A successful businessperson will always face their fear with courage, to break through the fear and to turn it into strength. Even when you are uncertain about getting any result, move forward and address issues as they come along.
Don’t stand still – as long as you have a goal in mind, working towards it and adjusting as you go along is better than not doing anything. Make things happen – you should always take actions that are based on your best judgment at the time. Standing at the forefront while surmounting challenges and embarking upon the horizons of success, Todd Inskeep brings 30 years of executive leadership and innovation experience to managing cybersecurity risk.
He has been Chief Information Security Officer, led wide-ranging cybersecurity projects for global and regional companies, and worked in multiple industries, including financial services, intelligence, pharmaceuticals, and manufacturing.
Working with business executives and CIOs, he’s built cybersecurity teams and implemented security strategies as projects and programs within budget constraints. Using this extensive experience, Todd established Incovate Solutions, a consulting company focused on building world-class cybersecurity programs sized for each client’s needs.
In an interview with CIOLook, Todd shares valuable facts highlighting his professional tenure and his journey so far in this dynamic arena.
Below are the excerpts from the interview:
Please briefly describe your professional journey for our readers. What challenges did you face along the way?
I started early, my mom pushed me to find a summer job at the Naval Research Labs in college. Three summers there got me into encrypted communications and a job at No Such Agency, aka the National Security Agency.
An early challenge at NSA was getting funding for a communications system. Senior NSA leaders provided pointers and set me up to do funding briefings at the Pentagon. I was 26 years old and briefing 2- and 3-star generals and Senior Executive Service leaders in government. Doing demos, and briefing those leaders pushed me out of my comfort zone and built my confidence with plenty of practice.
NSA had other challenges including computer security, cybersecurity research, Internet technologies, the IETF process, and more, as we tried to influence commercial industry giants like Sun Microsystems and Netscape (and Microsoft) to build government requirements into their systems. Getting security built-in remains a huge challenge today, even with decent core security in iOS, Android, MacOS, and Windows.
After NSA, I joined NationsBank, starting the day they announced merging with Bank of America – doubling the size of one of the biggest US banks. Challenges there included growing the overall security team, building early Internet banking, developing mobile apps for the first iPhone, and then joining the business side to improve consumer and online banking security and thinking about the future of banking.
When the bank asked me as an executive to tackle mortgages after the financial crisis, it was one challenge I didn’t want. Staying in security I took on Booz Allen’s challenge and joined their commercial cybersecurity consulting business.
Working with top global companies while at Booz Allen gave me great experience working between business and technical leaders. When Covid slowed things down, it was time for the next challenge, building Incovate Solutions.
Tell us about Incovate Solutions and its foundation pillar.
With Incovate Solutions, we prioritize the most important opportunities to significantly reduce risk and thus bring focus and clarity to topics that executives can find complex and overwhelming.
Our innovation, and foundational pillar, is bringing a scalable approach to provide fractional leadership while maintaining the key IT and security information about each client. From our first client meeting, we started collecting structured information.
For example, during pre-contract discussions with the CIO, we heard they wanted to move away from the current anti-virus or endpoint security tool.
We noted that and started working with the IT team to understand the issue with the current tool and what they wanted in a better tool. Our combined experience let us evaluate alternatives as we worked smoothly with the client to replace the old tool.
We operate as part of the leadership team (CIO, CFO, CEO, and others) to assess the actual situation and solve the real problem. We build a roadmap, solutions, processes, and projects the team can implement and manage if needed.
We’re bringing experienced Chief Information Security Officers CISOs and CIOs to translate modern program requirements between the board, executive leadership, and the IT team. We are consciously different from other consulting companies; we focus on executive cybersecurity and technology advisory and don’t have a staff pyramid to feed.
The cyber landscape has changed, and adversaries aren’t teenagers in the basement; they are professional, vertically integrated businesses – whether it’s an Asian ransomware gang or the technical experts in North Korea, the bad guys know their business.
Every company using the Internet, adopting cloud and SAAS services, and doing business in the modern web of supply chains is facing threats from these adversaries and their ability to disrupt the business. Customers, along with the SEC and the US National Strategy, are demanding modern security programs.
Ultimately, we help companies build a sustainable security program flexible enough to evolve and manage ongoing security operations to quickly detect, respond, and recover from threats that break through the company’s defenses. This resilience is critical.
How does Incovate Solutions promote workforce flexibility, and what is your role in it?
We promote workforce flexibility in several ways, and I lead by example. First, to maintain creditability, we encourage the team to be involved in peer communities at the CIO and CISO levels. We meet regularly with peers, vendors, VCs, and startups to maintain currency with security trends, innovation, and technologies. We share our experiences while preserving client privacy, and actively learn from others.
Second, we manage client and team expectations. With team members supporting multiple executives, we set both time and availability expectations while allowing for the possibility of an emergency at any time.
Finally, we set individual and reasonable targets appropriate to specific engagements, clients, and the overall team, then we measure the results.
What is your take on technology’s importance, and how are you leveraging it?
Technology is critical; it’s the foundation for almost everything a business does today. I’ll give you a great example, last year; we were talking with the Chief Operating Officer at a company that manufactures textiles and fabrics—big industrial machines all around the Gulf and Central America. The machine vendors are remotely monitoring them now, and the fabric company COO was concerned about their security. So technology really is everywhere.
We leverage technology as much as possible while recognizing that the processes and people implementing and managing the technology are key to ensuring business operations, integrity, and security today. One quick example is that we’ve replaced security checklist spreadsheets with an online tool that’s maintained to be constantly up to date with a client’s controls and capabilities.
What will be the next significant change in the Pharma industry, and how are you preparing for it?
We work in multiple industries, including finance, health care, retail, manufacturing, and Pharma. In Pharma specifically, we’re early in the next change – addressing manufacturing security concerns – industrial controls, and operational technology. This is going to be revolutionary for the business as Pharma processes are critical to delivering the right medicine to the right consumer.
With secure, detailed industrial controls, companies can run very tight, efficient processes to deliver optimum results. The company and regulators can continuously monitor those processes to ensure we get safe, correctly produced medicines. And these finely tuned processes will extend to food production and other safety-related business processes.
What are your goals in the upcoming future?
Our number one goal is to improve cyber risk for our clients. While we’re aspiring to 10X growth, our most important measure will be client business growth, and the resiliency, and overall management of cyber risk in the programs we execute with clients.
For those hiring Incovate Solutions, it means working with experienced cybersecurity advisors to review their company’s goals for managing cyber risk and then adjusting course pragmatically toward the right security destination.
All too often, a new CISO means a complete review and re-prioritization of the security program. This new CISO – new security program paradigm partly reflects the immature state of cyber security at too many companies. We work with your existing program and adjust each client’s course at the right pace.
What advice would you like to give the next generation of aspiring business leaders?
Listen, listen, listen. Then get comfortable talking to people – large groups, small groups, individuals to share a synthesis of what you heard, what you think, and where you want to go. Lead by sharing your vision and goals and asking people to follow. One of the best things I did was take on a theatre class and worked on improving my skills to entertain the audience.
Listen to your business and understand the security requirements, drive vendors to ensure security is built into their products and services and support your information security team by challenging them with questions and valuing their input on security.