Name: Eddie GarciaCompany: \u00a0ClouderaJob title: Chief Information Security OfficerTime in current role: 1 year\u00a0Location: Austin, TexasEddie Garcia is the chief information security officer (CISO) at Cloudera. Previously he was vice president of infosec and engineering at Gazzang and chief architect of zNcrypt encryption products. He is the author of four data security patents and a book on data security. At Cloudera, Eddie formerly served as the chief security architect working in the office of the CTO to advance enterprise security in the Cloudera platform and help customers meet regulatory data compliance policies with high performance and easy to maintain solutions.\u00a0Here, he shares his career path and offers advice for aspiring security leaders.What was your first job? I started off as a software engineer, writing code, and that evolved into security software.How did you get involved in cybersecurity? I helped build a startup that focused on the protection and encryption of big data, and that company was acquired by Cloudera. Once at Cloudera, I went from protecting consumer data to protecting the data and infrastructure of Cloudera and its customers.Tell us about your career path. I did a few potential startups, mostly night and weekend things, and it took a few before building out one that ultimately was acquired by Cloudera. Still, there\u2019s that entrepreneurial part of me and it\u2019s led me to many different opportunities. The highlight of all this work has been the acquisition by Cloudera. Four years ago when I joined, Cloudera was a pretty small company and it\u2019s been a blast building up the company to the IPO last April.Was there anyone who has inspired or mentored you in your career? My earliest mentors continue to mentor me to this day. It\u2019s also not a coincidence that the best mentors I\u2019ve had had their own mentors. Amr Awadallah, Cloudera\u2019s CTO, has been a wonderful mentor. He really helped me grow after Cloudera acquired my company -- he\u2019s just a phenomenal person.What do you feel is the most important aspect of your job? Reducing risk for our customers and Cloudera by securing data. That can come in many forms -- from ISO to GDPR to detecting threats and vulnerabilities. More recently there\u2019s been a large focus on using machine learning to address cybersecurity threats and eliminate them.What metrics or KPIs do you use to measure security effectiveness? We set goals and then measure our progress in attaining those goals; we run various projects and programs to measure security effectiveness.Is the security skills shortage affecting your organization? What roles or skills are you finding the most difficult to fill? We at Cloudera have not been impacted by the security skills shortage. Organizations in general need to be aware they\u2019ll have to train a candidate on specific skills, for example, finding a resource that can configure a firewall and write code and be able to recite the ISO 27001 security controls will be hard, you are better off training on a missing skill. Data science is a difficult area to find people, particularly with machine learning expertise for cybersecurity. There\u2019s a bigger shortage, in my view, in data science than in cybersecurity right now.Cybersecurity is constantly changing \u2013 how do you keep learning? It can seem daunting to keep up with everything, all the new cybersecurity software and the internet of threats, but it really comes down to dedicating time to keep up with what\u2019s going on in the world of security. Set aside a few hours a week.What is the best current trend in cybersecurity? The worst? The best: machine learning, anomaly detection and predictive analytics. These all will have a great, positive impact on the community. The worst: blockchain and cryptocurrency. They\u2019re overhyped and setting unrealistic expectations they can solve the world\u2019s biggest challenges.What's the best career advice you ever received? Don\u2019t be afraid to take risks. Risks are how we learn and grow.What advice would you give to aspiring security leaders? Security comes in many different flavors, so pick one that you\u2019re passionate about. Don\u2019t look at salary ranges or titles; those will fall into place on their own.What has been your greatest career achievement? To see my contributions help organizations securely process data for good, helping to advance neonatal care, combat sex trafficking and develop new precision medicine. That\u2019s the most satisfying part of my job, contributing my little part to making these possible.Looking back with 20:20 hindsight, what would you have done differently? If I were to sum it up, I\u2019d say starting to take risks sooner. Earlier in my career I stuck with what was comfortable and was too risk averse. It wasn\u2019t until I started taking risks that I got the rewards.BEYOND THE BASICSEducation: I have a B.S. in computer science from Tecnol\u00f3gico de Monterrey. I\u2019m also a certified CISO and hold four security-related patents.Must-attend conferences: It\u2019s interesting because my must-attend conferences have changed over time. It used to be RSA and Black Hat but now I look for more specific events such as CISO or privacy summits -- ones that are more specific to a particular topic, I get the most value from the smaller events.What is your favorite quote? \u201cIn a gentle way, you can shake the world.\u201d --Mahatma Gandhi.What are you reading now? 99 GDPR articles.Most people don't know that I \u2026 ride motorcycles. I have a Moto Guzzi and a Harley that I love.Ask me to do anything but \u2026 fix someone else\u2019s source code.In my spare time, I like to \u2026 That\u2019s an easy one -- spend time with my family, as much as possible.This interview is part of CSO\u2019s regular Spotlight series, which focuses on the career paths of security leaders. If you know someone (or are someone) with a story worth telling, please contact email@example.com.