Features

Billy Norwood – FFF Enterprises 

Data protection means pressure for pharma CISO 

A threat actor can attempt to breach a company’s security 1,000 times without getting in. If the hack works on the 1,001 try, the hacker considers it a great success despite the lowly 0.0009 completion rate. 

“A hacker only needs to be right once. We need to protect our data and information 100 percent of the time,” says Billy Norwood, a chief information security officer who has made a living defending and protecting crucial information in various industries. 

Billy Norwood | Chief Information Security Officer |  FFF Enterprises 

Billy Norwood | Chief Information Security Officer |  FFF Enterprises

Norwood serves as CISO for FFF Enterprises, a leading pharmaceutical wholesaler that delivers critical-care biopharmaceuticals and vaccines. Founded in 1988 and headquartered in Temecula, California, FFF recently struck a deal to stop and ship Moderna’s COVID-19 vaccine, an agreement that is more important now as COVID cases tick upward across the country. 

While FFF had achieved the HITRUST cybersecurity certification before Norwood’s arrival, management saw the benefit of hiring a security leader to focus exclusively on cybersecurity and risk management.  Norwood was brought in to grow and mature the company’s cybersecurity program while building his team from scratch, a challenge he accepted with gusto and one he has relished for the past several years.  

“To understand the risks and what needs to be protected, you need to understand the business and work with the executive team to know where the organization wants to go,” Norwood tells Toggle on a sunny January day in the San Diego area.  

Since joining the company in late 2020, Norwood has implemented several new processes and protections for the company’s data and created new ways of communicating about cybersecurity for FFF’s leadership team. And though he’s been at the organization for over three years, he’s just getting started.  

The importance of cybersecurity 

Recognizing the need for a robust cybersecurity infrastructure in healthcare, Norwood knew FFF needed a comprehensive program.  

During the first 90 days of his tenure, he conducted a thorough assessment, gaining insights into the company’s assets, capabilities, processes, policies, and procedures. Norwood aimed to understand the location, criticality, vulnerabilities and exposure of every aspect of the organization. Focusing on maturity around policies and processes, he built a heat map and a long-term strategy to address the evolving landscape. 

Billy Norwood | Chief Information Security Officer |  FFF Enterprises 

 

“Addressing immediate concerns and grabbing low-hanging fruit was a priority from the beginning,” Norwood explains. “Assessing the technical and business landscape within my first 90 days was essential to getting us where we are today.” 

The initial phase involved extensive interviewing, reviewing past audits, and performing an in-depth risk assessment before formalizing the cybersecurity program. Norwood introduced additional training initiatives to increase employee awareness, emphasizing the significance of IT and HR processes, especially onboarding and offboarding procedures. He delved into formalizing the review of FFF’s attack surface and patch management program, ensuring cybersecurity became integral to the company’s culture. 

Understanding the ever-changing nature of regulations and the persistent threat of bad actors, especially in the healthcare sector, Norwood prioritized protecting health information but made sure personal, identifiable information was given fair attention as well. Due to stringent regulations such as the California Privacy Rights Act and EU’s General Data Protection Regulation and FFF’s international expansion, safeguarding personal data has become a top priority. Training sessions were mandatory and engaging, providing employees with skills they could extend to their personal lives. 

Protecting the data 

Remote work posed new challenges, and Norwood worked on secure communication and task completion without disrupting the flow of normal operations. This included dealing with software development security, as exemplified by integrating code and software vulnerability scanners into the development and deployment process, which ensured any issues were identified early and enabled the development team to get a secure product on the shelves faster.  

Billy Norwood | Chief Information Security Officer |  FFF Enterprises 

Artificial intelligence is on the minds of anyone working in technology, and Norwood says he’s deploying various tools to combat ever-changing threats against FFF’s cybersecurity infrastructure. Leveraging AI to allow machines to assist experts in analyzing an ever-growing amount of data is key in modern times. 

“But organizations must be careful about what data they put in AI to ensure it doesn’t expose anything sensitive or violate any regulations,” Norwood says. “And once that data enters the AI world, it is there forever.” 

The constant need for vigilance, especially with SEC rulings about reporting breaches within a specific timeframe, makes the CISO role demanding. He keeps everyone in the loop through monthly meetings of the CISO steering committee, which includes Norwood and FFF’s CFO, chief compliance officer and general counsel.  

“Our meetings focus on cybersecurity, enterprise risk and compliance, and I fill them in on what we’re doing to protect our data and what tools and technologies we need to keep up our defenses,” Norwood notes. 

Addressing tool fatigue, Norwood initiated projects for tool rationalization and optimization. Consolidating tools can be expensive but necessary to eliminate redundancy, he says.  

Always loving technology 

Growing up in Midland, Michigan, Norwood’s dad was into computers—he bought Norwood a Commodore 64 so he could play video games and program his own games. 

“I had a computer before I had a Nintendo,” Norwood recalls.  

Norwood worked at a call center during college, helping people connect to the internet. He attended the University of Texas as a computer science major but was more interested in networking than programming. He initially dropped out to take his first salaried job designing wired and wireless networks for hotels and airports. He was even involved in developing the wireless network at Seattle-Tacoma International Airport.  

Billy Norwood | Chief Information Security Officer |  FFF Enterprises 

Eventually, he returned to school, earning a management information systems degree from Park University. 

“Solving problems with technology became interesting to me, and using technology to help move a business forward became my passion,” he says.  

To further understand the business side of companies, he returned to school and earned an MBA from the University of Colorado-Denver. He says he enjoys working with the business to solve problems instead of forming roadblocks. Overall, Norwood has decades of experience working for companies including AT&T, EDUCAUSE, LogRhythym and OnSolve, as well as having his own successful consultancy advising SaaS start-up firms. He joined FFF Enterprises in his current role in November 2020.  

Norwood considers his job stressful yet rewarding and fulfilling. He is responsible for cybersecurity, enterprise risk management and privacy and data protection, which require understanding various industries’ business processes, ever-changing technology and regulations, and working with different people’s personalities to solve any issues that may arise.  

Despite the challenges, he finds enjoyment in solving problems with technology securely and without an exorbitant cost while not hampering business processes. 

“I’ve learned a lot working in so many different industries, with a variety of people and passions, and it has helped me grow into the leader I am today,” Norwood says.  

View this feature in the Winter I 2024 Edition here.

 

Published on: February 1, 2024

regions:

categories:

Showcase your feature on your website with a custom “As Featured in Toggle” badge that links directly to your article!

Copy and paste this script into your page coding (ideally right before the closing tag) where you want to display our review banner.

Testimonials

Alliant is very pleased with our experience working with the TrueLine Publishing team. We were not only impressed with the caliber of the whitepaper that was produced, but with the level of attention from the team we partnered with. They were very detailed oriented and I appreciated their follow up. They even offered to refresh the article and invited Alliant to participate in some of the design features. It is without reservation that I highly recommend other businesses partnering with this publication and I look forward to an opportunity to work with them again in the future.
— Katie Patterson, Director of Marketing, Alliant Technologies

LATEST EDITION

Winter I 2024

READ NOW

GET TOGGLE IN YOUR INBOX.

  • * We’ll never share your email or info with anyone.
  • This field is for validation purposes and should be left unchanged.