Governing Body Spotlight

Member of the Toronto CISO Community

Andrew Faber

Director of IT Risk and Security Governance

Greater Toronto Airports Authority

Andrew Faber is the Director, Security Technology Services at Toronto Pearson International, Canada’s largest airport.

Throughout his career, Andrew has successfully developed and delivered information security roadmaps for a number of organizations across multiple industries, including financial services, health care, retail, and telecommunications. Andrew holds both a CISSP certification from ISC2 and an ABCP certification from the Disaster Recovery Institute in Canada.

Prior, Andrew was the Director of Information Security for Aimia (Aeroplan), responsible for the company’s Canadian business units. Andrew has also specialized in the Payment Card Industry Compliance program as a certified auditor.

Learn more about leaders in the Toronto CISO community here.

Give us a brief overview of the path that led to your current role.

I have worked at several organizations throughout my career and was performing security consulting for an organization called Aimia (which owned Aeroplan). This work transitioned into becoming the Director of Information Security for Aimia, responsible for the security of several business units, with the largest being the Aeroplan points program. Aeroplan is closely linked with Air Canada, which is closely linked to Toronto Airport. When the role of Director of Information Security became available at Toronto Pearson, it was a natural migration.

What is one of your guiding leadership principles?

My approach to management is to be a leader that I would want to work for.  

With disruption being a key theme of the past year, where do you see your role as a CISO leader going in the next 1-2 years?

My role as CISO leader is moving from a reactionary and incident response position to a role of IT Risk Management. Fourteen months ago, nobody in the travel industry would have foreseen the distribution that has occurred to this industry. Understanding and communicating risk allows for an organization to better prepare for previously unforeseen situations and plan for the unexpected.

What advice would you give to someone just starting out in the role?

Learn how to communicate. You can have lots of technical knowledge, but if you can express yourself effectively, the message of information security goes much further. Learn how to be clear, concise, and be able to use lots of metaphors.

Tell us 3 fun facts about yourself.

  1. I hate reading (always have since I first learned to read), but am addicted to audible books.
  2. I have passed the CISSP exam twice.
  3. I have a pre-order for a Tesla CyberTruck, but my wife says she refuses to allow it in the driveway because of how it looks.

What is the value of participating in a professional community through Evanta?

I believe the connections with other InfoSec leaders is very valuable. Particularly over the past year, when we have been working from home, having connections available through Evanta has helped keep knowledge flowing.


Evanta Governing Body members share their insights and leadership perspectives to shape the agendas and topics that address the top priorities impacting business leaders today.

by CISOs, for CISOs

Join the conversation with peers in your local CISO community.