Secret CSO: Nevin Markwart, FutureVault Inc.

What metrics or KPIs do you use to measure security effectiveness? "I am interested in network telemetry and employee behaviours."

FutureVault Inc.

Name: Nevin Markwart

Organisation: FutureVault Inc.

Job title: Chief Information Security Officer

Date started current role: May 2020

Location: Toronto, Canada

Nevin Markwart is the incoming Chief Information Security Office (CISO) for FutureVault Inc., an innovative internet cloud-based personal document storage, access and distribution company. Initiating his third professional career, Markwart graduated in 2019 with a Master of Science degree in Cybersecurity from Brown University, the Ivey League school located in Providence, Rhode Island. He is an online information privacy expert, having written his graduate thesis paper, “Restricting the Adverse Effects of Internet Terms of Service Agreements,” with the support of his non-faculty academic advisor Tom Ridge, former Governor of Pennsylvania and first US Secretary of the Department of Homeland Security.

What was your first job? My first job was as a left winger in the NHL for the Boston Bruins.

How did you get involved in cybersecurity? I was a computer science geek in the early 1980’s and came into the cybersecurity field after the completion of my hockey and asset management careers.

What was your education? Do you hold any certifications? What are they? I have a Master of Science Degree in Cybersecurity from Brown University.

Explain your career path. Did you take any detours? If so, discuss. I figured out how to execute a buffer overflow exploit on a DEC PDP-11 minicomputer in 1980 and gained administrator access to the system. A couple years later, I was selected as the Boston Bruins’ first pick in the 1983 NHL Entry Draft and detoured from a computer science degree to professional hockey. Upon my hockey retirement, I earned an MBA in Finance from Northeastern University and began another career detour working for 22-years in the asset management industry. Upon my second career retirement, I enrolled at Brown University and began investing my personal capital in early-stage technology companies.  These investments led me to be introduced to the founders of FutureVault of Toronto, Canada, where I’m the Chief Information Security Officer.

Was there anyone who has inspired or mentored you in your career? The persona of Steve Jobs has been a guiding light as I integrate my life experiences and technical cybersecurity knowledge to manage personal, organisational and societal cybersecurity challenges.

What do you feel is the most important aspect of your job? I am an information fiduciary for my clients and organisation. By developing an organisational culture of information security awareness and empowerment, my team builds front line defenses and resilient response plans to mitigate information security and privacy threats.

What metrics or KPIs do you use to measure security effectiveness? I am interested in network telemetry and employee behaviours. The associated mosaic of indicators informs my reporting of security effectiveness to other C-suite peers and the Board of Directors.

Is the security skills shortage affecting your organisation? What roles or skills are you finding the most difficult to fill? The security skills shortage is not currently affecting my organisation. We are finding capable and reasonably priced vendors for all activities beyond our in-house skillsets.

Cybersecurity is constantly changing – how do you keep learning?  I read constantly and I am a member of a strong network of cybersecurity experts that share industry updates.

What conferences are on your must-attend list? I don’t find conference attendance a great use of time.

What is the best current trend in cybersecurity? The worst? The best current trend in cybersecurity is privacy legislation adoption around the world. The US is a material laggard in this arena but this year’s enactment of the California Consumer Privacy Act (CCPA) bodes well for future congressional action. The worst trend in cybersecurity is the state of Internet of Things (IoT) security. With the new bandwidth and latency improvements associated with 5G cellular communications, there will be an explosion of devices operating on the internet. There are generally limited financial incentives for device manufacturers to incorporate security functions in their product feature sets.

What's the best career advice you ever received? Client/Firm/Self. Execute your daily priorities in that order and you will advance your career.

What advice would you give to aspiring security leaders? Understand the language of business. Expand your understanding of finance, marketing and sales enabling you to communicate the business line benefits of organisational cybersecurity investments.

What has been your greatest career achievement? Turning down CEO assignments to become a CISO. In this information economy, information is a mission critical intangible asset for every entity - my CISO role empowers me to build systems and mentor my organisation to achieve privacy and information security for clients and society.

Looking back with 20:20 hindsight, what would you have done differently? Not a thing. My experience set is diverse and unique. It resources me to look at both opportunities and challenges from a different perspective allowing for innovative discovery and responses.

What is your favourite quote? “Success is when Preparation meets Opportunity.”

What are you reading now? I’m re-reading The Cuckoo’s Egg.

In my spare time, I like to… Mentor talent.

Most people don't know that I… turned down the opportunity for a computer science degree at Princeton University.

Ask me to do anything but… Sorry. Wrong question. Ask me for help and you’ll very likely engage me.