We recently interviewed RH-ISAC Board Member, Scott Howitt about his involvement with the RH-ISAC and his thoughts for its future. After several retail breaches of 2014, he knew he wanted to be part of the solution to safeguard organizations and their customers. He sees opportunities to use new technologies to better secure organizations.
RH-ISAC: Can you tell us a bit about your background?
Howitt: I did not start out in information security, I graduated from college with a degree in Physics at the end of the Cold War. All the physics jobs had evaporated, so I went into a programming internship at EDS. I programmed for a few years and then went into management. I eventually became a CTO and then a CIO. As a CIO, I learned that I really did not know much about information security and it was hindering me in that position. I took a job as the director of information security at a financial services company and never looked back. I found that I had a passion for information security and now I have been the CISO at two different Fortune 500 companies.
RH-ISAC: What’s your personal approach to leadership?
Howitt: … that we should be voracious learners. Our field demands that we understand how technology is used and is evolving, so we can stay ahead of it. It is our responsibility to teach our teams how to anticipate the needs of the organization. I also encourage collaboration. Highly diverse teams bring many different points of view to a discussion and they should be heard so that you can arrive at the best outcome.
RH-ISAC: Why did you become involved in your organization, and what has your involvement looked like over time?
Howitt: When I came to MGM Resorts International, I was looking for a new challenge. We are a highly diverse industry and we are constantly trying new things and reinventing ourselves. I truly enjoy the challenges that come with securing such a fast-moving industry—and I’m also happy to work for an organization that understands risk management. It is unrealistic to think we are going to have perfect security all of the time, however, it is important to understand where key risks lie and to constantly strive to improve security in those areas.
RH-ISAC: Are there any developments that have posed important new challenges to leaders of cybersecurity organizations?
Howitt: Technology is evolving at such a rate that it makes it very challenging to keep up with the pace of change. Information security leaders need to get out of the mode of reacting to new technology. We should embrace it and use it in our own organizations so we can understand it better. Robotic Process Automation (RPA) can help us with repetitious tasks, like access provisioning. BlockChain will likely be a good solution for machine or IoT identity. Machine learning will surely replace the SEIM.
Privacy regulation is also evolving, and information security will likely have to interpret the change and help organizations implement the technical controls that will support the new regulations.
RH-ISAC: Why did you join the RH-ISAC Board?
Howitt: In 2014, nearly every retailer was being breached. After two large retailers in Dallas were announced, I found out about the gathering of retail CISOs at the National Cyber-Forensics and Training Alliance (NCFTA). After the first meeting, I knew I wanted to be a part of something bigger than just my organization. The RH-ISAC represents something that is good for our industry and our consumers. Every income stratus needs to be able to shop and I believe it is our responsibility to safeguard their information. The RH-ISAC Board comprises individuals whom I respect and I believe we all have the same mission in mind.
RH-ISAC: How would you characterize the board’s role in the RH-ISAC?
Howitt: The board has two roles in my mind. The first and most important is to help organize and provide multiple forums that allow our members to share and collaborate. The website, the listserve and the in-person summits all provide communication mediums for however you want to collaborate.
Second, we need to anticipate where the industry is going and communicate that to our members so that they can be prepared for the change. Retail and Hospitality are rapidly evolving industries, and we need to help our members understand how they are changing and how to secure that change.
RH-ISAC: Where would you like to see the RH-ISAC head in the next few years?
Howitt: I like the addition of hospitality and gaming to the forum. We are seeing the same threat actors, so there is much that we can share with each other. I would also like to see us bring in more online retailers for even greater sharing. I also hope that as we grow, we continue to see the development of comradery and friendship. You trust people that you know and the power of RH-ISAC is in the personal relationships it facilitates, and not just the organization itself.