Bruce Carlos: Steering Cyber Security Solutions to Great Heights with Remarkable Leadership Qualities
SXiQ offers world-class services specialized in cloud, application migrations, and modernization services, supported by a full spectrum of cyber security offerings with low-cost high-impact outcomes for the customer. The company is run by a team of deeply experienced technology experts, who deliver innovative, high-quality solutions rapidly.
The purpose of the company is to create a lasting digital change for all its customers, through the power of its people, its ideas, and its energy.
A Visionary Leadership for Cyber Security
As a recognized global business technology leader with a successful CIO background with twenty years of hands-on experience, the role of Bruce as the Chief Information Security Officer (CISO) involves leading the company on multiple fronts of building and delivering strong cyber resilience programs and lead protection of core information assets for the company as well as for the customers where there is scope to practice end to end business strategy skills to deliver world-class fit for purpose cyber security leadership. His role at SXiQ doubles as a practice lead for cyber security for several key customers of the company including Thryv Australia. This gives him deep experience, great opportunities, and the latest hands-on exposure to current and emerging trends and threat profiles across the cyber security landscape that affect businesses, corporations, governments, NGOs, and individuals.
A Passionate Cyber Leader
Bruce had a true passion for flying aircraft, space science, and technologies and this inspired him to be a successful CIO within the global defense and Australian government sectors. It served as a foundational platform for him to be a practical cybersecurity business leader today. Bruce’s recent roles as the hands-on tech leader leading a global cyber security program also contributed to his current role as a successful CISO. As such, he has helped shape the cyber security posture and the capabilities of global brands, providing a “step-change”, in preventing and protecting the business from advanced global cyber threats. “This knowledge combined with mitigating risks through the business lens, and formulating a fit-for-purpose cyber program that has low-cost and high impact, is considered to be his achievement. His combined role as a Practice Lead which brought together strong, clear, and engaging leadership abilities supported by the latest technological knowledge, trends, and threats, has made a well-rounded cyber leader that I enjoy,” he mentioned.
Bruce is also writing articles for the US and Australian US Space Journals. He is covering topics such as Cyber Security for 2022 and beyond– Space and Satellite Systems, Cyber Security 2.0– The New Frontier, and The Burning Platform: Reforming Australia’s Cyber Security Strategy.
Mitigating Challenges with Proper Planning and Strategy
Speaking about the challenges Bruce said, “The business case for secure cloud migration and automation in the early days was a major challenge as most of the solutions did not make it clear on the extent of automation of what secure cloud migration could offer. It was difficult to relay the message to make infrastructure and related security controls someone else’s problem, which was largely hampered by the cultural change needed within the business”.
According to Bruce, the key message is that –Cyber security is everyone’s responsibility within the business, and not just by a handful who carry the title. “After all, our people are our first line of defense, so awareness along with governance is vital to ensure security is practiced by every single one in the business,” he added.
So, the biggest challenge he faced both as a CIO and as a CISO, is on how to bring all of the people on the journey, and that’s why “I always start every cyber program with people, rather than just technology or process,” he said.
As part of what Bruce stands for, his focus solely remains on doing ‘good cyber security with the lowest total cost of ownership to build and maintain cyber resilience for complex business environments.
Getting IT and Cybersecurity on the Same Line
Bruce believes that every technology leader should possess the following attributes-
- A true understanding of the business landscape and vision, strategy, and culture that stands as the basis for a successful cyber program
- Strong clear engaging leadership, with 360 collaboration skills
- Up to date knowledge and skills on the depth of cyber security threats, technologies, and the perspective of looking at the solution rather than just a software application
- Being authentic
- Ability to assess what is fit-for-purpose for a given business environment taking into consideration the products and services it offers to its customers.
Industry Trend Analysis is Crucial
Bruce believes it is important to always stay connected with industry trends, threats, and solutions for leveraging product innovation. And this is what makes his product innovative and extraordinary while protecting information and data security across organizations.
AI: The Primary Disruptive Technology
Bruce says, “In the past, security was largely confined to infrastructure and some aspects of the network. Today, this is very different and complex. In addition to these two, there are eight other core domains that every business and leadership team or board should understand. These are- cloud, identity, endpoint, applications including PaaS/SaaS, data security, security operations, DevSecOps, governance, risk and compliance, and the often-missed third-party/vendor security”. “AI is one of the primary disruptive concepts that are applied across this entire spectrum, in both creating threats and the protection and prevention of cyber-attacks” Bruce added.
Know Thy Customer, Know Thyself
Bruce says, “It is important for every CISO to ensure that they understand the basics and develop a template for their approach so there is consistency. We know we cannot protect everything all the time, so every executive must start with understanding what their crown jewels are and how to protect them as a core, and then work around ancillary requirements”.
“They must always take a strategic view before refining their approach to tactical or purely operational and recognize and start with their people as people are their first line of defense. Also, culture is often one of the greatest challenges,” he added.
Bruce asserts that every CISO should make sure that they have a good mentor who is a full spectrum leader. He believes that transparency goes a long way in ensuring that all the decisions are risk-based and that the responsibilities shared on risks are hence not mitigated.
This shows how Bruce is totally aligned with ethics and the workforce that makes him a leader who everyone should look up to.