This post is based on an interview with Thomas Quinn, CISO for T. Rowe Price. It is part of our series of interviews of OODA Network members. Our objective with these interviews is to provide actionable information of interest to the community, including insights that can help with your own career progression. We also really like highlighting some of the great people that make our continued research and reporting possible.  For the full series see: OODA Expert Network Bio Series.

Career Progression:   Tom’s what we call a “Top Gun” sailor.  I don’t mean he flew jets!  I mean he grew up in Maryland when the movie came out and fancied the lifestyle.  He went to Old Dominion University to study International Relations.  To keep his ROTC scholarship, he had to take calculus and physics.  Turns out he loved the technical work, and that would pay off later!

Like most newly commissioned officers, instead of being given a Navy Jet and a cool leather jacket, Tom was sent to a ship starting as the Main Machinery Division Officer.  He found himself in a 100-degree cramped engine room working on his PQS (personnel qualification standards).  PQS is the Navy’s way of training sailors with no prior experience to operate something really complicated.  They must prove they understand and can perform one skill, and then move onto the next one.  In the end they are surprised and delighted to discover they understand the entire system!  Tom realized from this experience that if you look at a problem step by step, you can learn ANYTHING!  He took this valuable lesson throughout his career.

As Ships Navigator, Tom understood the importance of data.  “I learned that there are many ways to get a piece of knowledge.  To identify exactly where the ship was located, I used the newest available technologies (at the time, radar and Loran C) and some ancient skills (Celestial Navigation and bearing taking).  Getting a variety of inputs and blending them together to obtain a trusted solution is a lesson that extrapolates through any discipline.  I learned how to look at the data sources and identify which source is best in different situations.”

Tom lucked into a plum assignment to Naval Post Graduate School (located in beautiful Monterey, California).  He studied a relatively new field:  Information Technology Management.  Using techniques he learned onboard ship, Tom pulled apart the complex information systems, learning them step by step, until he could understand them as a larger framework.  He calls this “going from a two-foot view to a 10,000-foot view”.  After Graduate School, Tom was able to put his new talents to work at the Fleet Numerical Meteorology Center, building out their networks across the globe.

Tom says “You have to know one area of technology extremely well in Information Security – like the network, the operating system, security, identity management, etc.  Once you can demonstrate a deep understanding of one area, you can take a broader view of what’s going on in the others.  You don’t need to know every bit of minutia in the other bodies of knowledge.”

Tom has been working with technology and cybersecurity in the Financial Services segment at increasing levels of responsibility since he left the Navy in 1996. He learned how to scale information systems across huge enterprises.  Employing his PQS-style approach to learning things, Tom developed a knack of identifying the value of a technology: is it a good one or a bad one for the task at hand? Each time he moved to a new job, he could use this skill to compare and contrast against previous experiences.  Tom learned to quickly identify challenges and opportunities and prioritize the things that needed fixing.   “A solid technical background and business experience is necessary to have the courage and commitment to make big changes.” Tom says.

Surprises:  Tom was surprised when he discovered that cybersecurity is a societal issue, not a technical issue.  “The challenge is understanding the untended implications of technology interacting with people and business.  Getting the right people in the right spot with the right tools and capability is essential here.” Tom says.

Technologies you are watching:  Tom is watching the advances gleaned from machine learning and artificial intelligence through the lens of Augmented Intelligence.  “Using data science to create insight is where we are spending a lot of time.  Tools and controls are necessary and still effective, but they don’t discover the things you don’t expect to find.  You need ML/AI for that – to produce a picture of what is normal and identify what isn’t.”  Tom says.

Technology threats you are interested in:  Tom considers the move to cloud services as helpful against cyber threats.  “Many vendors are leveraging their community of clients to obtain insights on a much wider scale.  Cloud cyber security products can create very interesting intelligence products at scale.” Tom says.

Advice for Decision Makers:  Tom has empathy for the business decision makers.  “To some” Tom says “technology and cyber are completely opaque – they look like magic.  Additionally, they may not have an experiential framework to consider the problem space.  Without that, it’s hard to solve their problems systematically.  All leaders need to take the time to improve their frame of reference on technology and cybersecurity.”

Views on Thought Leaders:  Tom follows Ron Gula.  His discussions on the Cyber Poverty Line were very insightful and helped identify the stark differences between the cyber haves and have-nots, and the important ramifications of each.

Quick Hits:

• Book Recommendation: Black Wave: Saudi Arabia, Iran, and the Forty-year Rivalry that unraveled culture, religion and collective memory in the Middle East, by Kim Ghattas   
• Favorite piece of content on OODAloop: Tom uses OODA content to keep up to date on different market segments.
• LinkedIn: https://www.linkedin.com/in/thomas-quinn-75a4a5/