In this episode, Malcolm Harkins speaks with Norm Fjeldheim, former CIO for Qualcomm and more recently he was the CIO for Illumina.   Malcolm & Norm talk about a wide range of items including recalling their first time meeting on an advisory board back years ago.  We discuss what it was like working for market competitors (Intel and Qualcomm) and how we worked together on cyber security – sharing information to help protect each other as well as help protect other organizations.  Information sharing in the cyber security space has improved a lot over the years but still poses challenges for some who are constrained by either their own worry about sharing information or  other organizational restrictions.  We both believe our organizations were better off by taking the risk to partner together on cyber security.  We discuss how Norm approached information security as a CIO and how the CISO was integral to the organizations he has led.  We talk about accountability and the lack of it at times including in many well publicized breaches such as SolarWinds, Sony, and Equifax,  We discuss that in some cases there is clear negligence on the part of the CIO, CISO, or other exec’s in an organization.    We discuss our perspectives on public policy items including the need for some sort of cyber security integrity regulation that instills more direct accountability on public companies.  We explore how sometimes the compliance and audit perspectives on risk don’t always align well to a rationale perspective on risk.  Norm shares his perspective on needing a constant culture of change to re-evaluate your security technology – upgrading and moving to new tech routinely to stay on top of risk issues.  

Guest: Norm Fjeldheim Norm Fjeldheim | LinkedIn
Host: Malcolm Harkins

All content © 2021 Security Speaks.