Secret CSO:  Jill Allison, Kudelski Security

Secret CSO: Jill Allison, Kudelski Security

Name: Jill Allison

Organisation: Kudelski Security, Inc.

Job title: Advisory CISO

Date started current role: October 2018

Location: Minneapolis, MN

Jill Allison has over 30 years of experience in cybersecurity strategy, enterprise risk management and technology innovation. As Advisory CISO for Kudelski, she leverages her extensive background in security strategy and cybersecurity program development to support clients in retail, financial services, technology, public sector and diverse industrial environments.

What was your first job? I was an International Security Program Analyst for Penn Central Technical Security Company (PCTS), a premier boutique consulting firm, which later merged with Vitro Security Engineering. PCTSC coupled proactive security program design and engineering with expertise in security program management. We led the security design team for the US Embassy security worldwide and teamed with Bechtel and TRW following the terrorist bombing in Beirut. My role entailed analysis of government and enterprise security program requirements and developing tailored solutions encompassing people, process and technology resources. The sites we secured involved the highest levels of physical and electronic security systems, as well as solving unique security challenges with innovative solutions. This perspective of a comprehensive approach to understanding client security issues from context and implications maps through to the Advisory Services consulting in my current role with Kudelski Security. One of the unique technology solutions championed by PCTSC's leadership team was biometric technology for iris recognition, which led to the team launching the National Biometric Security Program in the wake of 9/11.

How did you get involved in cybersecurity? As Director, Security Solutions for Pinkertons, Inc. (now Securitas), I led an alliance for Cybersecurity Insurance, Risk Assessment and Incident Response between Pinkertons, SAIC and Cigna. We provided tailored cybersecurity services through our Consulting and Investigations divisions to global enterprise clients. 

As a corporate sponsor for the public-private partnership Manhattan Cyber Project, we championed this ground-breaking initiative with WarRoom Research to improve the availability and effectiveness of people, technology and processes that safeguard corporate America and critical infrastructures from emerging cyber-attacks.

What was your education? My formal education includes a B.A. in Economics, M.I.M from Thunderbird in International Management and MBA from the Wharton School, University of Pennsylvania. I've taken additional graduate courses at St. Thomas University and I am currently enrolled in the Fall program for CISO Certification at Carnegie Mellon University. 

Do you hold any certifications? Yes, the Certified Information Systems Security Professional CISSP from the International Information System Security Certification Consortium (ISC2) and Cybersecurity Fundamentals (CSX) from ISACA. 

Explain your career path. Did you take any detours? If so, discuss. I began my career in security consulting fresh out of graduate school and have recently returned full circle to leverage my security leadership experience as a trusted advisor for Kudelski Security consulting client base across industry sectors and technology environments.

I had a four-year "detour" a few years ago, when I left security to champion emerging technology in wildland and urban interface firefighting. Soon after I embarked to get my MBA at Wharton in Strategic and Entrepreneurial Management and enjoyed working with a myriad of emerging cybersecurity technology firms, including Counterpane, Iridian Technologies, Certichron and Cylink, as well as leading security service providers.

My last operational role was as Business Information Security Officer (BISO), Digital for Target Corporation just prior to returning to cybersecurity strategy consulting.

Was there anyone who has inspired or mentored you in your career? Everyone has mentors that inspire them and should seek to mentor others and pay it forward.

My first security leader, John Siedlarz from PCTSC/Vitro/BTSP both inspired and mentored me for the first 20 years of my career across a spectrum of organisations and public-private security initiatives.   

He exemplified the ideal leadership role model and set a very high bar for mission-driven security, entrepreneurial innovation and agile organisational development.

What do you feel is the most important aspect of your job? Actively engaging with and really listening to our CISO clients for what matters to them, their business context and providing risk-aligned program priorities and pragmatic security solutions to support digital transformation in all industries. We leverage these perspectives to inform and best serve all our clients from the Advisory Services and Innovation standpoint.

What metrics or KPIs do you use to measure security effectiveness? A key metric is maturity of each security program element on a 0-5 scale, similar to the Capability Maturity Model (CMM) which resonates with other business leaders in regard to process maturity.  In this case we would also pull in aspects of People and Technology when aligning it to an organisation's information security program.

We advocate a proprietary framework for Cyber Portfolio Program Management, or CPMM, which enables and empowers CISOs to run their security program as a business, aligning cybersecurity program strategy with investments and business drivers. This is delivered in a brilliant platform called Secure Blueprint, which measures cyber program maturity by benchmarking the organisation's capabilities across modern cybersecurity control models.  This empowers CISOs to prioritise security investments based on level of risk, maturity and importance to the business.   

This innovative platform is one of the key capabilities that attracted me to join Kudelski Security and provide unique solutions for our enterprise clients.

Is the security skills shortage affecting your organisation? Yes, primarily it impacts every client, organisation and the very future of our industry. 

What roles or skills are you finding the most difficult to fill?  One of the most difficult roles to fill is that of modern CISO. Given the security skills shortage in general, it extends all the way to the leadership ranks. This impacts all of our organisations, and calls for a step up in leadership ranks to meet the ever increasing challenges. Recently, a conference presenter, challenged the audience to look into the gap between our current skills set and that required to fulfill demands of the CISO role. With this understanding, then take actions for personal development as well as within the teams we currently lead to better meet future needs for security leaders.

Cybersecurity is constantly changing - how do you keep learningConferences, courses, and spending a couple hours a day reading what is happening in the community and what key influencers on social media are saying, it is important to stay current of cybersecurity developments. It is also myriad to get peer information, sharing is invaluable and networking with cybersecurity thought leaders and innovation resources allows me to stay on top of current and future trends.

In our team in Kudelski Security, we all actively contribute to the organisational knowledge base to deliver intelligent services and cutting-edge solutions for our clients.  

What conferences are on your must-attend list? From a continuous learning perspective, I'm kind of a conference geek. Locally, I attend the Minneapolis Cyber Security Summit (CSS) every year and, in fact, I have volunteered on the CSS Advisory Board for the past five years. It is a vibrant industry thought leadership conference bringing together the best and brightest in technology, policy and corporate security with tracks for leadership and technical deep dive. Last year the event drew leaders from 30 states and nine countries.

BrrCon is another local conference focused on enterprise security leaders. It features trainings supporting the development of teams.

I also enjoy attending national and international events such as Gartner's Security and Risk Summit, RSAC, B-Sides and Black Hat/DEFCON for important perspectives. And this year I've been invited to the International Global Forum 2019 in Europe by a former colleague from GWU, Dr. Michael Stankosky.

What is the best current trend in cybersecurity? A very promising trend I see is the level of collaboration and information sharing across companies and between enterprises and the security vendor community. This was a driver behind the Manhattan Cyber Project and more recent public-private partnerships in intelligence such as the various ISAC's and industry groups. We've come a long way since early days when we would keep everything a secret, however there is much progress on this front yet to be achieved. Our adversaries are adept at information sharing.

The worst? Given the growing cybersecurity talent shortage referenced previously, there is an increasing skills gap in technical capabilities within some companies to maintain and manage resources to staff internal Security Operations Centers. At some point the more prudent decision is to outsource these capabilities to dedicated MSS providers who can leverage the resources needed for technical depth and modern tools across multiple organisations. We see a trend with security and corporate leaders reviewing these investment decisions and cybersecurity strategy to determine when it makes business sense to transition to a modern managed service provider.

What's the best career advice you ever received? Always hire people smarter than you.

What advice would you give to aspiring security leaders? Get a mentor and be one.

What has been your greatest career achievement? The CTO of Bromium thanked me for ‘changing the world' a couple years ago following his presentation at the Gartner Summit. It brought tears to my eyes. We all want to make a difference. He was referencing the impact Iris recognition has contributed to the realm of pragmatic biometric identification and credited to our scientist Dr. John Daugman from Kings College, Cambridge. This recognition brought tears to my eyes, I was something like employee five at the time and had the distinct pleasure to work with Dr. Daugman and very talented and dedicated technology commercialisation team.

Looking back with 20:20 hindsight, what would you have done differentlyBeen more patient with myself and others. Look at every challenge as a learning opportunity and don't be afraid to take prudent risks. Always aim to lead with kindness and generosity of spirit.

What is your favourite quote?"Chance favors the prepared mind" - Louis Pasteur, 1854 lecture.

What are you reading now? RANGE Why Generalists Triumph in a Specialized World by David Epstein.

In my spare time, I like to… play golf, watch golf and buy golf equipment. (What spare time?)

Most people don't know that I… speak French, am a talented mallet percussionist and have been in national parks in every state but Alaska (firefighting).

Ask me to do anything but… go antique shopping.


« CIO Spotlight: Michael Cantor, Park Place Technologies


CTO Sessions: Paul Farrington, Veracode »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail


Do you think your smartphone is making you a workaholic?