CISO at Kontoor Brand
Joining the company in 2019, John Scrimsher, is the Chief Information Security Officer (CISO) at the American clothing company, Kontoor Brands.
Tasked with ensuring the protection of information throughout the environment, he also makes sure that the company’s employees are aware of their responsibilities and that there are controls in place to assist them in protecting the data.
Having previously held roles in all areas of the cybersecurity domain, Scrimsher has over 25 years of experience in developing and leading security organisations. This has lent him the ability to effectively insert himself into multiple different industries and gain an understanding that security is about the data, regardless of the type of data.
When the global clothing company started its journey, Scrimsher was able to build a new cybersecurity program from the ground up, hiring a team along the way.
The forward-looking program is focused on ensuring visibility to all data-processing systems and devices. It also understands the need to have a strong asset discovery and management program for manufacturing, edge devices and all areas of the business.
Following certain principles, he has been able to construct a program that covers all the areas of cybersecurity, from vulnerability management, third-party risk management, identity management and also governance, risk, and compliance.
Working with his team, he makes sure they are designing solutions that fit the business and help it to grow further, whilst also keeping it secure.
“Do we have the right level of visibility on the network? Do we have the right level of knowledge of data management? Do we have the right level of information about what's out there? Do I know what the current trends are in these attack methodologies that are used by the bad actors, and are we doing the right things to address those? Those are the questions that I constantly ask myself,” Scrimsher explained.
Today’s digital connectedness generates opportunities – not only for businesses to grow, but for threat actors to infiltrate and inflict damage. Threats to cybersecurity will continue to be a part of everyday life as we become more interconnected.
“The number one challenge is that there's always the fear of not knowing something. So, for me, the role is about asking a lot of questions, always looking for more information. There's always the whole concept of ‘we know what we know, and we know what we don't know’ – what I'm afraid of is not knowing what I don't know,” he added.
Read the full story HERE.
“Sometimes automation is seen as a panacea. We see it as one of a number of solutions, not a silver bullet.”