Governing Body Spotlight

I am the global Chief Information Security Officer of ResMed, responsible for leading the team that protects the value of ResMed, including stakeholder information, systems, and trust. My CISO role encompasses information security strategy, operations, governance, IT risk management (internal and third party), GRC (Governance Risk and Compliance), Product/Application Security, Identity and Access Management, security outreach, and security consulting for business initiatives.

I am a native of Los Angeles, and I hold an MBA from UCLA and a B.A. from UCSD and I maintain several certifications, including CISSP, CISM, CRISC, CIPP, and DDN (The Digital Director Network), which focuses on bringing security and risk management expertise to boards.

My passions are spending time with my wife and cat, playing guitar and bass and learning constantly. 

Learn more about the Southern California CISO community here.
 

Give us a brief overview of the path that led to your current role.

With over twenty years of experience in information risk and security management, I have held IT leadership roles in various industries, including healthcare, consumer products, entertainment, music startups, and insurance. Before joining ResMed in early 2015, I served as the CISO of Mattel and the SVP and CISO of Universal Music Group, the world's largest music company. For three years, I was CIO of Interscope, Geffen and A&M records, and have been a Co-CIO and privacy lead at ResMed. 

I love the fluidity and impact of being a CISO and cannot imagine a more interesting, challenging and fulfilling role.
 

What is one of your guiding leadership principles?

I lead my team with purpose. The role of me and my security team is to protect the value of ResMed while enabling resilience and value creation. ResMed is a vibrant and innovative company and our security program needs to stay ahead of our strategic goals, changing regulations and ever-changing threats.
 

What is the greatest challenge security leaders face today, and how are you addressing it?

My biggest challenge is the continual changes from internal and external sources. There are so many ways we can add value, but with limited resources, we need to prioritize the threats and risks that have the biggest negative business impact.
 

What is the key to success for someone just starting out as a CISO?

Build strong relationships with business leaders and influencers and make them shared owners of a robust security program. If you can make a business case for security investments in terms they support, you will have greater success.
 

How do you measure success as a leader?

My primary measurement of leadership success is the support I receive from senior management, stakeholders and our board of directors. On a more detailed level there are three primary parts of our security program - Security Operations, GRC including Internal Audit, and security services which includes numerous projects. Each has organic measures, dashboards and reports shared with internal leaders and staff and business stakeholders.
 

What is the value of being a member of Gartner C-level Communities?

I get good value from being part of Gartner C-Level Communities, a role I have treasured for many years! I love the comradery with old and new friends, the network to get ideas on best practices and bad practices to avoid. I have saved time and money and achieved higher levels of success based on this excellent group.
 

Gartner C-level Communities Governing Body members share their insights and leadership perspectives to shape the agendas and topics that address the top priorities impacting business leaders today.