Episode 11

Steve Zalewski - Former CISO at Levi Strauss & CO; Cybersecurity Advisor; Evolving the Security Vendor Relationship with CISOs

Published on: 2nd December, 2021

Steve Zalewski was formerly the Chief Information Security Officer at Levi Strauss & Co., a global leader in jeanswear. Prior to Levi Strauss & Co., Steve was the Managing Enterprise Security Architect responsible for cybersecurity critical infrastructure protection at Pacific Gas & Electric Company.

Earlier in his career, Steve has held leadership roles in healthcare security at Kaiser Permanente, and in data protection at Fujitsu, Vixel and DEC.

Steve is a huge proponent for maximal automation of cyber-risk mitigation and containment – people, processes, tools, whatever it takes. He has multiple patents in data protection and multi-processor operating system design and holds CISSP, CISM and CRISC security certifications.

Steve currently provides CISO, security consulting and security advisory services. These include:

• International cybersecurity advisor and trainer since 2017.

• Executive advisory board member for security startups, providing guidance to the executive leadership on sec 

Steve is a frequent co-host with David Spark on the CISO Series podcast, Defense in Depth. He has also contributed to mentoring others answering their questions via the Reddit AMA Series – Ask a CISO Anything

Highlights:

0:00 - Introductions and Backgrounds

  • Steve highly recommends everyone takes a sabbatical

8:14 – Brutal Truths

  • “it’s not get better; what we have now is over 4,000 products that a CISO can choose from as technology and those 4,000 products aren’t solving 4,000 problems – they are solving probably 10 classes of problems. …we are forgetting about the people and the process”

15:15 “I Learn to Understand the Perspectives of the Individual I’m Working with – the Win-Win”

25:36 - "Am I in the game of profit protection or loss prevention? In my mind, I was internally looking at that."

29:41 - "CISOs are maybe 15 years old as a concept; 10 years old as an operating model and in last 3 years, see it morphing yet again."

42:39 - It Takes a Village!

  • "We have a village and a child and it takes a village to raise a child - cybersecurity is very much like this.... we have a common enemy - bad guys are trying to attack the entire villages, so we have to raise the child - have to get better and act differently."

LinkedIn: https://www.linkedin.com/in/szalewski/

 Defense in Depth Podcast: https://cisoseries.com/defense-in-depth-cybersecurity-is-not-easy-to-get-into/

r/cybersecurity – Reddit: https://www.reddit.com/r/cybersecurity/comments/m1y256/ama_series_ask_a_ciso_anything/

Next Episode All Episodes Previous Episode

Listen for free

Show artwork for The CISO Diaries

About the Podcast

The CISO Diaries
The path to cybersecurity leadership is not a direct route and it's those divergent routes that create the amazing stories and histories of leaders who are driving security to keep businesses and people safe.

We’re Leah McLean and Syya Yasotornrat and we intend to give CISOs and cybersecurity professionals a place to be their authentic selves. These are the unedited stories told of how they got into cybersecurity, the real struggles they’ve persevered through, personal anecdotes that make them tick, and leadership advice based on experiences.

We aren't the kind of cybersecurity podcasts that focuses on the technologies, or recent incidents. We are the podcast that focuses on the people behind the headlines and the incredible diversity of experiences and backgrounds. (And it's not lost on us that we're two awesome female hosts)!

Let's face it: we are a cybersecurity tribe and we need all hands on deck!

We hope you enjoy our CISO diary entries.

After all, we're only human, right?

Special thanks to our sponsor, Cyber Future Foundation, a non-profit global cybersecurity executive leadership community, where leaders, thinkers, and futurists discuss and develop actionable guidance and frameworks for a trusted and safer world.

About your hosts

Syya Yasotornrat

Profile picture for Syya Yasotornrat
Syya is a tenured tech sales professional with her time at SonicWALL and Hewlett Packard (HPE) with some hospitality at the Walt Disney Company and IT recruitment experience in the mix. She is currently a podcast strategist and consultant, helping others to bring out their voice and legacy through podcasting. She loves to learn and talk about anything, so feel free to reach out!

Leah McLean

Profile picture for Leah McLean
Leah is Vice President, Cybersecurity Specialist at Mastercard. She is focused on implementing strategy and programs to evolve cybersecurity risk management approaches and cybersecurity awareness and training. She actively contributes in community working groups to advance cybersecurity risk management and third-party risk. Leah is also a mentor to candidates breaking into cybersecurity careers, and collaborates with employers to rethink their workforce and hiring strategies.
Leah is a co-founder at Whole Cyber Human Initiative, a non-profit focused on redefining how we identify, train, equip, advance knowledge, and build workforce development within IT and Cybersecurity. She also volunteers for Cyber Future Foundation, a non-profit driving workforce development initiatives and private and public sector collaboration.
Previously Leah held senior level roles as a cybersecurity practitioner at Armor, a cloud security company protecting data for SMB and mid-market customers, Apstra (acquired by Juniper Networks), A10 Networks and Cisco Systems. Leah serves on the Board of Advisors for Cloud Defense, Inc., a breach visibility cloud security startup and is on the board for the Cloud Security Alliance North Texas Chapter.
Leah holds a bachelor’s degree in Political Science, with an emphasis in International Relations from the University of California, Santa Barbara. She is an active outdoor junkie always chasing adventure.