Mike Gross has over 15 years of experience in IT and cybersecurity, and throughout his career has been focused on building strong, proactive security programs, ensuring he aligns with the business, and continues to grow healthy security cultures. Mike holds a master’s degree in computer science concentrated in security and has a multitude of industry certifications.
Mike began his career working in systems and IT manager roles before moving into analyst, manager, and now senior leadership positions. As he advanced in his career, Mike had more exposure to security functions and how to successfully build teams and programs across different industries.
BUILDING A STRONG SECURITY PROGRAM
Currently, Mike works at Globalization Partners (G-P), which provides services for global employment HR, legal and compliance support. He began working at G-P over four years ago, starting as an Information Security Manager before moving into a Director, and now a Senior Director of Information Security role. He oversees the entire security program, leads a team of security practitioners, and collaborates across the business.
As the first security hire at G-P, Mike was responsible for building a program from the ground up. Having previous experience was immensely helpful and Mike leveraged that to implement strong security policies and set a clear roadmap for proactive growth.
Mike’s success is built on his passion for security, he explains, “I’ve always been a very security minded person and helping secure companies is what I enjoy doing with my time. I am really passionate about it. It always makes the job easier, when you really like what you do.”
Mike has grown his skillset and capabilities as the company has grown organically over time. When he started, he began working on foundational security components. And as the company grew, Mike ensured the security program grew alongside it and continued to align to the business goals. He ensures they receive appropriate resources to continue to grow the team, their technology stack, and to build out policies. He comments, “In the four years that I’ve been here, besides getting promotions, I’ve gotten more and more budget to work with. I’ve gotten more budget specifically on people to grow the team because there’s been times that I’ve said this job for one person has grown into the job for two or three people. And to manage a work life balance, I’m going to need to hire someone else.”
THE IMPACT OF ARTIFICIAL INTELLIGENCE AND AUTOMATION
One of the organization’s current initiatives is around integrating AI into their products, specifically helping people hire in any of the 180 plus countries around the world. Mike shares, “The great thing is that it doesn’t matter what country you are in, hiring in, or looking into hiring in. What this enables us to have is a large group of professionals who have the collective knowledge of all the HR and legal requirements of working in 180 plus countries around the world. What is difficult at times, especially for sales functions or other things where we’re trying to answer questions for people, is when people have specific use case questions that are niche to their region. For example, say you need to hire someone in Vietnam, instead of an HR manager having to go do their own research and look into specifics, we can use generative AI instead. You could be having a live conversation and instantly know all of the key federal holidays in Vietnam.”
He continues, “It’s a specific type of data set that we’re trying to protect. It is a very advantageous data set to have for any company that’s looking to expand globally. And protecting that and making sure that we’re being good custodians over that data is a very important.”
From a security perspective, Mike must ensure he is involved in strategic planning, so he understands the current and future business goals. Specific to AI, Mike must ensure he is protecting the data, the controls, and anything else involved in this type of AI technology being utilized.
Another area of focus for Mike and his team is automation. For example, he says the mean time to remediation or MTTR can increase significantly with large gaps and could cause a compromise. He says automation is the fastest way to get as small a MTTR as possible, and they’ve shifted their mentality of how that should work. He comments, “Automation has allowed us to speed up certain processes. For example, mean time to remediation or MTTR is really important for us to reduce the amount of time it takes, because the longer it takes, the easier it is for some type of compromise to occur. Through automation, we have sped up our MTTR which in turn shifted our team’s mentality of how the process should work. Typically, we had AppSec team members looking at scanning results then sending some false positives off to engineering for them to review. Now, that process is automated, and engineering receives that data as quickly as it comes out of the scanner.”
COACHING A SUCCESSFUL TEAM
Mike leads his team with compassion and a coaching mindset. The organization is global, and Mike has team members across the world helping with security related functions, to ensure they have 24/7/365 coverage.
He explains, “I have a global team because we are a global company. We have someone in Europe, India, Singapore, and other areas all helping with security related functions. As the company has grown, our team has grown as well.”
Not only has Mike’s team grown in size, but he ensures their skillsets are continuously honed, and that he has instilled a strong security culture that emphasizes a work life balance. He comments, “I find work life balance to be very important. I’ve told everyone that I’ve hired that work life balance is valued here. And I always want to make sure that we are keeping in mind that when people are hired and also after we have hired them, so they now we are still keeping it as a focus. It has been great to afford that to my team. We are also about 50/50 female to male and have great maternity or paternity leave. All of these things demonstrate that we care about our employees and value them.”
Having a global team means Mike has opportunities to learn about people across the globe – their cultures, beliefs and values. And ensure he meets them where they are and works with them in the best way possible based on their specific skillset and approach to work.
DATA GOVERNANCE
“Data governance is making sure you have all the policy documentation and structure set up to properly govern data at your organization. Building sophisticated programs around that has always been part of the MO in general of any company that I’ve worked at. For instance, it’s a big part of the GRC team that I’ve built here. Making sure that we’re focusing on products and certifications that can help provide value to our customers is very important. As time has gone on, though, it’s kind of seen that those are great programs to have, but how are you able to demonstrate them other than just having an ISO 27001 or SOC 2 Type 2 report? And how are you demonstrating to your customers on a regular basis that you are maintaining these things? We focused on technologies that can help us align to demonstrating that type of continuous compliance. It’s how you can demonstrate that you’re doing a good job instead of just telling people that you’re doing a good job.”
Subscribe
Stay up to date with cyber security trends and more