The importance of teamwork is prevalent when you’re talking to Michelle Griffey, Chief Risk Officer for Communisis. It’s that focus Michelle relies on when hiring new team members and when faced with the biggest challenge in her role — securing clients’ critical information. Michelle chatted with Speed Data host Megan Garza about why it’s so crucial to lean on others for help, how the widespread adoption of AI can be a good — and bad — thing, and why being referred to as a “nerd” is the highest compliment you can receive.
The importance of teamwork is prevalent when you’re talking to Michelle Griffey, Chief Risk Officer for Communisis. It’s that focus Michelle relies on when hiring new team members and when faced with the biggest challenge in her role — securing clients’ critical information. Michelle chatted with Speed Data host Megan Garza about why it’s so crucial to lean on others for help, how the widespread adoption of AI can be a good — and bad — thing, and why being referred to as a “nerd” is the highest compliment you can receive.
Megan Garza: [00:00:00] Welcome to another episode of Speed Data, quick conversations with cybersecurity leaders. I'm your host, Megan Garza. I'm excited to introduce our guest today, Michelle Griffey, Chief Risk Officer for Communisys.
Megan Garza: Welcome, Michelle.
Michelle Griffey: Hi, Megan. Nice to be here.
Megan Garza: Michelle manages information security and cyber risk functions for Communisys, an integrated services communications provider. In her role, she oversees business continuity, crisis management, and data protection, and builds resilience into the company's business solutions and customer offerings. Prior to joining Communisys in 2016, Michelle worked in senior leadership for Lloyds Banking Group for a decade and a half, where she earned her APMP qualification and Sigma Black Belt.
Megan Garza: Michelle, I'm sure you've seen a lot over your time at Lloyds and Communasys. How has the threat landscape changed since you began your career?
Michelle Griffey: [00:01:00] changed incredibly, Megan. Um, I think such a greater reliance on tech and that not being enclosed in the boundaries of, initially, even just the office that you're working in. So the interconnections of the offices, the people, the clients, the customers, And then moving into cloud. So, you know, at the beginning there was, limited tech and there was no cloud, um, which completely changes that.
Michelle Griffey: But I think the other thing that I've noticed that has happened, and it's probably cost related, is people have, had this desire or this, drive towards going single supplier for a lot of things, which doesn't help when you're looking to look for resilience and continuity.
Megan Garza: And what type of data breaches or exploits do you worry about most? What keeps you up at night?
Michelle Griffey: I think, I mean, data breach, personal data, we, we flow a lot of personal data and a lot of information about people that, it's quite sensitive, not in terms of the GDPR definition. But it is sensitive, understanding what [00:02:00] people are, what their pay is, what they're paying out, and things like that.
Michelle Griffey: And so, that data, that type of data breach, um, I think worries me for our clients, customers. and in terms of other things, I think it's really the, either ransomware or a type of really successful DDoS, which stops us being able to, um, manage the work to get things out, the communications out that need to go out.
Megan Garza: And what do see as the biggest threat or risk to cybersecurity on the horizon?
Michelle Griffey: I think there's two or three, so I'm going to have to answer with a couple, I'm afraid, I think it's going to be interesting to see where AI takes us. I mean, from a of scams perspective, you're already seeing, sort of deepfake, but how, that AI drives into creating attacks that, that people don't recognize.
Michelle Griffey: I think that's going to be an interesting one to look at. I think legacy is going to become more and more of an issue as people try to bolt on different [00:03:00] products and customers. We all, we all want to be online and we want our suppliers to be available 24 7. and as you try to build that onto legacy platforms, I think that is going to create more problems.
Michelle Griffey: particularly in the, you know, area of you don't know what you don't know. And I'll, I'll throw a third one in as well back down to that single supplier. I think there is this tendency to go with big players on a, an all your eggs in one basket and sometimes that's not the, the best way. It could be, but I think then sometimes you perhaps develop a false sense of, of security
Megan Garza: Yeah, and you mentioned AI, you know, experts say this is the biggest thing since the internet. Uh, people have said it's, it's bigger than, you know, the industrial revolution.
Megan Garza: Um, so the magnitude at which we still have so much to know about AI, there are so many different facets of how to use AI, how to... Use AI for, you know, malicious purposes.
Megan Garza: that absolutely fascinates me.
Michelle Griffey: yeah, it does me too. [00:04:00] And I think you, you just, people, we all do as consumers, we hook onto things like, oh, this is great. Look what it can do for us. I think if you're in security or data protection, you're a little bit more wary and particularly like me, if you're in risk and you're sort of like, Ooh, what could go wrong?
Michelle Griffey: But we, we jump into these things and the AI is, it's come upon us so quickly with Very little regulation. I mean, I know it's coming down pipe, but it's after, almost after the horse has bolted and the bad actors can use it just as easily as the good
Michelle Griffey: people.
Michelle Griffey: Um,
Megan Garza: And already are.
Michelle Griffey: And already are. Yeah, absolutely.
Megan Garza: What skills make security professionals great at what they do? What, do you look for when hiring team members?
Michelle Griffey: if I'm hiring a team member, they absolutely have to have a team fit. So you've got to have a team player. And I think that is also, while I think a lot of technical people, or, you know, true, all the nerds, you know, they might hate me saying that, but those type of people tend to want to work on their own.
Michelle Griffey: But you can't, it [00:05:00] has to be a multi layered thought process type element where you draw on different thoughts. So if I bring into the team, they absolutely have to have a team fit with the other team members. What skills do they need? They absolutely need to know a framework or that type of thing, they need to know those technical things, but probably more importantly, tenacity, because it's, you know, it's hard, you got to keep going, you're going to keep banging your head against a wall, and an insatiable curiosity, because you haven't necessarily got the funds.
Michelle Griffey: To buy all the great tools that are out there and all of the threat hunting and all of these lovely things that we'd all love. But just having insatiable curiosity is helpful because you'll keep thinking about, what could that be and what am I seeing there? So I think two key things and then being a team player.
Megan Garza: personally would love to be identified as a nerd. They're, the smart ones, so.
Michelle Griffey: Absolutely. Many, many years ago, someone in Lloyds said to me, Oh my God, you're a chic geek. And I
Michelle Griffey: thought, that's
Megan Garza: I
Megan Garza: would love to be a
Michelle Griffey: I [00:06:00] love that. Yeah,
Michelle Griffey: I love
Megan Garza: I feel like you should coin that term.
Michelle Griffey: probably way past that now, but you know, that was, it was great at the time.
Megan Garza: And what advice do you have for other security leaders on first steps when discovering a vulnerability or exploit attempt?
Michelle Griffey: It goes back to that team player thing, just draw on all the support you have. I mean, we're talking here from a sort of Varonis perspective and I know we've drawn on, on you guys on a number of occasions when we've had a fear that we're seeing something, thank God it's turned out to be someone internally doing something that we might be worried about.
Michelle Griffey: But just draw on all the support you have because you're not going to be able to answer it alone. And if you try, you may miss an additional risk, because I think just let people ask questions, let chat, let people challenge, because you never know what's going to happen. I mean, if you've got maybe a bot, and I just say, pinging back to the mothership internally, and you're working on this on your own, and you just go, oh, let's close everything down, and nobody's said, oh, [00:07:00] is there a risk of closing it down?
Michelle Griffey: as many people as you need in, but not too many, because anything cyber related, everybody's interested. And you'll get a load of people going, oh, but what's happening? So, it tight to those you need, but don't try and do it on your own.
Megan Garza: I always like to chat with my guests about what life would look like if they took a different path. So if you weren't in cybersecurity, what would you be doing?
Michelle Griffey: if I didn't have to pay the bills, if I haven't got to, you know, keep a roof over my head necessarily, or, or, or that's covered, I think I'd probably end up running a yoga studio somewhere or, or running a pottery cafe and baking cakes for half of my
Michelle Griffey: day
Megan Garza: Oh, wonderful. Well, thank you again so much for your time today, Michelle. I really appreciate it. And as always, if our guests have any questions they'd like asked during a future episode of Speed Data, please email me at PR@Varonis.com
Megan Garza: thanks, Michelle.
Michelle Griffey: thanks for the chance to chat Megan, it's been great.