This month’s member spotlight is Michael Simmons, VP & CISO at Dick’s Sporting Goods. Like many in the cybersecurity field, security started for him as a hobby. Michael got his first computer at the age of four and was immediately hooked. His passion became a career when he started work with Brinker International. Since then, he has gone on to serve in various cybersecurity roles at Southwest Airlines, the Aviation ISAC, and now Dick’s Sporting Goods. In that time, he has refined his self-taught skills, earning CISSP, CISM, CISA, and CRISC certifications. We asked Michael to share with us some more information about his background and his participation in the RH-ISAC community.
RH-ISAC: What made you decide to get into cybersecurity?
Michael: The second my hands touched a computer as a kid, I was hooked. I was drawn to the limitless possibilities that were made available through code, and I was constantly building, tearing down, and rebuilding my computers to understand how they worked. The cybersecurity tipping point for me occurred when I was a teenager and read a 1993 Time magazine article on the cyberpunk subculture…hacking, electronic music, clothing styles, the vocabulary, the descriptions of computers and networks. That was all stuff of science fiction then, but now it’s our reality. Once access to the internet was made available to me a short time later, it was all over. I knew what I wanted to do for the rest of my life.
RH-ISAC: What is your current role? What do you do in your day-to-day?
Michael: I am privileged to be responsible for cybersecurity and elements of digital trust as the VP and CISO for Dick’s Sporting Goods. The core of my responsibilities include striving to be a servant leader for my team members by promoting an engaging work environment that grows careers, helping to identify and articulate business vision and strategy, and securely enabling business initiatives via our cybersecurity and digital trust capabilities.
RH-ISAC: What do you enjoy most about working in the cybersecurity field?
Michael: The dynamic and unpredictable nature of what we face as cybersecurity professionals, coupled with the adrenaline rush of fighting crime, are what I enjoy the most and what also makes my profession an absolute purpose for me. The threat landscape is ever-changing and constantly evolving, thus requiring a constant curiosity and a drive to keep learning, which is a pursuit I simply cannot get enough of. Furthermore, persistence and resiliency in our roles is paramount…you simply cannot quit or give up. Every day we wake up to new threats from adversaries, creating a complex, variable environment driven by a multitude of motivations depending on their cause. Showing up each day to fight the good fight, regardless of the risks and whatever challenges we might be up against, is a cause that keeps me fulfilled and that I love rallying behind.
RH-ISAC: Sharing and collaboration are key to what we do at RH-ISAC. Can you share a story of how you were helped or when you helped another?
Michael: A recent example is when my team made me extremely proud with the threat intelligence details they gathered and shared with an outside organization. The pride came from my team’s proactive acknowledgment that information sharing was simply about good corporate citizenship at a level broader than competition, it was about the greater industry benefit of cybersecurity resiliency. We had experienced a combination of security events and intelligence that provided indicators an outside organization may have been dealing with an incident. Upon leaning into networked relationships, we were able to directly connect with the organization to share the indicators of compromise we collected that, in turn, helped this organization deal with a larger security issue at hand. This example notes one of many where other organizations have lent similar help to me and my teams, help that I always appreciate.
RH-ISAC: What do you think is the greatest benefit that the RH-ISAC community brings to your company?
Michael: Bottom line, relationships are built on trust. While relationships and trust are easy to say, the reality is it takes work, as you must strive to give as much as you get. Investing in relationships brings collective knowledge, insights into success and lessons learned, critical indicators of compromise that allow you to see yourself broader than you could ever see yourself alone, vendor and technology evaluations, industry change, and an ability to lend and ask for help. A community forging relationships and trust delivers a collective wisdom and resiliency from which the entire industry benefits.
RH-ISAC: What do you enjoy outside of work?
Michael: Golf and travel are both personal addictions that luckily complement one another quite well. Hacking and building computers, reading, video games, board games, and catching up on the latest documentaries, movies, and shows round out other areas of my spare time.