybersecurity is constantly changing – how do you keep learning? I have a good rotation of daily blogs and podcast that I subscribe to. I also do online classes on new topics to keep up to date with the latest technology and I look for suggestions from colleagues on good books to read. In addition, I’m a member of some industry associations that offer good training and meetups.

What conferences are on your must-attend list? RSA, Gartner IAM, CISO Executive Summit.

What is the best current trend in cybersecurity? The worst? Best: Basic Cyber Hygiene (patching, vulnerability management, CIS 20)

Worst: Machine Learning, NextGen, one box to solve ALL of your problems.

What's the best career advice you ever received? There is sort of a “Rock Star” culture in cybersecurity, so the best advice I’ve received is “Stay Hungry and Stay Humble”

What advice would you give to aspiring security leaders? Keep learning, there will never be a time that continuous learning is not important for a security leader.  Work on those soft skills.

What has been your greatest career achievement? I would have to say being selected to become the CISO of Thycotic, a company that I had long admired.

Looking back with 20:20 hindsight, what would you have done differently? A lot of things, but I probably would have focused in on cybersecurity earlier in my career.

What is your favourite quote? It’s from a poem by Marianne Williamson “Our Deepest Fear” Your playing small Does not serve the world. There's nothing enlightened about shrinking So that other people won't feel insecure around you.

What are you reading now? Ego is the Enemy and How to Measure Anything in Cybersecurity Risk.

In my spare time, I like to… Spend time with my family, go to the movies.

Most people don't know that I… I’m really shy!

Ask me to do anything but… Touch a spider.