Brian Kelly, back when he was CISO of Quinnipiac University, felt the pressure to take a different tack.
Like most security chiefs, Kelly found himself working with limited resources while facing expanding responsibilities and threats.
He saw then the need for change, believing that he could better contend with those dueling pressures and improve the organization’s security posture by transforming the cybersecurity function from a rigid operation rooted in compliance to a more flexible one grounded in understanding and reducing risks as they emerge.
The shift, he says, meant big changes for both the organization and him as its leader.
“For me, I had to be more open to alternatives, and I had to be open to a gray area, understanding that security is not always black and white. I had to listen, collaborate, learn from a community, be more adaptable, and I had to be strategic around the institution’s goals,” he says. “It started a transformational way of thinking.”
