Welcome to Speed Data: Quick Conversations With Cybersecurity Leaders. Like speed dating, our goal is to capture the hearts of CISOs with intriguing, unique insight in a rapid format for security professionals pressed for time.
In this week’s episode of Speed Data, we sit down with Tim Callahan, SVP and Global CISO for Aflac, the world’s leading provider of voluntary insurance. Tim talked with host Megan Garza about his favorite aspects of cybersecurity, what challenges him the most, and why he’d be happy to have a farm… so long as someone else manages it.
How a CISO stays cool under stress
It’s no secret that CISOs deal with demanding duties. They’re in charge of protecting company information, PII, and confidential data, and securing their organization against cyber threats. But for Tim Callahan, SVP and Global CISO for Aflac, the high stakes of data security are typical territory.
“While I was in the Air Force, my actual job was bomb disposal — explosive ordinance disposal — but I always had additional duties, and one that I gravitated to was information security officer, computer security officer, etc.,” he said.
When Tim retired from the military, he began his career as a program manager for information security at a bank, which brought an entirely new set of challenges.
“The hardest thing is making sure you stay focused,” he said. “Because there are so many distractions, so many threats, and it’s important as a CISO to lead and encourage the team and keep everyone focused on the right things.”
There are shiny objects all over the place, and you don’t want to focus on those.
Tim Callahan, Chief Information Security Officer, Aflac
Engaging employees in information security
Tim is aware that his passion for information security is not universally shared. Rather than enforcing company policies through mundane methods, he relies on more entertaining tactics to teach team members about safeguarding the organization’s sensitive data.
“We have a strong security awareness program, and we try to make it fun,” he said. “We come up with games and things like that to teach the fundamentals of anti-phishing and how to protect information.”
Tim credits his team with his success in leading information security for the world’s leading provider of voluntary insurance.
“I love the people,” he said. “I work for a fantastic company where everyone is supportive, from the board down to individual employees.”
I love the privilege of being able to lead, what I consider, the finest team I’ve ever had.
Tim Callahan, Chief Information Security Officer, Aflac
Seeking cybersecurity talent
One way Tim has assembled such a talented team is by choosing people for culture rather than only competency.
“We’ve been able to recruit really good talent,” he said. “We have very low turnover, and one of the reasons is, we may hire someone that may not have as much experience but they have the right mindset.”
I really believe you hire someone for culture and fit and then train them the way you need.
Tim Callahan, Chief Information Security Officer, Aflac
“We also try to maintain a diverse workforce so that we are getting good ideas — ideas that I wouldn’t necessarily come up with,” he said.
I don’t need a bunch of Tims running around. I need people that think differently.
Tim Callahan, Chief Information Security Officer, Aflac
Transformations in data security
The cybersecurity landscape has changed dramatically since Tim first began working in IT.
“When I first came into security, it was a lot more about compliance and making sure we had a program that satisfied regulators,” he said. “The threat was not as prominent then.”
“There wasn’t a lot of AI, machine attacks, or bots,” he said. “The criminals at that time had to manually break in.”
There were the script kiddies — high-school kids just being kind of curious and ‘attacking’ or trying to hack into stuff — but it wasn’t that intense.
Tim Callahan, Chief Information Security Officer, Aflac
“Then through the years you start seeing the criminals getting more sophisticated and now there are so many more aspects, and it’s a lot more focused on keeping the attackers out of your environment.”
Investing in proactive threat detection
Tim said a multi-layered defense program is the most efficient way to protect your organization from a cyberattack. He oversees a department based in Northern Ireland that regularly pentests the company’s security posture.
“We attack ourselves a lot,” he quipped. “I have a team constantly looking for weaknesses within our environment so that we discover them before criminals do.”
Varonis’ Managed Data and Detection (MDDR) team offers organizations like Aflac proactive threat hunting, 24x7x365 coverage, and a global team of data security experts and incident responders.
Ready to see the No. 1 Data Security Platform in action? Request a demo today.
What should I do now?
Below are three ways you can continue your journey to reduce data risk at your company:
Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.
See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.
Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.
