As the Lenovo CISO, Jason Ruger is responsible for protecting Lenovo customers, employees and shareholders from an ever-increasing array of cyber-attacks.
Mr. Ruger is responsible for enabling new products and services that leverage IoT, artificial intelligence and 5G at the world’s largest computer maker. An expert in cyber, cloud and mobile, Mr. Ruger has over 20 years of cyber security and IT experience at Lenovo, Google, Motorola, Apple and Symantec. During his 10+ years as CISO, he successfully led Lenovo, Google and Motorola through some of their largest cyber-attacks in history. While at Google, he led divisional cyber-security for over 25,000 Google employees and created the first smartphone privacy engineering team. While at Motorola, he delivered secure services on 2G, 3G and 4G.
In addition to his CISO role, Mr. Ruger runs IT for the Lenovo Mobile Business group; responsible for technology used to design, manufacture, sell and service MBG products in all regions. This includes delivering services to over 100 million global customers. A cloud pioneer, Mr. Ruger was the first IT executive in the world to move a Fortune 500 company to cloud-based collaboration (email, apps, storage).
Prior to joining Motorola in 2006, Mr. Ruger was a director at a big-data analytics company where he created a system that securely organizes financial data for 50% of the Fortune 100 companies. Mr. Ruger holds a Bachelor of Science in Economics from Vanderbilt University and an MBA from Northwestern’s Kellogg School of Management. Mr. Ruger serves on the board of a local non-profit, is a founding member of a team that has raised over $750,000 to fight cancer and serves meals to the homeless monthly.
Get to know Jason Ruger
You are the Chair of NCA’s Finance Committee. What’s it like to serve in this role?
I strongly believe in the mission of the National Cyber Security Alliance , so I can contribute in a small way by maximizing the impact of our financial resources. My colleagues have diverse backgrounds and creative ideas to improve cybersecurity awareness – I enjoy helping to manage our portfolio of awareness investments to drive change and help organizations. I’ve led organizations in cost-cutting and growth modes and am pleased that currently we’re in growth mode at the National Cyber Security Alliance.
What is your favorite part about being a board member?
My favorite part is leveraging the education and awareness initiatives to help small businesses and non-profits stay safe. These days it seems that you need several specialists to protect your digital infrastructure and the National Cyber Security Alliance helps keep smaller organizations that can’t afford these experts safe.
Where do you see the National Cybersecurity Alliance fitting into the cybersecurity landscape?
The National Cyber Security Alliance helps synthesize priorities and ideas from the public and private sector. The combination of government and private sector inputs makes our communications more relevant and applicable to the widest possible audience. By extension, by distilling best-practices from a very heterogeneous group we can assist with understanding and practical actions for organization and individuals.
How do Lenovo’s cybersecurity interests align with our mission?
As the world’s largest computer-maker we share a common passion for making the digital world as safe as possible. Our products are used in schools, hospitals, and even Covid research. Without cybersecurity protections, computer technology can be used by criminals for harm. We want everyone who uses a computer (either built by Lenovo or our competitors) to have the knowledge to “stay safe online.”
As a CISO, what has been your biggest challenge and how have you overcome it?
One year ago, the largest challenge was the pandemic and securing remote work. More recently, the speed, quality and availability of exploit kits (hacking toolkits) has made ransomware a larger threat than in the past. Just like SaaS and PaaS, there is ransomware-as-a-service (RaaS). We want to protect our company, our partners and our customers. To overcome RaaS you first have to follow existing best-practices like patching and have sophisticated tools that use artificial intelligence to detect ransomware infections before they can spread.
What advice do you have for our readers to prevent cybercrime in their organizations?
The National Cyber Security Alliance serves a diverse set of organizations, so it is difficult to find tips that work for all organizations. I’d focus on three things:
- Authentication: Particularly in a cloud-based environment, use stronger-than password authentication. For larger organizations, use additional layers for more sensitive systems or administrative roles.
- Zero-trust: Apply this principle to all new systems going forward and methodically apply it to your legacy systems. Be sure to include your partner network connections as well. For small organizations, even something as basic as restricting VPN access to subsets of your network can reduce the attack surface.
- Detection: Focus as much on detection solutions and prevention solutions. Hackers are intelligent and creative, so even the best prevention technology will not stop every attack. Assume your organization will get compromised and invest in solutions that will detect these breaches.
How do you continue to grow and develop as a leader?
In cybersecurity you need to have the humility that even your best solutions are never good enough. I learn about best practices both from my cyber colleagues at work and from industry peers. I also research breaches to understand what we could do differently. In addition, I think looking outside cyber can help bring perspective. Understanding economics and business functions enables me to make better risk decisions.