Varonis announces strategic partnership with Microsoft to accelerate the secure adoption of Copilot.

Learn more

Speed Data: The Benefits of Simplicity With Mark Bruns

CISO Mark Burns shares cybersecurity knowledge amassed over 25 years, the pros and cons of gen AI, how to protect data, and why compromise is key.
Megan Garza
2 min read
Last updated March 29, 2024
Megan Garza and Mark Bruns

Welcome to Speed Data: Quick Conversations With Cybersecurity Leaders. Like speed dating, our goal is to capture the hearts of CISOs with intriguing, unique insight in a rapid format for security professionals pressed for time.

This week, we welcome Mark Bruns, Chief Information Security Officer for FirstBank. Mark shares the cybersecurity knowledge he has amassed over the past 25 years at Deloitte, Gulfstream Aerospace, and the United States Marine Corps. He gives his take on the pros and cons of gen AI, the best way to protect sensitive data, and why compromise is the key to success.

Simplicity is king.

Mark Bruns, the Chief Information Security Officer for FirstBank, follows the KISS rule (“Keep it Simple…”) daily.

One of the biggest things I've always believed in is to simplify.
Mark Bruns, Chief Information Security Officer for FirstBank

Mark’s responsibilities at the Tennessee-based bank include communicating the need for a strong security posture to fellow executives.

“We’ve made the topic way too complex. I have a rule that whenever I’m presenting to the board, I make the narrative count. Find a story that will engage them and give them a level of understanding for what you’re trying to do and what your vision is.”

As a board member himself for the Cyber Risk Institute, Mark knows what’s most important to executives — combating risk. Because his org is 100% SaaS, data is spread out across third-party providers, making it harder for threat actors to cause a detrimental breach.

“The good thing is our data is everywhere, so that’s harder. The bad thing is our data is everywhere,” Mark said. “So I have more opportunities to have an issue, but they’re probably individually smaller.”

He laughed, adding, “Third-party risk keeps me up at night, and because of that, they made it report to me.”

Securing sensitive data

To remediate these risks, Mark and his team have set strict rules banning any cloud storage. “You cannot get to Dropbox or Google Drive; none of that’s allowed,” he said. “We block it all.”

Additionally, Mark relies on the leading automated security platform to keep his org secure.

We own a lot of Varonis; we use it extensively to track where our data is.
Mark Bruns, Chief Information Security Officer for FirstBank

“The ability to run scans over data inside of Exchange will be massive for us," Mark said. "Way too many people today use Exchange and email as a document repository.”

As more and more businesses begin using generative AI, Mark cautions against haphazardly using the technology without safeguards in place.

“It is fascinating the things you can do with AI, but how do you use it and keep your corporate data within your own realm? That’s the fun part,” he said.

Cybersecurity is a conversation.

Balancing the benefits of artificial intelligence and weighing the pros and cons of AI comes naturally to Mark, who admits in another life, may have been known as Mark Bruns, Esquire.

“I would have loved to have been a lawyer,” he said. “My daughter’s in law school, and we get into some fun conversations. She’s like, ‘You actually get this stuff!’ and I say, ‘Do you understand what I do for a living? I spend my whole day with lawyers!’”

“I’m looking forward to some of the stuff she will get into. I think it’s fascinating.”

That desire to argue both sides of a topic and come to a mutually acceptable agreement is one reason why Mark has a mind for legal. However, it’s in cybersecurity that he practices the principle of compromise.

Everything we do is a risk conversation.
Mark Bruns, Chief Information Security Officer for FirstBank

“So when do you know when and to what level to compromise? Because you’re going to have to at some point," Mark said. "But most of the time, it’s more of a true risk conversation with compromise and discussion on both sides.”

“The ability to have those conversations and have them be constructive is incredibly important, and it’s a big part of what this job is.”

What you should do now

Below are three ways we can help you begin your journey to reducing data risk at your company:

  1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
  2. Download our free report and learn the risks associated with SaaS data exposure.
  3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

How to Create S3 Buckets in AWS with CloudFormation: Step-by-Step Guide
Use AWS CloudFormation to create resources such as S3 buckets. Infrastructure as code enables a repeatable, reliable deployment process. Learn more here.
A Step-By-Step Guide to California Consumer Privacy Act (CCPA) Compliance
CCPA Compliance: Everything you need to know about protecting user data under the California Consumer Privacy Act.
SecurityRWD - Introduction to AWS Services
Kilian Englert and Ryan O'Boyle from the Varonis Cloud Architecture team kick off a new series diving into the various services found under the AWS umbrella. In this video, they introduce and provide an overview of some of the core services including IAM, S3, and EC2.
Varonis Adds Secrets Discovery for On-Prem and Cloud Data Stores
Varonis can help you scan your environments for rogue secrets exposed in files and code stored on-prem and in the cloud.