Colin Anderson, global CISO at Levi Strauss & Co., has been with the Retail & Hospitality ISAC since the beginning in 2014, when he and a small group of retail and hospitality organizations came together to develop an intelligence sharing community. As the current RH-ISAC Board Chair, and an IT executive with more than 25 years’ experience, he is in a unique position to reflect on the progress RH-ISAC has made over the past six years. His mantra “a rising tide lifts all boats” was adopted by RH-ISAC and is now the RH-ISAC’s slogan as we work together with our members to strengthen and better protect retail and hospitality organizations.
RH-ISAC: You’ve been a part of this organization since the very beginning. What are you most proud of in its five years since that first meeting in Pittsburgh?
Anderson: I’m most proud of how consumer-facing retail and hospitality companies across North America have come together to help one another, to collaborate, and to provide cybersecurity thought leadership for our industries. In 2014, when a small group of us from retail and hospitality came together with the idea that we could join forces, I did not imagine how successful we would grow to be in just six years. It’s hard for me to believe that what started with 30 organizations has now, at the end 2019, grown to be 155 member organizations – all sharing not only the threat information that they are seeing but their cybersecurity journey, as well, so others can learn, grow, and continue to mature. I am truly proud of what we have built and the tremendous impact we have had for companies both large and small.
RH-ISAC: Your mantra is “a rising tide lifts all boats.” Do you feel the RH-ISAC is making a difference in its members’ security operations?
Anderson: I must admit, I took this quote from a great book on leadership I read many years ago that had an impact on me as a leader. The book is “It’s Your Ship,” by Captain D. Michael Abrashoff, and the message is to create empowered leaders who take accountability and work together for the benefit of all. Cybersecurity is tough and a team sport that requires great leadership. It is all about the team where no one person is more important than the whole. This view on leadership and team building is particularly relevant in cybersecurity where your speed and ability to gather data from multiple sources, turn it into actionable information, and make course corrections as needed is critical to your effectiveness. There is no doubt in my mind that RH-ISAC has had a major impact on many members’ security operations teams. The level of participation in information sharing is undeniable proof of the value RH-ISAC brings to members. Time is our most valuable resource. Where you invest your time is a great indicator of where you are getting the most value. It is truly amazing to have 90% of members, meaning hundreds of security professionals from 100+ member organizations, all contributing their time and insights to get the same in return from others.
RH-ISAC: Where do you see the RH-ISAC going in the next five years?
Anderson: The RH-ISAC has a lot of unaddressed opportunity to help consumer-facing companies in both North America and globally. We started in the U.S. and have grown into Canada, but there is a lot of geography and consumer-facing companies we can help, and who in return can help our current members. It is an opportunity where more really is better. More information, more insights, more experts, more people from different backgrounds, geographies, and regions are all committed to the RH-ISAC mission to help one another against cyber threats. I take my role on the board of RH-ISAC very seriously and feel it is both a great honor and a moral imperative to give back to the community.
RH-ISAC: What have you personally and/or your company benefitted most from being a member of the RH-ISAC?
Anderson: Personally, I have met and had the opportunity to work with some amazing security leaders who I have learned a great deal from over the years. There is no question that the relationships I have built by working with RH-ISAC have made me a better leader and security professional. The companies I have worked for over the last several years have also benefitted a great deal through the information sharing enabled by RH-ISAC. There have been numerous times when a member company shared valuable data/intelligence that has enabled my team to take proactive actions to address a new threat or attack technique. It is hard to measure the value of the information I have leveraged from RH-ISAC members contributions over the years, but there is no doubt in my mind RH-ISAC membership is one of my best investments.
RH-ISAC: To what do you attribute the remarkable statistics of 90% member participation and 100% of survey respondents saying they would recommend the RH-ISAC in the RH-ISAC 2019 Year in Review?
Anderson: The level of member participation and value each and every member receives is truly remarkable. I attribute this success to our focus from day one on member value, our continuing efforts to raise the bar, and the great RH-ISAC leadership team. We all know great companies need to evolve or die and the RH-ISAC is no different. The RH-ISAC team and board have never stopped striving to be better, to deliver more value to members, and to give back to the community. This dedication to our core mission and members is what makes RH-ISAC unique and earns the trust and support of our members.
To read more about Colin, check out our 2018 interview here.
About Colin Anderson
Colin Anderson is the global CISO at Levi Strauss & Co. In this role, he manages an international team responsible for information risk management, regulatory compliance, and IT enterprise risk management for a global organization with $5.8 billion in annual sales and more than 3000 company-owned and franchised retail locations in 42 countries worldwide.
Prior to Levi Strauss & Co., Anderson was the CISO at Safeway, a position he held for six years. At Safeway, Anderson also led IT strategic planning, and was an executive sponsor of a leadership development program and executive champion of several cross-functional customer initiatives. In addition to holding leadership roles in information security at Levi Strauss & Co., Safeway, and Commerce One, Anderson previously led network engineering for Bank of America Capital Markets, where he was responsible for providing 100 percent availability for Bank of America’s North and South American equity-trading floors.
Anderson is a frequent speaker on information risk management and other risk and compliance topics, and chair of the board of directors for the non-profit retail cybersecurity organization, the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC). He holds both a bachelor’s degree in finance and master’s degree in information systems.