Glendon Schmitz is the Chief Information Security Officer at the Virginia Department of Behavioral Health and Developmental Services emerging as a trailblazer in the intricate landscape of cybersecurity. His journey is a narrative of strategic foresight, deft leadership and a relentless commitment to fortifying the digital frontier.
Amidst the dynamic evolution of technology, Glendon’s reputation as a global cybersecurity visionary is not just a title but a reflection of his impactful trajectory. Hailing from a distinguished background in the U.S. Air Force and government agencies, he has steered the development and management of security systems with unparalleled success. His expertise lies in crafting and executing forward-looking support structures, scalable infrastructures and robust architectures aligning seamlessly with business imperatives while fortifying security measures.
Glendon’s impact is not confined to conventional measures. As the overseer of cybersecurity at 12 Virginia state mental health institutions, he leads a team of information security officers, diligently monitoring and orchestrating a comprehensive vulnerability management program that achieved remarkable risk and threat mitigation. His executive role extends to being a key leadership team member, providing critical insights into evolving cybersecurity risks, threats and strategies.
Glendon’s approach extends beyond conventional measures. His strategic implementation of a DevSecOps program and collaboration with the IT department to establish an IT Investment Board showcase innovation in tandem with industry best practices. This intersection of security and business objectives is further underscored by his introduction of a risk management framework, deploying AI and championing synthetic data solutions.
However, Glendon’s impact reaches beyond technological fortification. A driver of continuous improvement, he instituted an enterprise-wide asset inventory management program ensuring meticulous documentation and evaluation of IT and application inventory. His commitment to awareness and privacy is reflected in the execution of a comprehensive cybersecurity awareness and HIPAA privacy training program for thousands of employees across dispersed facilities. He is sculpting a resilient and secure digital landscape for the Virginia Department of Behavioral Health and Developmental Services.
Let’s delve into a narrative of innovation, collaboration and a relentless pursuit of excellence in safeguarding sensitive data and infrastructure!
Unlocking Growth
Artificial Intelligence is evolving very quickly and its disruption is causing all businesses to refocus on how they will achieve their objectives both in the short and long term. Glendon highlights the pivotal role of GenerativeAI in accelerating business growth when harnessed judiciously. He cautions against outright denial of these emerging AI technologies urging a measured approach. These new AI technologies should not be denied for the sake of security. Instead, he advocates for a comprehensive assessment of risks and the implementation of robust guardrails to safeguard businesses.
Crucially, Glendon underscores the need for security to collaborate closely with the business, understanding its risk appetite. “Security needs to work alongside the business to secure solutions that align with the organization’s risk appetite,” he emphasizes. This balanced perspective encourages businesses to embrace the potential of AI while prioritizing security measures tailored to their unique risk profile. As AI continues to shape the future, His insights provide a strategic compass for navigating the intersection of innovation and security.
Building Trust, Leading Remotely
Upon assuming his current role, Glendon encountered a cybersecurity landscape that was initially relegated to an afterthought with organizational maturity at a minimal level. Compounding the challenge was the geographical dispersion of the organization across the Commonwealth of Virginia. Reflecting on the early days, He remarks, “When I first came on board in my current role, cybersecurity was an afterthought and the maturity level of the organization was barely existent.”
The timing presented an additional hurdle as the onset of COVID-19 mandated an abrupt shift to remote work. For Glendon, this meant addressing three pivotal challenges swiftly. “I had three primary challenges to work through very quickly,” he recalls. Firstly, he embarked on building trust not only within his team but also with IT leadership across 12 hospitals and the Central Office. The emphasis on relationships was foundational. He underscores, “By cultivating healthy and trusting relationships, I was able to raise cybersecurity awareness across the organization.”
Secondly, the shift to remote work necessitated a recalibration of leadership strategies. Glendon adeptly navigated this by learning how to lead from a distance and fostering a highly efficient remote security team. The third challenge involved securing the remote workforce environment, a task he addressed through collaboration and strategic alignment with the Chief Information Officer (CIO). “I worked extremely closely with the CIO to ensure that both of our objectives and efforts were aligned,” he notes.
The culmination of these efforts propelled cybersecurity from the shadows of the back office to the forefront of daily operations. His approach, grounded in relationship-building and strategic collaboration, not only elevated cybersecurity awareness but also positioned it as an integral component of the organization’s overarching objectives. As Glendon aptly puts it, “It’s through these trusting relationships that cybersecurity professionals will find success within their organizations.”
Symbiosis of Success
Glendon underlines the imperative for his teams to align with the broader organizational goals reflecting exceptional leadership. “My job is to take the strategic objectives of the organization and translate them into operational and tactical tasks for my teams,” he affirms. The translation of strategic vision into actionable tasks is crucial for success requiring seamless collaboration with cross-functional teams.
Glendon highlights the symbiotic relationship between the success of security teams and the overall prosperity of the organization. “Only by fully understanding and translating the strategic goals and working together with cross-functional teams within the organization will my security teams be successful,” he stresses.
Glendon underscores the necessity for agility and flexibility in the dynamic realm of cybersecurity. The security teams must remain agile and flexible to be able to meet these objectives. This adaptability is paramount in navigating the complex and ever-evolving global threat landscape, ensuring not just defense but strategic resilience for the organization’s sustained success.
Elevating Security Culture
Security is a support function of the business. In transforming cybersecurity into a business enabler, Glendon asserts, “By introducing a risk management approach, my teams go beyond the support function.” Recognizing the pitfalls of neglect, he emphasizes the importance of avoiding shadow IT and reducing overall business risk. In the decision-making process, he involves key stakeholders fostering collaboration.
“We brief the overall risks the solution presents to the business,” he explains. The emphasis on careful evaluation, risk mitigation and collective agreement ensures that solutions are implemented with the business owner’s informed acceptance of residual risk. This approach, as Glendon notes, strikes a balance securing the environment at the right level to empower the business without impeding its objectives. The collaborative involvement of the business in cybersecurity decisions contributes to an elevated security culture within the organization. In his perspective, it’s not just about securing systems—it’s about fostering a collective responsibility for the organization’s security.
Mitigating Risks
In revolutionizing data security, Glendon shares a game-changing strategy, stating, “We have deployed an AI solution that can generate synthetic data, a true representation of our production data.” This innovative approach significantly mitigates the risk of breaches by two-thirds in lower environments. Collaborating with the business, he aims to shift from traditional data sharing to providing partners with synthetic data sets ensuring a realistic depiction of production data. This transition not only safeguards against breaches but also minimizes the exposure of Personal Identifiable Information (PII) and Personal Health Information (PHI). The move from data sharing to data use agreements accelerates the data provisioning process for partners.
Furthermore, Glendon reveals a proactive stance against ransomware and breaches, asserting, “We are exploring the use of synthetic data only within systems for analytic purposes.” This strategic shift to exclusively employ synthetic data ensures a risk reduction to zero. In the event of system compromise, wiping and recreating environments with new synthetic datasets becomes a swift recovery solution. He stresses that this not only enhances security but also expedites the business’s return to operational status. The integration of synthetic data not only fortifies data security but also positions the organization at the forefront of resilient and efficient data management practices.
Guiding Principles
Glendon accentuates the critical need for continuous learning in cybersecurity in the ever shifting tech realm. “Continuous learning is an absolute must if today’s cybersecurity professional is to be successful,” he asserts.
Glendon adopts a proactive approach personally delving into new technologies to comprehend not just their functionality but also their potential applications within his organization’s business units. This proactive stance positions him to assess potential threats and guide his teams in risk mitigation. To stay abreast of the ever-changing technological horizon, Glendon actively participates in conferences, both in person and virtually. He recognizes the invaluable insights gained from interactions with other Chief Information Security Officers (CISOs) across various industries.
The underlying principle in Glendon’s philosophy is a steadfast commitment to learning and seeking advice. In his exact words, “Never stop learning and never stop seeking advice and help from others.” In acknowledging the importance of reaching out for assistance, he reframes it as a sign of strength, not weakness. This willingness to seek help and recognize the limits of one’s knowledge, according to Glendon, is a crucial step towards becoming a more effective leader. As the technological landscape continues to evolve, his approach serves as a guiding principle for cybersecurity professionals encouraging a mindset of perpetual learning and collaborative knowledge exchange.
Business-Driven Security
Glendon champions the vital principle of C-Suite engagement. “By reaching out and meeting regularly with other C-suite executives, I am able to gain insight into what the other business units’ objectives are,” he affirms. This proactive engagement not only fosters trust but positions his teams at the inception of projects, ensuring that security is seamlessly integrated rather than retroactively added for compliance purposes. Glendon underscores a critical distinction, stating, “As a security professional, compliance doesn’t equal security.” The essence lies in partnering with business units from project initiation, a strategy that not only secures the environment comprehensively but also diminishes risks.
The collaborative approach advocated by Glendon enables cybersecurity to align with business goals, facilitating the realization of objectives without impeding progress. “Only by partnering with the business units early in projects are we able to fully secure the environment, drive down risks and enable the business to realize their objectives without being a hindrance,” he emphasizes. In embracing this approach, Glendon not only bolsters security but establishes a foundation for a harmonious intersection of cybersecurity and organizational success.
Building Trust, Breaking Egos
“Be bold! Be creative at finding solutions to your problems,” he encourages. Recognizing the interdependence of security and IT, Glendon accentuates the importance of collaboration. “Partner with the IT teams and understand their challenges and how the cybersecurity team can help solve them,” he advises. Highlighting the reciprocal impact of their actions, he stresses, “Remember, what you do as a security team affects the IT team and what the IT team does affects security.”
Crucially, Glendon advocates for humility and a collaborative mindset. He asserts, “Check your ego at the door. Build a network of other cybersecurity professionals whom you can discuss your challenges and ideas for solutions,” he suggests. Trust emerges as a cornerstone in his philosophy. This trust, coupled with collaboration and creativity, not only empowers the cybersecurity team but contributes to the collective success of the team, the leader and the overarching business objectives.