|
Getting your Trinity Audio player ready...
|
The IT and cybersecurity team at Excellus BlueCross BlueShield is at an inflection point that most organizations only dream of approaching. Jason Pickup, VP and chief information security officer, and his team have made cybersecurity a priority for everyone. They have built a structure that is repeatable and documented—and which has continued to successfully mature all aspects of their adopted NIST Cybersecurity framework that is now part of Excellus’s DNA.
“We come from a position where security functions have been more centralized and are now approaching a time when we can push some of these functions back into the organization to raise the level of assurance and empowerment,” Pickup explains. “Not many organizations get to that point because it’s so hard. But that seems to be the point we’ve evolved to.”
Pickup may feign amazement, but it’s a process that’s taken seven years plus patience and incredible teamwork and communication from the cybersecurity team outward to the rest of Excellus. The CISO credits his hardworking team and a broader culture that was both ready and willing to commit to a culture of continuing evolution.
“You can’t expect the security team to do everything for everybody. It has to be a little bit of everybody’s responsibility.”
Jason Pickup
Relationships, the CISO says, are the crux of that evolution. “That’s one of the big things I’ve learned,” Pickup explains. “You can’t expect the security team to do everything for everybody. It has to be a little bit of everybody’s responsibility.”
Cyber threats are constantly evolving as threat actors gain access to new technologies or find new ways to exploit old vulnerabilities. “As we enter into 2024, our job is to drive that empowerment back into different parts of the organization,” Pickup says. “We want to give people mechanics and self-regulating means by which they can move with more confidence and ease.
“We’ve benchmarked with industry experts and feel really proud about the maturity of our program, but our work is never done, and our next challenge is trying to move from good to great,” he continues. “Through weaving cybersecurity into the fabric of our organization, we will no longer be viewed as an inhibitor and [will] drive increased value and the confidence necessary to take advantage of new innovative opportunities.”
Pickup’s own leadership in this effort is worth examining, especially because the first connection he makes is to his son. Pickup had no real interest in soccer and had never coached before. But when his son didn’t make the elite first team he tried out for, Pickup offered to coach what might have been seen as a rag-tag group of elementary-aged second-stringers.
“I knew nothing about soccer, I never played,” Pickup says, laughing. “But he wanted to play. So, I got my coaching certification and ended up coaching soccer for the next fifteen years.”
Pickup created a culture among teammates that emphasized responsibility and brotherhood. The team’s coach asked his players to think about the community in which they lived and how they’d like to be remembered when they were older. He established a culture for a team that might have barely understood the word at the time. By his youngest son’s senior year, eleven members of that team were playing varsity soccer.
Those coaching lessons have clearly impacted Pickup’s efficacy as a leader. But he still insists on learning. The VP has an executive coach and focuses on self-awareness, which he believes is critical to understanding himself, his people, and the organization in which he has been so impactful.
That self-awareness was what helped him understand that his security team needed to move to the next level.
“As a leader, you have to try and figure out where your blind spots are,” Pickup says. “When someone from the organization asks you, ‘Why aren’t we doing something?’ it’s easy to think that you already know the answer and know better. But if that question comes back again and again, you need to challenge yourself. Our processes might be sound, but what if your organization is truly ready for the next step?”
Jason Pickup
“As a leader, you have to try and figure out where your blind spots are. When someone from the organization asks you, ‘Why aren’t we doing something?’ it’s easy to think that you already know the answer and know better. But if that question comes back again and again, you need to challenge yourself.”
Pickup is also working to build out his department’s capabilities to forge those relationships that are so important to enable that evolution. Every security expert isn’t necessarily a bridge-builder. But Pickup leverages internal collaboration forums where members of his team can showcase different parts of the security organization.
It’s a less daunting presentation opportunity for trusted colleagues to connect and get a better handle on their soft skills, skills Pickup said are always desperately needed when it comes to IT partnering with the business.
“Translating concepts to a wider audience is a really difficult skill to find in this kind of work,” Pickup explains. “I want to make sure I’m helping those that have those skills to really get out in front of the organization and share their stories. And for the rest of my team, it’s about focusing on their strengths and helping them be successful.”
The next handful of years is new ground for Pickup, but you can feel how excited he is to pursue the next evolution of cybersecurity at Excellus.
TEKsystems congratulates Jason Pickup, a leader in healthcare IT, and Excellus BlueCross BlueShield for providing high quality, affordable health care to communities. TEKsystems accelerates business transformation for our customers. We bring real-world expertise to solve complex technology, business and talent challenges—across the globe. We’re a team of 80,000 strong, working with over 6,000 customers, including 80 percent of the Fortune 500 across North America, Europe and Asia, who partner with us for our scale, full-stack capabilities and speed.
