Speed Data: Pentesting and Proactive Threat Hunting With Tim Callahan

Aflac CISO Tim Callahan shares his favorite aspects of cybersecurity and what challenges him the most.
Megan Garza
3 min read
Last updated August 26, 2024
Megan Garza and Tim Callahan

Welcome to Speed Data: Quick Conversations With Cybersecurity Leaders. Like speed dating, our goal is to capture the hearts of CISOs with intriguing, unique insight in a rapid format for security professionals pressed for time.

In this week’s episode of Speed Data, we sit down with Tim Callahan, SVP and Global CISO for Aflac, the world’s leading provider of voluntary insurance. Tim talked with host Megan Garza about his favorite aspects of cybersecurity, what challenges him the most, and why he’d be happy to have a farm… so long as someone else manages it.

 

How a CISO stays cool under stress

It’s no secret that CISOs deal with demanding duties. They’re in charge of protecting company information, PII, and confidential data, and securing their organization against cyber threats. But for Tim Callahan, SVP and Global CISO for Aflac, the high stakes of data security are typical territory.

“While I was in the Air Force, my actual job was bomb disposal — explosive ordinance disposal — but I always had additional duties, and one that I gravitated to was information security officer, computer security officer, etc.,” he said.

When Tim retired from the military, he began his career as a program manager for information security at a bank, which brought an entirely new set of challenges.

“The hardest thing is making sure you stay focused,” he said. “Because there are so many distractions, so many threats, and it’s important as a CISO to lead and encourage the team and keep everyone focused on the right things.”

There are shiny objects all over the place, and you don’t want to focus on those.

Tim Callahan, Chief Information Security Officer, Aflac

 

Engaging employees in information security

Tim is aware that his passion for information security is not universally shared. Rather than enforcing company policies through mundane methods, he relies on more entertaining tactics to teach team members about safeguarding the organization’s sensitive data.

“We have a strong security awareness program, and we try to make it fun,” he said. “We come up with games and things like that to teach the fundamentals of anti-phishing and how to protect information.”

Tim credits his team with his success in leading information security for the world’s leading provider of voluntary insurance.

“I love the people,” he said. “I work for a fantastic company where everyone is supportive, from the board down to individual employees.”

I love the privilege of being able to lead, what I consider, the finest team I’ve ever had.

Tim Callahan, Chief Information Security Officer, Aflac

 

Seeking cybersecurity talent

One way Tim has assembled such a talented team is by choosing people for culture rather than only competency.

“We’ve been able to recruit really good talent,” he said. “We have very low turnover, and one of the reasons is, we may hire someone that may not have as much experience but they have the right mindset.”

I really believe you hire someone for culture and fit and then train them the way you need.

Tim Callahan, Chief Information Security Officer, Aflac

 

“We also try to maintain a diverse workforce so that we are getting good ideas — ideas that I wouldn’t necessarily come up with,” he said.

I don’t need a bunch of Tims running around. I need people that think differently.

Tim Callahan, Chief Information Security Officer, Aflac

Transformations in data security

The cybersecurity landscape has changed dramatically since Tim first began working in IT.

“When I first came into security, it was a lot more about compliance and making sure we had a program that satisfied regulators,” he said. “The threat was not as prominent then.”

“There wasn’t a lot of AI, machine attacks, or bots,” he said. “The criminals at that time had to manually break in.”

There were the script kiddies — high-school kids just being kind of curious and ‘attacking’ or trying to hack into stuff — but it wasn’t that intense.

Tim Callahan, Chief Information Security Officer, Aflac

 

“Then through the years you start seeing the criminals getting more sophisticated and now there are so many more aspects, and it’s a lot more focused on keeping the attackers out of your environment.”

Investing in proactive threat detection

Tim said a multi-layered defense program is the most efficient way to protect your organization from a cyberattack. He oversees a department based in Northern Ireland that regularly pentests the company’s security posture.

“We attack ourselves a lot,” he quipped. “I have a team constantly looking for weaknesses within our environment so that we discover them before criminals do.”

Varonis’ Managed Data and Detection (MDDR) team offers organizations like Aflac proactive threat hunting, 24x7x365 coverage, and a global team of data security experts and incident responders. 

Ready to see the No. 1 Data Security Platform in action? Request a demo today.

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

speed-data:-the-benefits-of-simplicity-with-mark-bruns
Speed Data: The Benefits of Simplicity With Mark Bruns
CISO Mark Burns shares cybersecurity knowledge amassed over 25 years, the pros and cons of gen AI, how to protect data, and why compromise is key.
palo-alto-networks-pan-os-zero-day-active-exploit:-what-you-need-to-know
Palo Alto Networks PAN-OS Zero-Day Active Exploit: What You Need to Know
Palo Alto Networks issued a warning on April 12, 2024, that a critical, unpatched vulnerability in their PAN-OS firewall is being actively exploited.
what-is-terraform:-everything-you-need-to-know
What is Terraform: Everything You Need to Know
Terraform is an infrastructure-as-code (IaC) solution that helps DevOps teams manage multi-cloud deployments. Learn about what is Terraform, the benefits of IaC, and how to get started.
varonis-adds-secrets-discovery-for-on-prem-and-cloud-data-stores
Varonis Adds Secrets Discovery for On-Prem and Cloud Data Stores
Varonis can help you scan your environments for rogue secrets exposed in files and code stored on-prem and in the cloud.