Boardroom Governance with Evan Epstein

Suzanne Vautrinot: From the Military to the Corporate Boardroom, with a Focus on Cybersecurity.

Episode Summary

In this episode, I talk with Suzanne Vautrinot, President of Kilovolt Consulting, a cyber security strategy and technology consulting firm, and a member of the board of directors of CSX Corporation (NASDAQ:CSX), Ecolab (NYSE: ECL), Parsons Corporation (NYSE: PSN), the Battelle Memorial Institute and Wells Fargo (NYSE: WFC). Suzanne retired from the United States Air Force in October 2013 after 31 years of distinguished service, including as Major General and Commander, 24th Air Force, Air Forces Cyber and Air Force Network Operations where she oversaw a multi-billion dollar cyber enterprise responsible for operating, extending, maintaining, and defending the Air Force portion of the Department of Defense global network. She has been awarded numerous medals and commendations, including the Defense Superior Service Medal and Distinguished Service Medal. We focus this discussion on her leadership experience and her transition from the military to the corporate boardroom. We discuss her thoughts and approach to cybersecurity, particularly from the director’s perspective.

Episode Notes

  1. Start of Interview [1:33]
  2. Suzanne's start in the U.S. Air Force [2:50]
  3. Her transition to cyber operations [4:25]
  4. Suzanne's take on transitioning from the Military to corporate boardrooms [7:25]
  5. Adding former military leaders in the boardroom adds to "diversity of thought": "[Board composition] should seek concinnity, rather than falling into the lowest common denominator which would be consensus" [09:07]
  6. At the time of Suzanne's transition to the private sector, "the Government had recognized that [cyber] was an area where there was going to be significant change and significant attention was needed" [11:15]
  7. Collaboration in the Cybersecurity field: "The private sector wants to protect who they are, the Government wants to protect how they know" [13:19]
  8. How to think about offensive and defensive capabilities in cybersecurity: "On the offensive side of cybersecurity you only have to succeed once, on the defensive side you have to protect everything, all the time." [15:42]
  9. General Alexander: "the difference between bolting it in on and baking it in"  [16:00]
  10. "In 2020 we are in the half-way point, we still have an architecture that relies on technology that is fundamentally at risk but technology is getting better and more secure" [17:58]
  11. How sitting on boards in different industries shapes her cybersecurity approach: Battelle Memorial Institute, Parsons Corporation, Wells Fargo, CSX [19:38]
  12. How to think about cybersecurity expertise in the boardroom [22:52]
  13. Cybersecurity education for corporate directors [24:39]
  14. What is the best way for the board to address cyber risk [28:30]
  15. "You want to have good baseline security systems, plus resilience and redundancy" [30:25]
  16. Recommended cybersecurity resources  for directors: [33:03]
    1. Cybersecurity & Infrastructure Security Agency (CISA)
    2. Cyber Scoop
    3. Sans NewsBites
    4. Secureworks 
  17. Recommended Frameworks: [36:48]
    1. National Institute of Standards and Technology (NIST)
    2. National Initiative for Cybersecurity Education (NICE)
  18. "The people in your organization are the  greatest risk vector because that's the easiest path in" [38:56]
  19. How COVID-19 has impacted cybersecurity risks [39:30]
  20. The increase in cyber risks, particularly with "work from home" trend. "the vectors have increased for ransomware attacks involving health professionals. Sans "Work from Home" Guide. [42:45] 
  21. Her take on greatest cyber challenges moving forward: [46:12]
    1. Critical shared infrastructure (power, transportation, etc.)
    2. Supply chains (praising DARPA doing bug bounty program for hardware)
  22. Her recommendations to other directors on cybersecurity matters [51:14]
    1. Ask about current tech or framework and what are the risks to such foundations/systems
    2. Where are you most at risk for litigation (for example: privacy)
  23. Her favorite books [53:21]:
    1. She's a Malcolm Gladwell fan, most recently read "Talking to Strangers" and "David & Goliath."
    2. "Thomas Jefferson: The Art of Power" by Jon Meacham.
    3. "First Ladies" by Margaret Truman.
    4. "Dr Seuss and Philosophy" by Jacob Held.
  24. Suzanne's mentors [55:35]:
    1. Earlier in her career: Gen. Thomas S. Moorman, Jr., Gen. John Shalikashvili, and Col Adelbert Buz" Carpenter"
    2. As a board member: Dan Schulman and Doug Baker.
  25. Her favorite quotes: early in life "Here is Edward Bear coming downstairs now, bump bump bump..." Later: Colin Powell's "Eternal optimism is a force multiplier." John Schofied: "The discipline which makes the soldiers of a free country reliable in battle is not to be gained by harsh or tyrannical treatment..."
     [59:40]
  26. The living person she most admires: Condoleeza Rice [01:02:25]

___

Music/Soundtrack (found via Free Music Archive): Seeing The Future by Dexter Britain is licensed under a Attribution-Noncommercial-Share Alike 3.0 United States License