Secret CSO: Jason Albuquerque, Carousel Industries, Inc.

Is the security skills shortage affecting your organisation? “The challenges are across the board in technology. We are grooming internal talent for important roles beyond being entry level technologist.”

IDGConnect_secretcso_suppliedart_jasonalbuquerquecarouselindustries_1200x800
Carousel Industries, Inc.

Name: Jason Albuquerque

Organisation: Nominet

Job title: Chief Information Officer/Chief Information Security Officer

Date started current role: CIO – Nov. 2019/CISO – Aug. 2017

Location: Exeter, RI

As Chief Information Officer and Chief Security Officer with more than 20 years of experience in the technology field, Albuquerque is responsible for Carousel’s IT Operations, Enterprise Security and Compliance, and Innovation Center of Excellence. He takes pride in leading the charge in building a culture that is secure by design for the Carousel community and its clients.

What was your first job? My first professional job was in the military. I was in the Marine Corps and I went to the School of Communication and Electronics in Twenty-Nine Palms, Calif. We were the communication between the ground and the air teams. We guided Medivacs and, and controlled aircraft. We provided close air support to operators and ground combat groups. I served in the Marine Corps for 8 years including my time in the reserves.

How did you get involved in cybersecurity? This was the electronic warfare space and we had secret clearance to do this job. I was always involved in security there, dealing with encrypted data and communications.           

What was your education? Do you hold any certifications? What are they? I received a BS in computer science from New England Institute of Technology and my master’s degree in CGGIO and Chief Information Officer from Rutgers University’s School of Public Administration. I also earned a certificate as a Certified Chief Information Security Officer from the EC-Council.

Explain your career path. Did you take any detours? If so, discuss. I was always in the technology industry. Early on I worked at Symantec as part of their global disaster recovery team. I did lot of networking and server recovery work for companies victimised by cyber-attacks or business continuity or disaster recovery operations that did not go as planned.  I had a global role as I speak Portuguese.  From there I went into state and local government and was the Director of IT for the town of North Kingston, RI, where I build a SoC and tech services group, becoming the first director to provide shared IT services to different towns. While there I was recruited to a mid-sized IT firm which was later acquired my present company, Carousel Industries.

Was there anyone who has inspired or mentored you in your career? The one person I cannot thank enough is my Marine Corp. recruiter. I initially thought I would go into law enforcement, but he had the foresight to say, “you scored high on your tests in technology, communications and electronics.” He encouraged me to pursue a career in these fields and without him I would not have had an IT career. I now pay it forward by helping people who are interested in joining the military. I encourage people to go see a recruiter to see what jobs they qualify for.

What do you feel is the most important aspect of your job? I would say the leadership side of the position as CIO and CISO. I try to surround myself with the best talent available and be a good mentor and coach. I look at myself as a conductor of the orchestra. I am not the best pianist, but I can make great music with others. I take great joy in helping build others’ careers, mentoring them and helping them to eventually become leaders in their field.

What metrics or KPIs do you use to measure security effectiveness? My teams and I use traditional metrics – such as vulnerability data, training and awareness, project completion metrics and success with implementing new tools and services, how many security incidents and requests we can we can handle, etc.  Beyond these metrics I look at personnel metrics. I think a lot about my staff and guiding them along their career paths, how we allocate their time to fully leverage our resources and not burn them out. 

We also set strategic KPIs around innovation and upstream communication. We look at how we build competitive advantage, how we create new opportunities in areas such as managed services, how many opportunities our security team is involved with, how many conversations we have with clients around security services, how we have enabled sales or impacted the opportunity pipeline.

Is the security skills shortage affecting your organisation? What roles or skills are you finding the most difficult to fill? The challenges are across the board in technology. We are grooming internal talent for important roles beyond being entry level technologist.  For example, we see out young professionals who want to transition into cybersecurity. Through mentorship and training we are able to help them make this transition into more challenging and valuable roles.

Cybersecurity is constantly changing – how do you keep learning? By constantly consuming information to continuously learn. I read a lot; I earn new certifications. I attend industry events and stay involved in the tech and security community at the local level.  I participate in many podcasts and webcasts with security trade publications and I also am part of the Rhode Island Task Force on Technology with Congressman Jim Langevin.

What conferences are on your must-attend list? Black Hat Defcon for the community aspect and practitioner networking. For product information, it is RSAC.

What is the best current trend in cybersecurity? The worst? The best trend is transitioning IT professionals into new roles in cybersecurity through training and mentorship programs. The worst is the overuse of marketing jargon. Terms like next generation, AI and buzzwords are actually hurting the industry and watering down the effectiveness. 

What's the best career advice you ever received? Don’t play the middle of the road, because you will get hit from both sides! 

What advice would you give to aspiring security leaders? The modern CISO and those that strive to reach this position must first and foremost, embed security into all business operations. Other advice: respond instantly respond to threats; position the cybersecurity function to have influence in the business; carefully study leadership and finally, set your intent with cybersecurity strategy.

They also should continuously ask themselves, what outcomes are you seeking? Because every business has a unique risk portfolio, there is a there is no one-size-fits-all approach. Therefore, be sure to analyse "the why." Be very specific with your cyber strategy, think about factors like regulatory pressure, risk exposure, and what customers value.

What has been your greatest career achievement? Building a career and leadership skills that allows me to lead teams and staff to their greatest career achievements!

Looking back with 20:20 hindsight, what would you have done differently? My past has been a learning experience that defines my future. I use those experiences to better guide my decisions. I wouldn’t change a thing!

What is your favourite quote? A quote that I have used as a guide for my entire career. “The reason why most people fail instead of succeed, is they trade what they want most, for what they want in the moment.”

What are you reading now? Leaders Eat Last - Simon Sinek.

In my spare time, I like to… Create great experiences and memories by spending as much time with family and friends as possible. Hopefully outside, near the water where I can fish, kayak, canoe or boat!

Most people don't know that I… Enjoy art and music!

Ask me to do anything but… Go anywhere in the proximity of bees… I’m allergic.

Related: