How can organizations ensure that cybersecurity and data protection are included in strategic planning?  

Listen to Episode 68 on Apple Podcasts  

Guest: Nick Shevelyov, Chief Security Officer of Silicon Valley Bank and author of Cyber War…and Peace: Building Digital Trust Today with History as Our Guide 

Hosts: Dottie Schindlinger, Executive Director of the Diligent Institute, and Meghan Day, Senior Director of Board Member Experience for Diligent Corporation 

In this episode:  

  1. Developing a Passion for Cybersecurity: Shevelyov explains how he discovered his passion for cybersecurity and data privacy.   
  2. The Evolving Roles of Data Security Officers in the C-Suite: Shevelyov discusses how these roles are changing now and how they will change in the future.  
  3. Addressing Security from the Top: Shevelyov delves into how organizations can ensure that security is a matter of importance in the boardroom.
  4. Insights from Cyber War…And Peace: As a new author, Shevelyov gives us a sneak peek at his new book. 

Summary:  

On this episode of The Corporate Director Podcast, hear from Nick Shevelyov, the Chief Security Officer of Silicon Valley Bank and author of the new book, Cyber War…and Peace: Building Digital Trust Today with History as our Guide, discuss the importance of cyber security in today’s boardrooms discussions. Shevelyov also shares some insights on how companies can build and maintain an appropriate digital defense team while sharing the inspiration behind his new book. 

Developing a Passion for Cybersecurity

Shevelyov begins with his childhood background and how that informed his decision to go into data privacy and security: “I was born in the US with Russian descent. As a child, I moved back to the Soviet Union and lived there in a bugged apartment. We were thought of as spies, and my father was even taken for interrogation at one point. That experience made me think of security and how it could be infringed upon. I started my career 25 years ago focused on IT security as it was called in the nineties, which we now call cybersecurity.”  

Shevelyov continues: “I spent a number of years in cybersecurity consulting firms and government agencies. I spent a number of years at Deloitte working for enterprise risk work for the financial services and technology firms and then joined Silicon Valley Bank 14 years ago to start a security program. I’ve  been a long-time the CSO and recently stepped into the role of CISO. Now, I am wrapping up my 15-year career to explore other opportunities on boards, advisory groups and consulting.”   

“Having been an operator for 25 years, I love to get visibility on shareholders’ perspectives and how to oversee management to ensure that the right decisions are made.”

-Nick Shevelyov, Chief Security Officer of Silicon Valley Bank and author of Cyber War…and Peace: Building Digital Trust Today with History as Our Guide

The Evolving Roles of Data Security Officers in the C-Suite

In his career, Shevelyov has served as a Chief Security and Privacy Officer, Chief Information Officer, and is currently a Chief Security Officer of Silicon Valley Bank.  

Shevelyov discusses how these roles have evolved over time: “Company-attacked services has evolved, whether for firewalls and endpoints to all your social media channels, third-party business partners, and every aspect of your business. There is the need to integrate into the internet as we continue to build through accelerated digital transformations. There is also greater need today to build frontiers for greater contextual visibility by leveraging emerging technologies in artificial intelligence, sophisticated machine learning, and future deep learning that can mitigate risks.”   

He goes on, “Professionals with contextual awareness of other domains, for example a security professional learning about privacy nuances and the t-shape professionals that know technology business, need to be able to connect those risks. It’s important to develop those types of professionals who can also have a discussion with the board, translating technical acumen into business vernacular that makes sense to directors. Then, you can  have more formal conversations with management and your board of directors to make better decisions that will lead to better risk outcomes.”  

“How do we think of advanced defense and how do we leverage AI and machine learning to augment our staff? Do we have cyber threat intelligence? Are we using that cyber threat intelligence to our inform our defenders, or we fighting yesterday’s battle? Are we forearmed and forewarned for tomorrow’s battle?”

-Nick Shevelyov, Chief Security Officer of Silicon Valley Bank and author of Cyber War…and Peace: Building Digital Trust Today with History as Our Guide

Addressing Security from the Top

Shevelyov gives guidelines as to how security could be addressed from the top and how companies can build and maintain an appropriate digital defense team:  “The CEO and Executive leadership have to set the tone at the top that security matters and that the company takes it seriously. Having your CIO and your digital product leaders call out security as job number one makes a huge difference and gets traction and awareness.” He expands, “The CIO needs to work and communicate effectively, not just vertically, but also horizontally across the organization to win hearts and minds. This means rewarding those that go above and beyond, but also disciplining those who violate codes of conduct.” 

He also details the importance of having a global perspective: “We have to understand that privacy is viewed differently in various parts of the world. In the EU, it’s a human right. In the US, it is typically associated with our credit rating. Boards need to understand that if you are operating globally, you need a framework that represents the standard that you want to have but also have the right policy, team, and systems supporting that by region.”  

Shevelyov sheds more light on the board’s role: “Boards need to educate themselves on the risks facing organizations. The mindset should not be if you are attacked, but when. There are stage actors and criminal organizations that often work together. Criminal organizations have the advantage, because the cyber-attacker only has to be right once to succeed, whereas the defender always need to be right.” He discusses recent trends: “The innovation of cryptocurrencies has enabled the outcome of ransom attacks, where companies have to pay millions of dollars. This creates existential risks for organizations, making it imperative that security is job number one, and that boards need to educate themselves and empower their organizations appropriately for their risk profile.” 

“Boards need to enable teams to have the right budget and talent to defend themselves.”

-Nick Shevelyov, Chief Security Officer of Silicon Valley Bank and author of Cyber War…and Peace: Building Digital Trust Today with History as Our Guide

Insights from Cyber War…And Peace

As a new author, Shevelyov talks through what inspired him to write a book: “I went through an introspective exercise, and thought about some of the most memorable teaching moments in my life.  One of my most profound memories I have is a story my father told me about a spartan boy who caught a fox. I kept wondering why that story kept coming back to me, and why I remembered it very vividly and why it has influenced my life.”   

He continues, “So I started incorporating storytelling at my conferences into the topics that I am passionate about. That brought me to discussing technology through the lens of history and philosophy, and applying those lessons to digital transformation today. When the pandemic hit, I used the down time to put those stories into writing.”

Shevelyov ends, “Winston Churchill once said that we make a living of what we get, but we make a life by what we give. Hopefully, that is a win for all parties, and as we help get people trained, they could fill up the half a million cybersecurity job openings in the US and about 3 million jobs worldwide.”

“I’m donating the proceeds of the book to next-generation cyber-talent, educating underprivileged and underrepresented groups in cybersecurity to increase diversity in the space.”

-Nick Shevelyov, Chief Security Officer of Silicon Valley Bank and author of Cyber War…and Peace: Building Digital Trust Today with History as Our Guide 

Resources from this episode: