This post is based on an interview with Mike Steinmetz, Director and General Partner of College Hill Ventures. It is part of our series of interviews of OODA Network members. Our objective with these interviews is to provide actionable information of interest to the community, including insights that can help with your own career progression. We also really like highlighting some of the great people that make our continued research and reporting possible.  For the full series see: OODA Expert Network Bio Series.

Career Progression:   Mike came from an Air Force family and always dreamed of flying jets.  He was also an accomplished flutist.  (Yup, that’s right.  He played the flute!)  His Air Force Veteran father recommended that he attend a Service Academy (the surest path to Flight School).  But he chose the Peabody Institute of Johns Hopkins University – one of our nation’s finest music conservatories.  By the time he graduated, he was a very accomplished musician, performing and teaching professionally.

Upon graduation, his Maestro approved when Mike explained he was joining the Navy – presuming a position with the Navy Band.  But nope!  He wanted to fly jets off of Aircraft Carriers!  He didn’t actually pass the ASVAB, however.  It seems all those music classes did nothing for his math and engineering skills.  But Mike was not one to be easily discouraged.  He took some quick classes on physics and math and passed the ASVAB on his second try.

Selected as an alternate for Navy Flight school, Mike managed to squeak into a slot at the last minute but fractured his ankle the first week there.  Still undeterred, Mike survived the Marine Corps drill instructors and his extended medical holds and graduated from Flight School in 1980.  He went on to fly A6 Intruders for the Navy.   While he has many stories about his time in the Navy, one of the most interesting events occurred on January 17^th, 1991.   The laymen’s version is retold here, but ask him sometime over a beer to tell you “the rest of the story”.

After his operational tours were over, Mike took command of Recruiting District Jacksonville – a fun Shore Duty Command, but one that was NOT expected to generate a promotion to O-6.  Mike pulled some strings to interview with ADM Fox Fallon, then Second Fleet, and moved into the highly coveted position of Flag Secretary.  He held that job for 23 months (about 5 months longer than any sane person would do it!).  He was promoted to Navy Captain and rewarded with a tour at the Industrial College of the Armed Forces (ICAF), picking up a master’s degree in the newly established Information Strategies Concentration Program.

Mike found himself at the nascent beginning of Information Warfare Operations.  He was given one of the first “J-39” (Information Operations) positions at U. S. Space Command.  He developed the skill of translating difficult issues related to cyber operations for “four-star consumption”.    One of the questions he was asked to consider was “How can we get DoD and NSA working together on Cyber”?  He was given a one-page wiring diagram and sent to NSA to stand up the Network Attack Support Staff (NASS).  At the time, this type of Joint Cooperation sounded fantastical.  But there was tremendous high-level support for it, and NASS became a reality and the precursor to the core element of today’s U. S. Cyber Command.

When Mike retired from the Navy, he joined Northrop Grumman.   In addition to working various cyber Business Development efforts, he helped create their International Strategy.  He was convinced they needed a Five Eyes Strategy.  He’s very proud of the work they did on the five-year engagement plan to win the huge Government Communications Headquarters (GCHQ) contract for his company. As a part of that strategy, Mike also led the merger and acquisition of an Australian cyber company, moving to Australia to work onsite.

Ten years in one job meant Mike was ready for a change!  He took on the role of Global Strategy, Governance Risk & Compliance for National Grid, an international energy utility.  Late in his National Grid career Mike was the (acting) US CISO for a time. He then moved back to the public sector serving as the Rhode Island Governor’s principal policy advisor on cybersecurity, and as her homeland security advisor, doing risk assessments and creating the first cyber security strategy to ensure this critical infrastructure could withstand cyber-attacks.    Mike is a firm believer that the CISO role should communicate the security needs of the organization to the board in a meaningful way that explains the risks and the return on investments. “The CISO must understand the lens with which the Board sees risk!  Many CISO’s are focused down-and-in, when they should be delegating those efforts to their qualified operations managers and architecture teams.  The CISO’s job is to translate the needs to the CFO and the CEO.” Mike says.

Today, in addition to serving on the board at Boston College, as well as teaching there and speaking at Brown University, Mike divides his time between his consulting work (Digital Executive, Ltd.) and College Hill Ventures.

Surprises:  Mike honestly never thought that all the cyber government entities could come together in one command (U. S. Cyber Command).  Mike says, “It took amazing coordination at very high levels to make that happen!”

Technologies:  Mike is impressed with everything 5G and improvements to the security of the public cloud.  “I never expected there to be so many secure offerings.  I thought Public Cloud meant your data was going to be exposed.  Today, that’s not true anymore!” Mike says.

Advice for Decision Makers: Mike wants to caution those career security professionals in the Private Sector: “If you have spent your career in cyber, you must acclimate to understanding how the CFO & CEO view risks to the company.  It all boils down to that.  You do that or you fail.  The heartbeat of any business is the CFO and CEO, combined.  If you stand on your security box and shout, you will end up alone, and unemployed.”

For the Public sector, Mike advises “You must understand that the only true and enduring legacy to enhanced cyber security is through prudent legislation and actionable regulation that results in beneficial outcomes to all concerned. You must understand the equities of balancing confidentiality and transparency – because both are obligations to the citizens.  If you can’t do this, you aren’t doing your job.”

 Views on Thought Leaders:  Mike was inspired by Admiral Bill Studeman.  “He’s still a visionary to follow!” Mike says.

Quick Hits:

Book Recommendation:

• Mike will have two chapters in an upcoming book which will come out later this year. Oxford University Handbook on Cyber Security, edited by Dr. Paul Cornish.  Stand by for updates when that’s available!!
• How to Measure Anything in Cybersecurity Risk. By Douglas Hubbard and Richard Seiersen
• Quantum Computing: An Applied Approach, by Jack Hidary.
• Behave: The Biology of Humans at our Best and Worst, Robert M. Sapolsky.
• Favorite piece of content on OODAloop: Mike especially enjoyed the series of articles of how CISO’s should talk to the Executives.  
• LinkedIn: https://www.linkedin.com/in/mike-steinmetz-9843831/