Career Notes 11.6.22
Ep 124 | 11.6.22

Gary Brickhouse: Riding the wave of growth. [CISO]


Gary Brickhouse: Hello, my name is Gary Brickhouse and I'm a Chief Information Security Officer.

Gary Brickhouse: As a kid, I always had an affinity for computers and technology and sort of the tinkering that came with that, and I think, you know what I didn't know at the time. It sort of set in motion, certainly a career that was rooted in technology and ultimately that's, that's sort of how it played out. Fortunately for me the boom of the personal computer, you know, the boom of the internet, I sort of was able to ride that technology wave, so to speak into a really longlasting career.

Gary Brickhouse: My real desire at the time, I was pretty heavily involved in sports and heavily involved in just coaching, like youth, sports, that sort of thing and so honestly I had a desire to coach and to teach and that sort of all wrapped together and just through a series of events, actually it was a summer job, to be honest with you. I took a summer job building computers for a company and never looked back.

Gary Brickhouse: It's funny, as I look back over the last almost 25 years of a career, it's interesting to sort of take an introspective look at, at how I ended up where I am today. What I found was sort of just, riding the wave of growth and opportunity and trying to take advantage of it along the way. So specifically I think about, some of the big technological changes that were happening early in my career really involved security aspects of, you know, workstations and servers and an enterprise. And so as the company I was sort of dealing with and trying to wrap their arms around it, uh, I was in a good position to learn, uh, as I was sort of supporting more of the IT infrastructure at the time.

Gary Brickhouse: These were all opportunities that I was able to sort of grow into and it really was a pivotal point in my career to change directions, you know, having a good technical base, but able to sort of transition that into just information security and then the sort of the next massive pivot that took place was compliance driven. The company I was with, uh, was really dealing with a lot of, uh, new compliance requirements and through chance, uh, that all ended up on my doorstep. So I became really, really immersed in compliance and again, in controls and regulations, um, which, you know, for some people that seems very boring, but for me it was pretty exciting.

Gary Brickhouse: So, I kind of went down that compliance path pretty heavy and I will say, I ended up transitioning to a different organization and, uh, it was really compliance that was the transitional sort of moment for me into another company and from there, my experience up until that point, you know, very fortunately was enterprise, you know, Fortune 100 companies. So that created a very mature environment around me, sort of to see how all of this governance and risk worked, right? And through that it provided me, uh, just some other opportunity to, you know, continue to grow in that space. And I think one other piece that's interesting. In terms of my personality and what I would say, or more of the soft skills, I always had a desire and a capability to speak, you know, not afraid to get up in front of a room full of people and talk and so I think through that you had this marriage of technical background and some compliance type activities, and you mix that with somebody who could communicate, you know, in business terms and I think as those three things sort of collided, uh, it really created for me, what ultimately turned out to be the primary vehicle that I would leverage really for the next 10 or 15 years of my career.

Gary Brickhouse: Guidepoint was an opportunity for me to, in some ways stretch my legs and, um, really start to build from scratch. There were some opportunities within the organization to basically sort of put on, uh, this security program, building hat, and going and doing that. So for me there was, uh, an enormous challenge to walk in from a cybersecurity perspective, um, to services perspective, to build out for other clients, you know, what sort of my experience had been up until that point and so through that, that just provided again, opportunity to sort of grow as the company grew, uh, in terms of building out, uh, a governance risk and compliance practice. Some of that, again, I think if you go back to some of the initial skill sets that I think were developed in the years prior, again, everything from communication and risk identification, uh, having some technical background, being able to sort of translate technical issues into sort of business language. I think all those things were critical to just continuing to be successful at Guidepoint, both internally and as we interact and interface with our client base.

Gary Brickhouse: My leadership style is definitely not a micromanager, I think. I think, uh, uh, that's sometimes it's easier to say it that way. I think in any organization you wanna surround yourself with really talented individuals, uh, who know what they're doing. Depending on the skill set or, and the role. It isn't just necessarily a hands off, you know, approach. Uh, but what I think over time, the goal right, is to build, uh, an environment that's based on, uh, trust that allows people to make decisions, ultimately if there's a mistake made great, there's room for failure, but how do we, you know, correct that and grow from it, and so for me, I think that's the most imperative piece is, you know, you hire people for a reason and so how do we give them sort of responsibility and ownership, uh, for their respective areas? So I think that's always been a key for me is again, like, you know, people are crazy talented. We wanna empower them, uh, to go use the talent, you know, their knowledge and experience, uh, to make our company a better place.

Gary Brickhouse: My advice for people coming up is, uh, at times I think if you look at the security industry, you may just see sort of one sliver and think that ultimately, you know, if you're not a hacker at heart, uh, then there's not really a path for you. I think to some degree, I would wanna shatter the myth of hey, you've gotta be super technical to sort of get into the field and, and I would say if you want to get in, there are a thousand different paths into the industry overall that some are on the softer side, right, that have to do more with governance and policy and procedure, uh, and compliance and risk, those are sort of these softer skills that you may not know how to break into or hack a website, but, uh, but there's, those skill sets are still highly valuable, um, a across an information security team.

Gary Brickhouse: I think the situations and the circumstances may dictate your effectiveness in a particular organization. For me, I think it, it really is about character and so from the way that I interact with certainly my team, uh, but also my peers, uh, with other leaders in the organization having strong morals and ethics, uh, and just being a good guy. I mean, to me, you know, at GuidePoint, we have one of our core values is no jerks and just being able to walk away, uh, from a career where I have a network of people who certainly I wanna be respected for my craft in what I know and have done in the industry, but frankly, I more want them to, uh, respect me as an individual who did the right thing.