VP, CISO, TrueBlue
Karen Holmes is a tech-minded career innovator and current Vice President and CISO at workforce technology solutions firm TrueBlue. Her mission is to promote innovative thinking using automation and orchestration to provide seamless and secure user experiences. Before taking on her role at TrueBlue in 2017, Karen held senior IT and cybersecurity roles for the retailer Recreational Equipment, cruise lines Carnival Corporation and Holland America Lines, and the financial powerhouse JP Morgan Chase.
How will you drive your organization’s cybersecurity strategy forward in 2021?
We are going to continue to leverage my initial strategy which is all about automation and orchestration. The signature line on my email is an image of the Jolly Roger, and inside it says
‘automate or die’ in binary. I know this is incredibly nerdy, but it should give you an idea of my strategy. There are a lot of boutique tools in the cybersecurity space, but they can get extraordinarily expensive and extraordinarily complicated for your engineers and your threat hunters. So, I have automated a good portion of my environment by only purchasing
interoperable tools that feed up into single panes of glass for my threat engineers. It cuts millions, even billions of pieces of telemetry for a global corporation like ours down to a dozen
or so actionable threats that I need to have an engineer investigate.
What should information security executives focus on in 2021 to generate business value?
It is all about driving automation to the endpoints. Your ultimate vulnerable spot is your end-user. The person who is just doing their job and knows nothing about information security absolutely will open that attachment absolutely will click that link, and enter their user credentials. So, how do you prevent that user from doing damage? Get to that person and
educate them, and you will save the world. So, I would encourage executives to focus on the people. We can do amazing things with technology, but people are ultimately your biggest vulnerability.