Yaron Levi is the CISO for Blue Cross and Blue Shield of Kansas City. We talk about what he looks for in people when hiring in Infosec and a time when he took a chance on someone (against the opinion of his peers) and his chance was a big success. We also discuss a breach he had to deal with only 3 months into his job!
Yaron Levi is the CISO for Blue Cross and Blue Shield of Kansas City (Blue KC). In this role he manages a team responsible for information risk management, cyber defense, regulatory and compliance, architecture and engineering, and identity and access management for an organization that provides health insurance for about 1 million members and over $2B in annual revenue.
Prior to joining Blue KC, Yaron was a Director of Information Security for Cerner Corporation; an Information Security Business Partner for Intuit; an Information Security Architect and Product Manager for eBay; and a Director of Cloud Security for ANX.
Yaron is a Research Fellow for the Cloud Security Alliance (CSA). The Research Fellow designation is the highest honor and distinction that can be given to a CSA research volunteer who has demonstrated significant contributions to CSA research. Yaron is a co-chair and lead architect of the Cloud Enterprise Architecture. Contributor to the Consensus Assessments Initiative Questionnaire (CAIQ), Cloud Controls Matrix and Promoted the CSA as best practice in various cloud projects with various Fortune 500 companies.
Yaron is the co-founder of the Kansas City CISO forum, B-Sides Kansas City, and is a frequent speaker on Cyber Security Architecture, DevSecOps and Cyber Defense.
Yaron holds a B.A in Social Sciences and Management and is a graduate from the FBI CISO Academy.
- Created his own IT company to pay his way through college
- A SOX Compliance project was his first exp
- First computer was a Sinclair ZX81
- Had to save up to by his own Commodore 64!
- Yaron’s discussion with youth whether a laptop is more dangerous than a gun? What about 2nd Amendment?
- 3 Months into his job, he experienced a breach!
- “Security is one of those areas that you can be part of something that is bigger than yourself.”
- “Having a real calling for something … that can make a difference.”
- “It’s one of those communities that people really want to help each other.”
- “I think for many people, there isn’t a prescription, if you will, of how and where to start.”
- “Are you the type of person who likes to crack codes and puzzles and bang your head against the wall for 16 hours…that may lead you to a dead end or nothing? Oh no, I like to talk to people.”
- “…First and foremost, we are educators.”
- “Sometimes when we look for people, we tend to look for people based on a very specific mold or template [unfortunately]”
- “Usually I hire for character first, then skill.”
- “At the end of that record is a person… a human being.”
- “I think people need to realize that it can be a very thankless job, not just hoodies and hackers all day long. If you google a “Hacker” today… it’s kind of depressing to everyone with hoodies like that… that’s not the reality.”
- “It’s all about defense… protection… enablement of the business securely. When everything goes well, nobody really think of you, nobody thank you for that. But when something bad happens, everybody looks for a head to chop.”
- “It’s in my opinion one of the more rewarding careers one could have and being part of something bigger than just themselves.”
Outro: A Rising Wave – Jeremy Blake