Limit access to sensitive spots within the organization as much as possible; the fewer who have access, the better the protection, and it will be easier to find weak points.
Make cyber awareness and protection as important to the entire team as culture, quality and performance, hold regular reviews to ensure that everyone is aware of the latest protections, and onboard for what is quickly becoming as critical to successfully managed, high-performance and protected businesses as innovation, quality controls, and customer service.
As a part of our series about “5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity”, I had the pleasure of interviewing John J. Keller, Managing Director at Raines International where he leads the CEO, General Management and Board practice as well as the Innovation & TMT practice. John started his career as an investigative reporter covering consumer stories, the media, in later years technology and telecommunications for The Wall Street Journal, BusinessWeek and CNBC during an era of momentous change. He then switched careers to Retained Search/Advisory work, joining one of the search industry’s top global firms to recruit CEOs and Board Directors while also building major practices in Tech, Telecommunications and Assessment. He has been recruiting CEOs, senior leadership and board directors ever since — a journey made all the more rich by his family, friends, charitable giving and the music he can summon from his guitars when he isn’t avidly reading history. John’s work centers on the Technology, Media, Digital, Data and Telecommunications sectors. He also aids clients seeking an infusion of Technology/Digital senior talent.
Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?
I was born in New York City’s borough of Queens and am of Irish (father, deceased) and Italian (mother, deceased) descent. My parents divorced, and my mother raised my brother, sister, and me alone. I have been working since 13 and pursued journalism in college and professionally for 20+ years, first covering media, then technology and telecommunications. I became a founding editor of CommunicationsWeek, at the time the most successful startup of a trade publication, then about four great years at BusinessWeek as an industry editor and reporter; finally just under 10 years at The Wall Street Journal as a senior editor and reporter for which I won a bunch of awards for my coverage.
There came a point where I felt I did all I could successfully at the Journal and wanted to try getting into something completely different where I could apply the investigative reporting skills that I used in covering business and management to new use as a recruiter of CEOs, senior executives, and board directors. This has been my career life ever since. And I feel I have been truly blessed to have had a great career in two completely different industries where I have been able to leverage my skills, work with incredibly smart people, and bring real change and great results via leadership to our clients.
Today, I run our Innovation & TMT (I&TMT) Practice at Raines International Inc. TMT stands for Technology, Media & Telecommunications — the areas that are driving the most change in our world today from Mobility to the Internet of Things to Streaming to Digital Platforms and Autonomous Transportation. Very exciting, but also a world increasingly in dire need of protection, given that billions now depend on this Technology and Software-driven world every minute, exposing much of their personal lives and critical information to companies and individuals everywhere.
At Raines, we have combined the experience of our I&TMT Practice, where our focus is on finding Innovators and Difference Makers who take businesses and organizations to a whole new level, with that of our Aviation, Aerospace & Defense Practice run by my gifted partner Patrick Gray. We see these sectors dovetailing with the critical need for cyber security. Patrick and I share the belief that Raines’s offerings can truly make a difference in bringing cyber expertise to the C-Suite and boardroom of every company and organization. We see a desperate need for this position to be up-levelled substantially, and we are committed to driving this to a whole new level of management commitment.
Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.
Not one story in particular but rather the very scary preponderance of massive breaches and their escalating frequency, as well as heretofore unsettling consequences of the digital age and mobile networks including the ability to exploit the wrist fitness devices worn by military personnel during their off-hour workouts to identify the locations of critical military installations. We are all connected in one way or another; our personal information resides in databases everywhere, including with healthcare providers, but the level of protection today has been proven time and again to be a sieve. Imagine the U.S. with the world’s most powerful Navy and every vessel has leaks everywhere. Cyber intrusions, hacking, the vulnerability of our systems and institutions, our power grids and operating rooms, our medical information remains exposed. It IS that serious.
Can you share the most interesting story that happened to you since you began this fascinating career?
I have been fortunate to have led a life most interesting and full of such stories, but I think the ones that constantly stick in my mind are the ones in which improper leadership (the wrong people in the wrong chairs) made decisions that hurt cultures, customers, value and the success that should follow. I reported on these situations firsthand as a business journalist, and I have been privileged to have the opportunity to help course-correct such situations by finding outstanding leadership for my clients. My colleagues and I plan to do the same in cyber security.
None of us are able to achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?
That’s a good question. My mother, who raised three kids on her own, while holding down a demanding job, and saw them grow up to be a journalist, a doctor (my brother) and a teacher (my sister). She was a beautiful, caring person to all who knew her, and she could also be tough when the situation called for it. In the same way, she battled cancer for many years until it finally won. She taught me and my siblings how to care and when and how to fight.
As far as career goes, I have been very fortunate to have had some terrific mentors — writers, editors, partners in search, etc. — and I try to mentor others whenever I find the opportunity. But the one person who stands out for me was himself a very successful, caring entrepreneur and publisher. He and his wife escaped the Nazis to come to the U.S., and with his wife, a brilliant engineer, they started a very successful publishing company as well as a family. When my immediate editor tried to block my opportunity to help start another publication for the company, I quit on the spot. When Gerry learned of my decision, he summoned me to his office and let me know how proud he was that I pushed back. He promoted me on the spot. “Don’t ever EVER let anyone stand in your way.” I have heard his words in my head ever since.
Are you working on any exciting new projects now?
I’m currently focused on CEO and senior executive projects that call for massive change and substantial growth of companies. These, of course, are confidential projects, mostly for public companies and Private Equity, and must remain so.
How do you think that will help people?
Transformation, keeping management focused on blue ocean growth, innovation, and people/cultural excellence helps everybody. Lose that focus, take your eye off that ball, and it may be too late to avert disaster. We find the talented leadership who get things back on track, renew growth, restore cultures, save businesses, and create great value. In my past alone this has included the very public turnarounds at bankrupt MCI (Worldcom) and the once-struggling Sprint Nextel; the complete overhaul of Comverse Technology; and the assignment to save a broken U.K. cable company by bringing it a truly gifted new CEO, team and board that transformed the business into Virgin Media and led the business to a 28 billion dollars sale to Liberty Global. A seriously flawed and struggling startup pioneer in satellite radio broadcasting turned into today’s game-changing SiriusXM after a great CEO and the senior team we helped him recruit transformed its strategy and operating plan. By helping such businesses, we help people — investors, employees, customers.
What advice would you give to your colleagues to help them to thrive and not “burn out”?
Only take on work where you are certain you can make a difference and in which you can pour your passion and commitment. Otherwise, walk away.
Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry, as it is today, is such an exciting arena. What are the 3 things that most excite you about the Cybersecurity industry? Can you explain?
The endless technical challenge of keeping all of us safe never goes away and won’t for many years to come. This is rocket science, especially as the brilliant Yuval Harari reminds us, soon it will be possible for hackers to hack into the technology placed within our bodies and possibly even some of our brains. Scary stuff, and it will take exceedingly gifted and committed management — capable of performing on an entirely new level of vision and implementation — to deal with this future and keep us safe. We search, identify, and place such management, and the challenge of finding these leaders grows by the day. Tell me this isn’t exciting!
Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for?
Job 1: Companies must commit to understanding that the threat is real, and everyone — and I mean EVERYONE — on the team needs to be focused on cyber and security. How many times do we see one of these disasters and after scratching beneath the surface to find the root cause, learn that someone in IT ignored a security software patch or an office worker took a call from a crook posing as an executive and wired millions of dollars to the hoaxer. Hospitals have been hacked, and they still lack the IT sophistication in many ways of our banks and other organizations. Schools have been breached. Uber recently announced a massive theft occurred a couple of years ago involving tens of millions of customer accounts, but the company never notified the public (including me, by the way, since I have had an Uber account for years and probably so do you!) This is impacting all of us, including some of the most vulnerable people in our society.
So, Job 1: Heal thyself or at least start trying TODAY. Review all procedures and technical protections in place today. Elevate this role to the C-Suite immediately alongside your CIO and/or Chief Technology Officer. And bring on a Cyber/Security expert onto your board because your IT, your data is your most important asset besides people, and someone is already trying to steal it.
Job 1.1: Recognize that the world is in cyber crisis, heightened massively now by COVID-19 and the hunt for sophisticated medical treatments including major clinical trials involving new vaccines. Cyberattacks aren’t going to go away. The cyber threat will continue to metastasize. It is critical that businesses and organizations do everything they can to stay in front of this threat, by making sure their technology and physical security preparations are up to date.
What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?
Raines and its IT providers are constantly reviewing our tech procedures for the critical/private data we handle daily.
How does someone who doesn’t have a large team deal with this?
True not every business can be JPMorgan Chase & Co.or one of similar scale and sophistication. So hire excellent outside expertise, develop choices of providers, and reference the hell out of your top two choices to ensure their actions and results resonate well with your passion for keeping your business safe as well as your commitment to staying in front of the cyber threat.
How would you articulate when a company can suffice with “over the counter”software, and when they need to move to a contract with a cybersecurity agency, or hire their own Chief Information Security Officer?
That’s a decision for the technology experts running your technology. They are the ones put in charge of making such bets. And numerous players have cropped up with brilliant managers to guide them. So, the technical expertise and tools exist today and are growing in sophistication. Blockchain could be a further brilliant defense of data. But as it pertains to these experts, my advice is apply the same scrutiny to cyber solutions providers — some of whom may be tech friends in the business — that you would provide to the doctor and hospital who is going to deliver your new heart. Put your providers on the hot seat and for something so critical. No supplier should get an easy ride into your IT/data jungle.
As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a lay person can see or look for that might indicate that something might be “amiss”?
A simple questionable email from an unknown source could expose an entire company and breach its firewall. Employees need to be trained to be vigilant even if it is an email posing as their CEO. Stay alert! Most businesses have rules that employees sometimes ignore or work to get around because they become cumbersome, especially in a company that values agility. Management must ensure the rules are sensible, easy to understand and workable; workers need to speak up when they see a deficiency. Again, everyone on the team needs to act with cybersecure intentions and intensity. As a consumer, change passwords frequently and never use one to open many different password-protected accounts. Store these passwords in a safe place. Personal finances are frequently a target, so check your statements frequently to make sure you haven’t been hacked. Be on the lookout for phony phishing and sketchy services pushing for downloads. These are some things each of us should be aware of and remain vigilant.
After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?
Lock down systems and network access immediately; send word to your ecosystem of relationships upon which your business and others connected to it depend on. For example, an attack on a component supplier to a manufacturer may open that manufacturer to a breach as well. Major and minor consulting companies are sometimes joined at the hips of their business relationships. The entire ecosystem needs to be in sync and protecting one another lest one fail on security and put the entire group in jeopardy. Also, be transparent and get the word out as quickly as possible. The cyberattack on Equifax cost millions of consumers dearly, and investors saw their Equifax stock get hammered by the late disclosure. Organizations have come to learn the hard way that information delivered late can be much more harmful when it finally comes out than if the disclosure had been made when the breach was first discovered.
Since the COVID19 Pandemic began and companies have become more dispersed, have you seen an uptick in cybersecurity or privacy errors?
It seems like more than a few occurred this year or were revealed this year. It hasn’t been a slow news year for cyber crooks, for sure.
Can you explain?
The impact is evident and the potential harm obvious especially where financial details of consumers or their private health records may have been exposed.
Ok, thank you. Here is the main question of our interview. What are the “5 Things Every Company Needs To Know To Tighten Up Its Approach to Data Privacy and Cybersecurity” and why? (Please share a story or example for each.)
- Elevate the cybersecurity role to C-Suite in the same way the National Security Council is Cabinet level in the U.S. government. Nothing less should also be committed to your board. Bring a cyber expert onto the board of directors;
- Constantly review and refresh cyber procedures, including training all employees and evaluating technology solutions;
- Share as much as possible if your business or organization is tied to an ecosystem of dependent players. You are only as safe as those connected to you and vice versa. So, collaborate with your partners in cyber protection, share experiences and best practices; communicate constantly and especially when problems arise; call out those who don’t play ball.
- Limit access to sensitive spots within the organization as much as possible; the fewer who have access, the better the protection, and it will be easier to find weak points;
- Make cyber awareness and protection as important to the entire team as culture, quality and performance, hold regular reviews to ensure that everyone is aware of the latest protections, and onboard for what is quickly becoming as critical to successfully managed, high-performance and protected businesses as innovation, quality controls, and customer service.
How can our readers further follow your work online?
This was very inspiring and informative. Thank you so much for the time you spent with this interview!