Spotlight on Greg Journey

Greg Journey serves as Executive Director and Chief Information Security Officer at The MetroHealth System, a $2 billion non-profit public healthcare provider based in Cleveland, Ohio. With nearly four decades of experience in Information Technology—including 25 years dedicated to advancing Cybersecurity Programs—he has led cybersecurity teams for three separate billion-dollar organizations as a CISO. His consulting background enables him to approach cybersecurity as a strategic asset, fostering organizational improvement rather than viewing it simply as an operations function.

A fun fact about Greg is that he competed in golf during both high school and college.  These experiences provided valuable lessons in strategy, discipline, preparation, integrity, accountability, and simplifying complex challenges. Most importantly, he learned how to embrace failure and perseverance.  These skills are essential not only on the golf course but also in the CISO chair.

Learn more about the Detroit CISO Community and the Ohio CISO Community.
 

Give us a brief overview of the path that led to your current role.

I began my career in data center operations, running nightly procedures and backups for a small credit bureau. I then joined a credit union, where I automated the full evening and day shift processing and later expanded into front office workflow automation, including deploying the organization’s first Novell network. From there, I installed networks for school districts with OECN, then moved to a regional bank to standardize desktops, servers, and networks. I transitioned into consulting, leading large Novell and Microsoft migrations, which evolved into implementing security technologies and advising organizations on cybersecurity programs. That path ultimately led to my first of three CISO roles.
 

What is one of your guiding leadership principles?

One of my core leadership principles is setting a clear vision that gives direction and purpose and helps each team member see how their work contributes to long term goals. When everyone understands they’re rowing in the same direction, they gain a stronger sense of purpose, take ownership, and produce better work.
 

What is the greatest challenge CISOs face today, and how are you addressing it?

The main challenge facing cybersecurity leaders is the speed and complexity of AI-driven attacks, which can bypass traditional security measures and take advantage of human mistakes. In response, organizations are building resilience by improving identity and access controls, focusing on training people, and making cybersecurity part of their overall business strategy and governance. Rather than trying to block every attack, the new focus is on quickly detecting threats, containing them, and recovering operations so that business can keep running even during an active attack.
 

What is the key to success for someone just starting out as a CISO?

Success in cybersecurity starts with a solid gap analysis to identify your current state and goals. Align your program with business strategy, ensure changes promote progress, and match mitigation plans to available resources and change capacity. Implementation takes time and requires clear communication with leadership, collaboration with IT teams, and stakeholder feedback.
 

How do you measure success as a leader?

My definition of success revolves around achieving goals that support the organization’s overall strategy. As a CISO, I prioritize strengthening security and minimizing risk. Success is evident through tangible risk mitigation, enhanced resilience, credible influence at the executive level, a competent and robust team, and a workplace culture where secure choices are second nature. The organization values early engagement with the CISO, responds effectively to incidents, limits unexpected challenges, and shows clear progress in governance, assessments, and behavioral improvements.
 

What is the value of being a member of Gartner C-level Communities?

Joining the Gartner community connects you with other C-Level executives, fostering valuable networking and collaboration. In cybersecurity, sharing information is essential for understanding threats and finding solutions. Gartner enables members to exchange experiences, which can save both time and resources.
 

Governing Body members share their insights and leadership perspectives to shape the agendas and topics that address the top priorities impacting business leaders today.