Speed Data: The Benefits of Simplicity With Mark Bruns

CISO Mark Burns shares cybersecurity knowledge amassed over 25 years, the pros and cons of gen AI, how to protect data, and why compromise is key.
Megan Garza
2 min read
Last updated March 29, 2024
Megan Garza and Mark Bruns

Welcome to Speed Data: Quick Conversations With Cybersecurity Leaders. Like speed dating, our goal is to capture the hearts of CISOs with intriguing, unique insight in a rapid format for security professionals pressed for time.

This week, we welcome Mark Bruns, Chief Information Security Officer for FirstBank. Mark shares the cybersecurity knowledge he has amassed over the past 25 years at Deloitte, Gulfstream Aerospace, and the United States Marine Corps. He gives his take on the pros and cons of gen AI, the best way to protect sensitive data, and why compromise is the key to success.

Simplicity is king.

Mark Bruns, the Chief Information Security Officer for FirstBank, follows the KISS rule (“Keep it Simple…”) daily.

One of the biggest things I've always believed in is to simplify.
Mark Bruns, Chief Information Security Officer for FirstBank

Mark’s responsibilities at the Tennessee-based bank include communicating the need for a strong security posture to fellow executives.

“We’ve made the topic way too complex. I have a rule that whenever I’m presenting to the board, I make the narrative count. Find a story that will engage them and give them a level of understanding for what you’re trying to do and what your vision is.”

As a board member himself for the Cyber Risk Institute, Mark knows what’s most important to executives — combating risk. Because his org is 100% SaaS, data is spread out across third-party providers, making it harder for threat actors to cause a detrimental breach.

“The good thing is our data is everywhere, so that’s harder. The bad thing is our data is everywhere,” Mark said. “So I have more opportunities to have an issue, but they’re probably individually smaller.”

He laughed, adding, “Third-party risk keeps me up at night, and because of that, they made it report to me.”

Securing sensitive data

To remediate these risks, Mark and his team have set strict rules banning any cloud storage. “You cannot get to Dropbox or Google Drive; none of that’s allowed,” he said. “We block it all.”

Additionally, Mark relies on the leading automated security platform to keep his org secure.

We own a lot of Varonis; we use it extensively to track where our data is.
Mark Bruns, Chief Information Security Officer for FirstBank

“The ability to run scans over data inside of Exchange will be massive for us," Mark said. "Way too many people today use Exchange and email as a document repository.”

As more and more businesses begin using generative AI, Mark cautions against haphazardly using the technology without safeguards in place.

“It is fascinating the things you can do with AI, but how do you use it and keep your corporate data within your own realm? That’s the fun part,” he said.

Cybersecurity is a conversation.

Balancing the benefits of artificial intelligence and weighing the pros and cons of AI comes naturally to Mark, who admits in another life, may have been known as Mark Bruns, Esquire.

“I would have loved to have been a lawyer,” he said. “My daughter’s in law school, and we get into some fun conversations. She’s like, ‘You actually get this stuff!’ and I say, ‘Do you understand what I do for a living? I spend my whole day with lawyers!’”

“I’m looking forward to some of the stuff she will get into. I think it’s fascinating.”

That desire to argue both sides of a topic and come to a mutually acceptable agreement is one reason why Mark has a mind for legal. However, it’s in cybersecurity that he practices the principle of compromise.

Everything we do is a risk conversation.
Mark Bruns, Chief Information Security Officer for FirstBank

“So when do you know when and to what level to compromise? Because you’re going to have to at some point," Mark said. "But most of the time, it’s more of a true risk conversation with compromise and discussion on both sides.”

“The ability to have those conversations and have them be constructive is incredibly important, and it’s a big part of what this job is.”

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

aws-misconfigurations-lead-to-exposed-data
AWS Misconfigurations Lead to Exposed Data
Discover how a recent data extortion campaign exposed sensitive files in thousands of AWS environments and what you can do to prevent it from happening to you.
sisense-data-breach:-what-you-need-to-know
Sisense Data Breach: What You Need to Know
The U.S. Cybersecurity and Infrastructure Agency (CISA) issued an alert this week warning Sisense customers of a data breach. Here's what you need to know.
varonis-adds-secrets-discovery-for-on-prem-and-cloud-data-stores
Varonis Adds Secrets Discovery for On-Prem and Cloud Data Stores
Varonis can help you scan your environments for rogue secrets exposed in files and code stored on-prem and in the cloud.
salesforce-misconfiguration-causes-sensitive-data-leaks
Salesforce Misconfiguration Causes Sensitive Data Leaks
Brian Krebs recently reported that an alarming number of organizations—including banks and healthcare providers—are leaking sensitive information due to a misconfiguration in Salesforce Communities.