Board Member Spotlight: Jason Ruger, Chief Information Security Officer | Lenovo

The National Cyber Security Alliance is pleased to present our third edition of our Board Member Spotlight.

Our Board member companies are leaders in cybersecurity education and awareness and are an integral part of making the organization a successful public-private partnership.

Get to know Jason Ruger, Chief Information Security Officer at Lenovo, in this Board Member Spotlight.

Jason, you are Treasurer of the National Cyber Security Alliance and Chair of the Finance Committee. What is it like to serve in these roles? 

I strongly believe in the mission of the National Cyber Security Alliance , so I can contribute in a small way by maximizing the impact of our financial resources. My colleagues have diverse backgrounds and creative ideas to improve cybersecurity awareness – I enjoy helping to manage our portfolio of awareness investments to drive change and help organizations. I’ve led organizations in cost-cutting and growth modes and am pleased that currently we’re in growth mode at the National Cyber Security Alliance.

What is your favorite part about being a board member?

My favorite part is leveraging the education and awareness initiatives to help small businesses and non-profits stay safe. These days it seems that you need several specialists to protect your digital infrastructure and the National Cyber Security Alliance helps keep smaller organizations that can’t afford these experts safe.

Where do you see the National Cyber Security Alliance fitting into the cybersecurity landscape?

The National Cyber Security Alliance helps synthesize priorities and ideas from the public and private sector. The combination of government and private sector inputs makes our communications more relevant and applicable to the widest possible audience. By extension, by distilling best-practices from a very heterogeneous group we can assist with understanding and practical actions for organization and individuals.

How does Lenovo’s cybersecurity interests align with the National Cyber Security Alliance mission to educate and empower our global digital society?

As the world’s largest computer-maker we share a common passion for making the digital world as safe as possible. Our products are used in schools, hospitals, and even Covid research. Without cybersecurity protections, computer technology can be used by criminals for harm. We want everyone who uses a computer (either built by Lenovo or our competitors) to have the knowledge to “stay safe online.”

As a CISO, what has been your biggest challenge and how have you overcome it?

One year ago, the largest challenge was the pandemic and securing remote work. More recently, the speed, quality and availability of exploit kits (hacking toolkits) has made ransomware a larger threat than in the past. Just like SaaS and PaaS, there is ransomware-as-a-service (RaaS). We want to protect our company, our partners and our customers. To overcome RaaS you first have to follow existing best-practices like patching and have sophisticated tools that use artificial intelligence to detect ransomware infections before they can spread.

What advice/tips do you have for our blog readers to prevent cyber crime at their organizations?

The National Cyber Security Alliance  serves a diverse set of organizations, so it is difficult to find tips that work for all organizations. I’d focus on three things:

1. Authentication: Particularly in a cloud-based environment, use stronger-than password authentication. For larger organizations, use additional layers for more sensitive systems or administrative roles.
2. Zero-trust: Apply this principle to all new systems going forward and methodically apply it to your legacy systems. Be sure to include your partner network connections as well. For small organizations, even something as basic as restricting VPN access to subsets of your network can reduce the attack surface.
3. Detection: Focus as much on detection solutions and prevention solutions. Hackers are intelligent and creative, so even the best prevention technology will not stop every attack. Assume your organization will get compromised and invest in solutions that will detect these breaches.

How do you continue to grow and develop as a leader?

In cybersecurity you need to have the humility that even your best solutions are never good enough. I learn about best practices both from my cyber colleagues at work and from industry peers. I also research breaches to understand what we could do differently. In addition, I think looking outside cyber can help bring perspective. Understanding economics and business functions enables me to make better risk decisions. 

What has the remote work experience been like for you? How do you stay motivated through online meetings?  

Because I work in a global company, I’m used to online meetings with Europe in the morning and Asia in the evening. In many ways this prepared our company for the pandemic since we already had hours of video calls per day. I actually enjoy the lack of travel – I don’t miss 15-hour flights and 7-12-hour time zone changes. I do miss the fidelity of in-person meetings. It is much more difficult for me to gauge how a team member is feeling and read facial expressions over the phone or video call. 

What is one thing- industry-related or not- that you have learned in the past year?

I learned how difficult it is to teach. While I’ve always admired and respected K-12 teachers, I never appreciated how complicated their job is. During the early days of the pandemic, I tried to teach my children for a small portion of the day. I failed miserably at every aspect – even though I picked subjects I knew well and had a classroom size of 2. I learned teaching one child for one hour is very hard and that teaching 20-30 students for an entire day is far beyond my capabilities.