Mark Goldstein Value PropositionI protect corporate, customer, and employee data in a complex legal, regulatory, andtechno...
Compliance – I worry about reduction in incidents rather than percentage of compliance.“Compliance hawks” use checkboxes t...
Upcoming SlideShare
Loading in …5

Mark Goldstein Value Proposition


Published on

What the resume doesn't tell you.

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Mark Goldstein Value Proposition

  1. 1. Mark Goldstein Value PropositionI protect corporate, customer, and employee data in a complex legal, regulatory, andtechnological environment that changes daily. I started in cybersecurity/privacy as the victim ofID theft and have seen how threats affect families, organizations, and now our national security.As a MBA with 20+ years working in various functions I combine process & technology, alongwith the critical component, the people to make the protection of data embedded in theorganizational DNA.The nexus of cybersecurity, privacy, and business ComplianceWorking across the ecosystem/know the parts CollaborativeFocus on the customeremployeethe human Protect the data like it’s your ownSpeak the language of business Future focus/proactive strategyData is everywhereThe nexus of cybersecurity, privacy, and business – Security is how you protect data. Privacyis what you do with the data. Both have the same goals but they take different paths. It is easy tofind someone who knows cybersec or privacy but not easy to find someone who covers bothfields. I integrate privacy practices (i.e., privacy by design, privacy assessments) and securitypractices (i.e., least privilege, strong passwords) with a focus on business objectives. Havingworked in customer service, engineering, IT, project management, salesmarketing, I connectprotection of information across business operations and the critical element, employees, to makeit part of the enterprise’s DNA.Working across the ecosystem/know the parts – Cybersecurity & privacy issues are complexincluding technology (encrypting data in motion/at rest), human behavior (how to getcustomers/employees to create strong passwords), current events (breaches, FTC settlements,competitive changes), and legal/regulatory (what will the Supreme Court say about privacy, willCongress enact breach legislation). I understand the components of this ecosystem protectingdata whether it is in the cloud, in a smartphone, or in an employee’s laptop.Focus on the customeremployeethe human – Often organizations focus on technologicalsolutions while short-changing the human side of the equation. People can do great damage.Connect employees with consequences of their actions. Engage people in the process. Take thecomplexity out of cybersecurity/privacy.Protect the data like it’s your own (and often it is) – I’m a passionate protector of all kinds ofinformation from financial data and intellectual property to company, customer, and employeedata. This comes from being the victim of ID theft as well as sitting in kitchens of dozens ofcustomers who were severely affected by malware, ID theft, and reputational damage. This isserious stuff! Spread the passion to employees.Collaborative – When working across organizational functions, collaboration is essential. Findsolutions that are wins for multiple groups. I started quarterly reviews between AOL’s privacyand cybersecurity teams. This not only increased “eyes” looking for potential issues but itenhanced the value of each team.MG Value Proposition 1 1 December 2011 (Ver. 1.4)
  2. 2. Compliance – I worry about reduction in incidents rather than percentage of compliance.“Compliance hawks” use checkboxes to ensure privacy and security. They think their job is donewhen they check off all of their compliance metrics. Compliance is important but it should setthe “minimum floor.”Speak the language of business – Effectively communicate the value of privacy/security Ispeak the language of CFO’s who are concerned with ROI of cybersecurityprivacy investments,chief marketing officers who worry about brand perception, chief legal officers who worry aboutFTC investigations, and CEO’s who want to ensure risk is mitigated.Future focus/proactive strategy –Changes happen fast in cybersecurity/privacy. Just read thenews. While it is important to know what happened to ensure it doesn’t happen again, Iproactively find the vulnerabilities and the areas that will be getting the attention of privacyadvocates and regulators. I ensure employees are proactively trained to be cybersecurity/privacysensitive and to use privacy/security by design when creating new products. Cloud computing,mobile data management (MDM), “big data,” consumerization of IT, hacktivism, and mobileapps are causing major changes. I understand these issues and anticipate the next issue.Information security doesn’t end at the company’s gates – The touch points with customersare growing through mobile apps, social networks, e-commerce sites, call centers, and traditionalbricks-and-mortar. Partners, vendors, and suppliers have access to sensitive data. Data flowseverywhere and there is a need to know where. At AOL I mapped dozens of data elements atoutsourced call centers, marketing partners, and service providers.MG Value Proposition 2 1 December 2011 (Ver. 1.4)