Gett CISO puts cyber resilience in the forefront at transport management aggregator

CISO Runli Guo is leading ground transportation management platform Gett on a journey of cyber resilience and enhanced cybersecurity prioritisation amid rapid business growth. Used by one-quarter of Fortune 500 companies, Gett’s cloud-based software aggregates 2,000 corporate fleet, ride-hailing, taxi, and limo providers into one single platform to help businesses centrally manage their ground transportation processes.

With more than 15 years of experience in building cybersecurity functions Guo, based in London, is driving an increased focus on cybersecurity as Gett builds the global grid of ground transportation and seeks to become a chief disrupter in a marketplace estimated to be worth $100 billion a year. Speaking to CSO, she reflects upon her short time as Gett’s CISO, the business’ cybersecurity challenges, and her strategies for boosting cyber resiliency at the organisation.

What are your key objectives as Gett’s CISO?

I’m the third CISO in Gett’s history and the company has a unique culture and a set of core values that bind all of us together. It’s important to understand what previous CISOs have achieved so I can carry on with what’s working, address what didn’t work, and bring in what’s missing.

Within the short time I’ve been with Gett, I have been able to grow the team rapidly as well as create the cyber resilience strategy and roadmap. Gett serves one quarter of the Fortune 500 companies, and we are placing ever-greater priority on cybersecurity to protect our customer data. It’s an exciting time for me to be the CISO and to lead the cyber resilience program.

What excites you most about the CISO role?

CISO roles are one of the most challenging and rewarding roles in the industry. Ever since I was a child, I have enjoyed problem solving. When things become challenging, I become more creative. I always pushed boundaries to see what’s beyond. Having worked in many security roles in the financial industry and particularly in the B2B space, I have a deep appreciation of the unique opportunities Gett has and the kind of challenges Gett faces in cybersecurity.

What excites me the most is being on this journey with so many talented colleagues and working together to build something that would benefit businesses all over the world. It is a rare opportunity to be part of the team that is defining a whole new category and sets industry standards similar to how electric and telephone grids did in the previous century.

What are the biggest cybersecurity challenges currently impacting the organisation?

The cybersecurity challenges for Gett are no different from other B2B businesses. We not only need to care about Gett’s infrastructure and platform, but also other supply partners and providers we work with. We must focus on supply chain risk and ensure upstream and downstream risks are considered.

As a global organisation, we need to be savvy on cybersecurity and privacy related laws and regulations. Having a strong partnership with our legal and privacy teams and keeping our knowledge up to date is critical too.

How are you evolving the business’ cyber resiliency, and what factors are key to success?

There were many aspects to consider during the design phase of the cyber resilience strategy. First of all, we are a dynamic organisation with a well-established way of working that maximises productivity. We are cloud-native, and so security must take a “shift left” approach. We have a lot of smart people; they need to feel empowered to do the right things and to be given the opportunity to make decisions. I came up with a cyber resilience strategy that centres around agile cyber risk governance utilising the Factor Analysis of Information Risk (FAIR) methodology for risk quantification, so the decision making is democratic, transparent, and defensible. We’ve built a number of workstreams based on the key areas we would like to improve. Having the roles and responsibilities properly defined and making sure the team is well supported is the key to success.

Lastly, what are your greatest challenges as Gett’s CISO, and why?

I think CISO roles are challenging because there are many stakeholders to manage. A security team cannot be siloed. They must learn to influence and become the catalyst of change. It’s equally important for the security team to understand that using fear, uncertainty, and doubt will not win us the trust we need to sustain the cyber resilience program. Trusting the team and bringing everyone on the journey is my philosophy as a CISO. The biggest challenge for a new CISO is to establish credibility and to be recognised as a trusted partner within the business. There will no doubt be more challenges along the way as Gett continues to grow, but I believe that our team has the agile mindset to adapt and overcome them.