His innate desire to make a difference led him to the domain of information security. Now, as the chief security officer at Genomic Health, Craig Guinasso has found his calling.
His career began in law enforcement when he worked for ten years as a police officer for California State University Stanislaus. The university had just finished building new dorms and were advertising high-speed internet connections. Unfortunately, these high-speed connections were nothing more than unsegregated LAN connections. Soon, problems started to appear.
“The systems started going haywire. Students got into the academic systems and changed grades. I was asked to investigate these weird incidences. Back then, there wasn’t a lot of high-tech knowledge about institutional crimes or information security,” Guinasso says.
Fortunately for him, as a second generation security professional, Guinasso could seek guidance from his father, who worked for a variety of Silicon Valley companies, dealing with what we now know as information security.
“I had someone I could lean on and ask the right questions to, while being guided in the right direction,” Guinasso says. “I had the right tool set at the right time. I had been around law enforcement all my life and knew I wanted to be on the right side of the law. I was following dad’s footsteps.”
As part of his ongoing career development, he started attending high-tech security and white collar crimes trainings and seminars (as they were called back then), while interacting with people in the private sector. These individuals were looking for people with a law enforcement background because of their forensic eye and reporting tactics. Soon, Guinasso found his way into the private sector and eventually to Genomic Health.
“When the opportunity came along, it was very inspirational because aside from the work I had done in law enforcement, all of the information security work I had done so far was for companies where the data was just data,” Guinasso says. “If there was a compromise, there was a compromise. But here, I am able to do things for people where it really matters.”
At Genomic, Guinasso provides a value proposition to the business that enables it to function in a secure way.
“My responsibilities are all things information security, and what that means is really doing vulnerability management,” he says. “I work very closely with the legal team negotiating master service agreements and reviewing the security aspect of contracts. I also work really closely with the other departments to help them evaluate new technologies and new systems so that those new ideas can be secured.”
Building relationships is important to Guinasso, and he likes to get involved in the earliest stages of an idea, whether it is changing a process, buying a product, or changing a vendor. He helps review every aspect of the new idea to provide the company with a quick security assessment. This ensures that they meet minimum security requirements and the employees get the user experience they expect.
“Craig is one of those chief security officers that is truly blazing a trail, and this is especially true when it comes to cloud security,” says Sanjay Beri, CEO of Netskope. “We’re delighted to see this recognition of his leadership.”
Despite all of his accomplishments, a job as demanding as this is not without its challenges. For Guinasso, it is about keeping up with technology.
“Every day, there is a new attack and a new technology is created to defeat it,” Guinasso says. “It’s a cat-and-mouse game, and I would say that the number one challenge is to stay ahead of the game. Keep your technology up to date and patched and monitored.”
Guinasso’s leadership skills often harken back to his days in law enforcement.
“I had a sergeant who taught me everything I needed to know, and then just asked me to go out and do my job without getting him into trouble. I do the same,” he says. “I believe in hiring people that are better than I am, and once I hire them, I get out of their way.”
For the members of his team, Guinasso fosters an environment that is conducive to growing. With an understanding that the people on his team are critical to achieving the best security, Guinasso says he has a unique approach to training.
“There is a phenotype for security people. They can go out and get training and certifications, but that does not necessarily make them great security professionals. They have to follow their hunch. I have been good at enabling people’s abilities as opposed to simply training them,” Guinasso says.
He adds, “There are people who worked for me that have left for whatever reason. They call me and say they want to come back. It makes me feel good.”
Securing Futures Through Education
When he is not working to protect the illegal transfer of data, Craig Guinasso works with the Parent Teach Community at the Redeemer Lutheran School as the president of the PTA.
“I spend a lot of time at my kids’ school,” he says. “I am involved in fundraising for the school and have raised $400,000 in the past 4–5 years through auctions.”
Druva’s industry-leading Data Management-as-a-Service platform unifies data protection, governance, and intelligence across enterprise data, delivering scalability and security, while reducing cost and complexity. Druva enables life science organizations, like Genomic Health, to establish central data compliance and governance practices, and helps prevent the mishandling of sensitive information such as PII, PHI, and IP.