CSO Spotlight: Eddie Garcia, Cloudera

Eddie Garcia is the chief information security officer (CISO) at Cloudera. Previously he was vice president of infosec and engineering at Gazzang and chief architect of zNcrypt encryption products. He is the author of four data security patents and a book on data security. At Cloudera, Eddie formerly served as the chief security architect working in the office of the CTO to advance enterprise security in the Cloudera platform and help customers meet regulatory data compliance policies with high performance and easy to maintain solutions. Here, he shares his career path and offers advice for aspiring security leaders.

What was your first job? I started off as a software engineer, writing code, and that evolved into security software.

How did you get involved in cybersecurity? I helped build a startup that focused on the protection and encryption of big data, and that company was acquired by Cloudera. Once at Cloudera, I went from protecting consumer data to protecting the data and infrastructure of Cloudera and its customers.

Tell us about your career path. I did a few potential startups, mostly night and weekend things, and it took a few before building out one that ultimately was acquired by Cloudera. Still, there’s that entrepreneurial part of me and it’s led me to many different opportunities. The highlight of all this work has been the acquisition by Cloudera. Four years ago when I joined, Cloudera was a pretty small company and it’s been a blast building up the company to the IPO last April.

Was there anyone who has inspired or mentored you in your career? My earliest mentors continue to mentor me to this day. It’s also not a coincidence that the best mentors I’ve had had their own mentors. Amr Awadallah, Cloudera’s CTO, has been a wonderful mentor. He really helped me grow after Cloudera acquired my company — he’s just a phenomenal person.

What do you feel is the most important aspect of your job? Reducing risk for our customers and Cloudera by securing data. That can come in many forms — from ISO to GDPR to detecting threats and vulnerabilities. More recently there’s been a large focus on using machine learning to address cybersecurity threats and eliminate them.

What metrics or KPIs do you use to measure security effectiveness? We set goals and then measure our progress in attaining those goals; we run various projects and programs to measure security effectiveness.

Is the security skills shortage affecting your organization? What roles or skills are you finding the most difficult to fill? We at Cloudera have not been impacted by the security skills shortage. Organizations in general need to be aware they’ll have to train a candidate on specific skills, for example, finding a resource that can configure a firewall and write code and be able to recite the ISO 27001 security controls will be hard, you are better off training on a missing skill. Data science is a difficult area to find people, particularly with machine learning expertise for cybersecurity. There’s a bigger shortage, in my view, in data science than in cybersecurity right now.

Cybersecurity is constantly changing – how do you keep learning? It can seem daunting to keep up with everything, all the new cybersecurity software and the internet of threats, but it really comes down to dedicating time to keep up with what’s going on in the world of security. Set aside a few hours a week.

What is the best current trend in cybersecurity? The worst? The best: machine learning, anomaly detection and predictive analytics. These all will have a great, positive impact on the community. The worst: blockchain and cryptocurrency. They’re overhyped and setting unrealistic expectations they can solve the world’s biggest challenges.

What’s the best career advice you ever received? Don’t be afraid to take risks. Risks are how we learn and grow.

What advice would you give to aspiring security leaders? Security comes in many different flavors, so pick one that you’re passionate about. Don’t look at salary ranges or titles; those will fall into place on their own.

What has been your greatest career achievement? To see my contributions help organizations securely process data for good, helping to advance neonatal care, combat sex trafficking and develop new precision medicine. That’s the most satisfying part of my job, contributing my little part to making these possible.

Looking back with 20:20 hindsight, what would you have done differently? If I were to sum it up, I’d say starting to take risks sooner. Earlier in my career I stuck with what was comfortable and was too risk averse. It wasn’t until I started taking risks that I got the rewards.

This interview is part of CSO’s regular Spotlight series, which focuses on the career paths of security leaders. If you know someone (or are someone) with a story worth telling, please contact kate_hoy@idg.com.