This episode of Code to Cloud features a discussion with the Global CISO at Church and Dwight Co., the parent company of brands like Arm & Hammer and OxiClean. And at Church & Dwight Co., David transformed the global enterprise-wide information security program key areas of strategy, risk management, and compliance, among others. Prior to joining the company in 2020, David spent over 22 years in security at Bed, Bath & Beyond. David and host Andy Schneider, Field CISO EMEA at Lacework, discuss the primary cyber threats facing the manufacturing sector, with a specific focus on ransomware, and the strategies utilized by Church & Dwight to mitigate these threats, including a robust third-party vendor assessment process. Ortiz highlights the importance of adaptability in cybersecurity, the role of leadership qualities such as empathy, accountability, and urgency, and underscores the significance of identity management, preparedness, and swift response in enhancing cyber resilience. The conversation also covers the benefits and considerations of moving services to the cloud, reflecting on the necessity of collaboration between cybersecurity teams, manufacturing units, and other stakeholders to safeguard against an ever-changing threat landscape.
This episode of Code to Cloud features a discussion with the Global CISO at Church and Dwight Co., the parent company of brands like Arm & Hammer and OxiClean. And at Church & Dwight Co., David transformed the global enterprise-wide information security program key areas of strategy, risk management, and compliance, among others. Prior to joining the company in 2020, David spent over 22 years in security at Bed, Bath & Beyond. David and host Andy Schneider, Field CISO EMEA at Lacework, discuss the primary cyber threats facing the manufacturing sector, with a specific focus on ransomware, and the strategies utilized by Church & Dwight to mitigate these threats, including a robust third-party vendor assessment process. Ortiz highlights the importance of adaptability in cybersecurity, the role of leadership qualities such as empathy, accountability, and urgency, and underscores the significance of identity management, preparedness, and swift response in enhancing cyber resilience. The conversation also covers the benefits and considerations of moving services to the cloud, reflecting on the necessity of collaboration between cybersecurity teams, manufacturing units, and other stakeholders to safeguard against an ever-changing threat landscape.
Key Quotes
*”Technology is getting more and more complex every single day. What we may have viewed years ago as a simple firewall rule has become much more complex with our connected ecosystems across multiple clouds, multiple sites, multiple networks. So the complexity is going to continue to grow, but our mission hasn't really changed with what we need to do to protect it. We just need to adapt and keep up with the changing threat landscape.“
*”Everybody has a role in cyber and protecting our people, our technology, our processes. I want to instill that mindset of accountability and ownership so that everybody understands that they have a part in reducing cyber risk.”
*”From the vendor community, my ask would be: Help us install foundational cybersecurity, help us understand where we're potentially oversharing data. And let's have a little less hype on AI in general. Let's really surface all the good that's going to come out of AI and derive it from that conversation versus a hype conversation and I think that would really benefit everybody substantially so that we could get ahead of the bad actors out there and really use AI to its full potential for good.”
*”You can teach technical skills. You can't teach drive and passion. And that sense of urgency that I mentioned early on, Those are some of the characteristics that you need in this field. So, as a company is interviewing and looking for people in the cyber or the IT risk management field, look past the certifications, look past some of those requirement bullet points that you may see on a job description and really get to know the person and explain the role that they're interviewing for to them and see if they're really a fit for that role. And again, knowing that you could teach people technical skills, but you want to really hire the person, not what's on their resume.“
Time Stamps
[0:32] Introducing David Ortiz: Global CISO at Church & Dwight Co.
[1:05] Transforming Cloud Security in Manufacturing
[1:15] Ransomware: The Persistent Threat
[1:58] Vendor Assessment and Cloud Adoption Strategies
[3:44] Cybersecurity Incident Response in Manufacturing
[6:15] Leadership Qualities in Cybersecurity
[7:58] Building Trust and Accountability in Teams
[11:04] The Role of Technology in Cybersecurity
[15:51] The Future of Cybersecurity and AI
[18:47] Career Insights and Advice in Cybersecurity
Links
Connect with David on LinkedIn
Learn more about Church & Dwight Co.
This podcast is brought to you by Lacework, the leading data-driven cloud-native application protection platform. Lacework is trusted by nearly 1,000 global innovators to secure the cloud from build to run. Lacework delivers true end-to-end protection, empowering customers to prioritize risks, find known and unknown threats faster, achieve continuous cloud compliance, and work smarter–not harder–all from one unified platform. Learn more at Lacework.com.