Interview: David Mahon, CSO, CenturyLink

Written by

David Mahon
David Mahon

Formerly an FBI special agent, David Mahon is now the CSO at CenturyLink. At RSA Conference Asia Pacific and Japan, he delivered a keynote on best practices and proactive strategies to mitigate cyberthreats. Infosecurity’s Eleanor Dallaway then caught up with Mahon to dive a little deeper into his personal experience and challenges

What was your route into cybersecurity?

I was a special agent with the FBI and as the world began to transform to the digital economy, the criminals followed the money and continued their criminal activity online. My responsibilities evolved to meet the emerging criminal activity and the threats from nation states.

In one sentence, can you describe your role at CenturyLink?

Designing and implementing the CenturyLink Global Security Strategy to protect our customers, networks and data.

What’s your biggest challenge at CenturyLink?  What keeps you awake at night?

Emerging technology where the innovators want to be first to market but do not effectively incorporate security into their products and services. Our customers want the advantages of this technology and want network access, thus exposing the network to the vulnerabilities.

Tell me about an information security initiative at CenturyLink that has worked really well?

The CenturyLink International Business Risk Review Council is responsible for approving all off-shoring activities to ensure all international work has the appropriate security controls to guarantee the CenturyLink international portfolio of products and services enhances the customers’ experience. With globalization has come the need to ensure that no matter where you are doing business, the appropriate governance, risk and compliance responsibilities of customers are effectively and efficiently implemented to support their strategic objectives. 

Our customers want the advantages of this technology and want network access, thus exposing the network to the vulnerabilities

What lesson have you learnt from your time working in the private sector?

Acquisitions can be more difficult than you would expect. While synergies of combining companies look good in business cases, conflicting cultures can limit the effectiveness and/or destroy the value proposition of the combined company.

What’s the best thing about your job?

The opportunity to not only work with large global companies but small start-ups and the SMB market. Enabling the achievement of a wide range of corporate objectives is very rewarding.

On the flip side, what’s the worst thing about your job?

Over the years I have learned to like the worst as well as the best in life, it makes you stronger and appreciate your challenges.

If you could change one thing about the information security sector, what would it be?

More effective collaboration among industry and government partners. The adversaries are agile, well organized and a substantial threat to not only corporations but individual citizens and we need to collaborate to defeat these threats.

We need to remember that information security is not a technical solution based profession. It is a risk management ‘threat focused’ profession.

What one piece of advice would you give to someone starting out in the information security industry in 2017?

Develop very effective oral and written communications skills, not just technical skills. To be a leader in this profession you have to be able to communicate at the technical level but also at the Board of Directors level and they have very different information needs.

What’s hot on Infosecurity Magazine?