Welcome to Speed Data: Quick Conversations With Cybersecurity Leaders. Like speed dating, our goal is to capture the hearts of CISOs with intriguing, unique insight in a rapid format for security professionals pressed for time.
This week, Corey Reed joined the show. The Senior Manager of Information Security for HD Supply, a leading national distributor of maintenance, repair, and operations products, talked with host Megan Garza about security budget restrictions, fine art, and what governance, risk, and compliance have to do with interior design.
Embracing GRC as a strategic advantage
Governance, risk, and compliance (GRC) are often an organization’s unstrung heroes, silently safeguarding its structure and ensuring smooth operations while going largely unnoticed, said Corey Reed, the Senior Manager of Information Security for HD Supply.
Governance, risk, and compliance are kind of like drapes of a home. Nobody really cares about them until you realize that without drapes, your house will overheat from the sunlight coming in. It’s the same with GRC — people don't think about it until an audit is on the line.
Corey Reed, Senior Manager of Information Security, HD Supply
“GRC touches everything,” he said. “There's not one area of the business that does not require some oversight, some compliance regulation, or the ability to analyze risk to make sure that the decisions made are made appropriately.”
Corey said cognitive GRC, which uses AI to collect and examine evidence, can play a significant role in a company's operations — without breaking the bank.
“With cognitive GRC, you can create agents that allow you to grow without having to add additional headcounts.”
Security as a savvy investment
In many organizations, budget constraints limit the company's security measures and team.
“Most times, security is a cost center. We do our best to be a revenue-generating or at least a revenue-saving center, but at the same time, we do cost a fair amount,” Corey said. “So, we want to protect the most critical systems necessary for the business operations.”
No organizations I know of have a blanket budget, so you have to be able to tailor in and understand the most important systems to run business operations and then define your controls specifically around those.
Corey Reed, Senior Manager of Information Security, HD Supply
The importance of the CIA triad
In addition to GRC, Corey is a fan of another cybersecurity acronym: the CIA triad — confidentiality, integrity, and availability.
“Confidentiality, integrity, and availability are the foundation of all security principles,” Corey said.
When you're talking about confidentiality, everything focuses on data. Data is so valuable; you definitely want to keep your hands around it.
Corey Reed, Senior Manager of Information Security, HD Supply
Corey said integrity is also essential. Data must be protected from alterations. Information in financial systems, for example, must be secured to prevent unauthorized changes that affect its accuracy.
“Changing somebody's account from a million dollars to $1 wouldn’t be great for the individual who lost all the money,” Corey said.
Lastly, ensuring data is accessible only to authorized individuals is crucial.
How many times have you gotten a letter from a company that read, ‘We've accidentally exposed your data. Here's one year free of data protection.’?
Corey Reed, Senior Manager of Information Security, HD Supply
“That doesn't give you any solace,” Corey said. “You want to make sure that you're doing right by the people who entrusted you with their data.”
The art of data security
Securing data demands meticulous attention to detail to preserve its integrity and value, similar to an artist protecting their masterpiece. Corey, a lifelong art lover with a passion for the craft, understands this well.
“Though I don’t have the skill set to be an artist, I love being in the space,” he said. “One of the reasons I’m doing my talk here is because I love art.” He motioned around to the paintings and exhibits displayed at Black Art In America, where he filmed Speed Data.
“I do a lot of collecting and talking with emerging talent,” he said. In another world, Corey would have enjoyed pursuing art as a career. “I don’t know if it would pay the bills, but it would be fun!”
What should I do now?
Below are three ways you can continue your journey to reduce data risk at your company:
Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.
See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.
Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.
