In this interview, Steve Petrillo, an experienced Chief Information Security Officer (CISO) at ClinIntell, shares his insights into the world of cybersecurity. From his background to daily responsibilities and strategies for success, Steve provides valuable insights for aspiring professionals and seasoned experts alike.
Can we begin by exploring your background?
I've been passionate about computers and electronics since I was young. My journey into cybersecurity started with a Commodore 64 and dabbling in a bit of hacking. Despite the questionable legality of my early endeavors, it sparked my interest in cybersecurity, leading me to explore the field further. My professional career began when I joined a pharmaceutical software company, where I was involved in ensuring reliable operations through sound and secure infrastructure. This was the start that paved the way for my current position as CISO at ClinIntell.
What does a typical day look like for you as a CISO?
As CISO at ClinIntell, no two days are the same. The dynamic nature of our small company calls for flexibility and adaptability. One day might involve focusing on a compliance project, while the next might require assisting clients with SSO integration into our platform or addressing emerging cyber threats. It's a role that demands constant vigilance and quick decision-making to safeguard our organization's assets while providing our clients with the high level of security they expect and deserve.
One of the primary responsibilities of my role is to stay up to date on cyber threats. Analyzing logs and monitoring for suspicious activity is also a daily routine. Our goal is to stay one step ahead of threat actors by plugging any security gaps and fortifying our defenses.
What initially attracted you to the field of cybersecurity?
Initially, my interest in cybersecurity stemmed from curiosity. Over time, I found fulfillment in the ability to safeguard organizations from breaches and minimize incidents. Many in the industry adopt a mindset of inevitability regarding breaches, but I prefer to approach it optimistically, emphasizing the importance of a robust defense. Each day without a breach enhances the satisfaction derived from the job. While acknowledging the ever-present risk of breaches, I've been fortunate to successfully avert major incidents in my career thus far.
Can you share a recent project you worked on and the role you played?
At ClinIntell, I've been involved in various security projects aimed at enhancing our resilience and compliance. From spearheading initiatives to achieve SOC 2 compliance to implementing an SIEM for better log aggregation and analysis, we are committed to strengthening our security posture. Collaboration with the team is crucial in executing these projects effectively and efficiently.
What do you value most about working at ClinIntell?
What truly sets ClinIntell apart is our company culture and collaborative environment. The strong camaraderie among colleagues fosters creativity, productivity, and a sense of belonging. The weekly catered “Lunch and Learns” we have is an example of the great collaboration here. “Breaking bread” with the team weekly to collaborate on product enhancements or other aspects of the business allows everyone the opportunity to provide input and add value. I always seek the opportunity to work alongside extremely passionate and talented individuals, and at ClinIntell I have found just that.
What advice would you give to someone trying to get into this role?
To aspiring cybersecurity professionals, I offer this advice: never stop learning. Embrace opportunities to experiment, tinker with technologies, and understand the intricacies of cybersecurity. Seek diverse experiences and don't shy away from challenges. Don't just focus on one operating system or one type of equipment. Try to make sure that you hit on all different types.
To stay updated, I rely on Hacker News for insights into the latest attacks, and platforms like Reddit, Telegram, and Discord for diverse cybersecurity discussions, CISA.gov is a great reference which also provides a robust listing of free tools and resources.