Yaron Levi is the CISO for Blue Cross and Blue Shield of Kansas City. We talk about what he looks for in people when hiring in Infosec and a time when he took a chance on someone (against the opinion of his peers), and his chance was a big success. We also discuss a breach he had to deal with only 3 months into his job!
Yaron Levi is the CISO for Blue Cross and Blue Shield of Kansas City (Blue KC). In this role, he manages a team responsible for information risk management, cyber defense, regulatory and compliance, architecture and engineering, and identity and access management for an organization that provides health insurance for about 1 million members and has over $2B in annual revenue.
Prior to joining Blue KC, Yaron was a Director of Information Security for Cerner Corporation, an Information Security Business Partner for Intuit, an Information Security Architect and Product Manager for eBay, and a Director of Cloud Security for ANX.
Yaron is a Research Fellow for the Cloud Security Alliance (CSA). The Research Fellow designation is the highest honor and distinction given to a CSA research volunteer who has demonstrated significant contributions to CSA research. Yaron is a co-chair and lead architect of the Cloud Enterprise Architecture. Contributor to the Consensus Assessments Initiative Questionnaire (CAIQ), Cloud Controls Matrix and promoted the CSA as best practice in various cloud projects with various Fortune 500 companies.
Yaron is the co-founder of the Kansas City CISO forum, B-Sides Kansas City, and is a frequent speaker on Cyber Security Architecture, DevSecOps, and Cyber Defense.
Yaron holds a B.A. in Social Sciences and Management and is a graduate from the FBI CISO Academy.
Created his own IT company to pay his way through college
A SOX Compliance project was his first exp
His first computer was a Sinclair ZX81
Had to save up to buy his own Commodore 64!
Yaron's discussion with youth whether a laptop is more dangerous than a gun? What about the 2nd Amendment?
3-months into his job, he experienced a breach!
"Security is one of those areas that you can be part of something that is bigger than yourself."
"Having a real calling for something... that can make a difference."
"It's one of those communities [where] people really want to help each other."
"I think, for many people, there isn't a prescription, if you will, of how and where to start."
"Are you the type of person who likes to crack codes and puzzles and bang your head against the wall for 16 hours...that may lead you to a dead-end or nothing? Oh no, I like to talk to people."
"First and foremost, we are educators."
"Sometimes, when we look for people, we tend to look for people based on a very specific mold or template [unfortunately]"
"Usually, I hire for character first, then skill."
"At the end of that record is a person... a human being."
"I think people need to realize that it can be a very thankless job, not just hoodies and hackers all day long. If you google a "Hacker" today... it's kind of depressing to everyone with hoodies like that... that's not the reality."
"It's all about defense... protection... enablement of the business securely. When everything goes well, nobody really thinks of you, nobody thanks you for that. But when something bad happens, everybody looks for a head to chop."
"It's, in my opinion, one of the more rewarding careers one could have and being part of something bigger than just themselves."