Episode 11
Steve Zalewski - Former CISO at Levi Strauss & CO; Cybersecurity Advisor; Evolving the Security Vendor Relationship with CISOs
Steve Zalewski was formerly the Chief Information Security Officer at Levi Strauss & Co., a global leader in jeanswear. Prior to Levi Strauss & Co., Steve was the Managing Enterprise Security Architect responsible for cybersecurity critical infrastructure protection at Pacific Gas & Electric Company.
Earlier in his career, Steve has held leadership roles in healthcare security at Kaiser Permanente, and in data protection at Fujitsu, Vixel and DEC.
Steve is a huge proponent for maximal automation of cyber-risk mitigation and containment – people, processes, tools, whatever it takes. He has multiple patents in data protection and multi-processor operating system design and holds CISSP, CISM and CRISC security certifications.
Steve currently provides CISO, security consulting and security advisory services. These include:
• International cybersecurity advisor and trainer since 2017.
• Executive advisory board member for security startups, providing guidance to the executive leadership on sec
Steve is a frequent co-host with David Spark on the CISO Series podcast, Defense in Depth. He has also contributed to mentoring others answering their questions via the Reddit AMA Series – Ask a CISO Anything
Highlights:
0:00 - Introductions and Backgrounds
- Steve highly recommends everyone takes a sabbatical
8:14 – Brutal Truths
- “it’s not get better; what we have now is over 4,000 products that a CISO can choose from as technology and those 4,000 products aren’t solving 4,000 problems – they are solving probably 10 classes of problems. …we are forgetting about the people and the process”
15:15 – “I Learn to Understand the Perspectives of the Individual I’m Working with – the Win-Win”
25:36 - "Am I in the game of profit protection or loss prevention? In my mind, I was internally looking at that."
29:41 - "CISOs are maybe 15 years old as a concept; 10 years old as an operating model and in last 3 years, see it morphing yet again."
42:39 - It Takes a Village!
- "We have a village and a child and it takes a village to raise a child - cybersecurity is very much like this.... we have a common enemy - bad guys are trying to attack the entire villages, so we have to raise the child - have to get better and act differently."
LinkedIn: https://www.linkedin.com/in/szalewski/
Defense in Depth Podcast: https://cisoseries.com/defense-in-depth-cybersecurity-is-not-easy-to-get-into/
r/cybersecurity – Reddit: https://www.reddit.com/r/cybersecurity/comments/m1y256/ama_series_ask_a_ciso_anything/