Bob Schlotfelt – Global Market Innovators

A padlock may be the perfect security system for a bicycle—but would be rather impractical for a phone that fits in a pocket. As far as Bob Schlotfelt is concerned, the same idea applies to organizations which, like your phone, need the right security for the right circumstances.  

So, when he started working for an undisclosed pension fund management company as its first chief information security officer, he quickly came up with a 100-day plan to identify the biggest threats and install the proper protections.

After getting the plan approved by the CEO and board of directors, he implemented end-point protection against daily threats to laptops and other gear. Then, he developed a plan to make the association adopt cloud technology. The shift to the cloud would not only provide security but would enable remote work for the association’s employees.

Bob Schlotfelt | Chief Information Security Officer

Once the cloud-based systems were installed, he set about protecting them, turning to Netskope, a company he’d worked with before. Through its software, he can now ensure that data is encrypted as it moves from the cloud to someone’s laptop. The software also alerts him to anomalies—for instance, if there’s a log-in from a U.S. state where there shouldn’t be one.

“While this helps make a remote workplace secure and possible, it’s only one small part of our digital framework, since digital threats are constantly evolving,” says Schlotfelt, who managed this all in the first 100 days, including the purchase and distribution of laptops to many employees.

Approaching clouds with intelligence

After introducing cloud migration and the end-point protections, Schlotfelt introduced a broader cybersecurity framework based on the one developed by the U.S. Department of Commerce’s National Institute of Standards and Technology.

Part of the NIST framework is not just protecting or responding to cybersecurity threats but also identifying them.

So, at the start of 2021, he began working with Pete Zwers at the threat intelligence company, Morado. With the help of Zwers, he created a PowerPoint presentation on the importance of threat intelligence and pitched it to the CEO. Schlotfelt compares the Morado threat report to reading about stocks or other news in the newspaper, something most CEOs love.

Now, every month, Morado compiles a report on phishing, ransomware and other cybersecurity threats. For example, the company will not only identify a patching threat but provide Schlotfelt and his team with guidance on how to prepare and implement a new patch. He adds that these reports are customized, so they don’t include information about a texting scam, for instance, impacting higher education facilities located on the East Coast.

“In truth, it was a very easy sell,” Schlotfelt says. “Everyone wants more information, especially when it protects our assets, our personnel and the thousands of pension participants we serve.”

Securing synapses and streamlining security  

To instill cyber security with employees, he made online training mandatory, regardless of the employee’s tenure. The training, developed by the company’s Information Security Team, taught participants to recognize suspicious e-mails and even links that were most likely phishing for information like passwords and usernames.

All employees finished the first two-hour training within 30 days and now refresh their knowledge with an annual update training. This is part of Schlotfelt’s Security Awareness Training, an ongoing, yearlong process. It is a combination of online courses, monthly newsletters, new staff orientations and division staff meetings.

As employees assist in securing data, he’s returning the favor in other ways. Using an external source, he’s implementing a management identification program, which creates employee profiles. This means personnel as well as contractors can be quickly onboarded, offboarded and even promoted or transferred to different departments.

“It’s just another way I’ve been able to make a positive—and hopefully lasting—impact here in such a short period,” says Schlotfelt, who was hired as a contractor in 2019.

Sailing through digital realms

Schlotfelt says his ability to speak in plain English about cybersecurity has helped him. He developed this ability by working in many industries and places, including the technology company Perot Systems, the consumer credit reporting company Experian, the financial services company First American, and St. Joseph Health System.

He adds that his time at Jacksonville University also helped teach him how to communicate effectively and succinctly. While there, he had a NAVY ROTC full-ride scholarship and graduated with a degree in business and math.

Of course, he enjoys tangents as much as the next person, having founded and run The Orange County Scotch Club. Every year, he takes the week before Thanksgiving to indulge in his passion for cooking, particularly chicken scallopini as well as his sausage, chestnut and cornbread stuffing.

While thankful for his time at this pension fund management firm, he started 2023 as the security advisory director for Global Market Innovators, a company that delivers secure technology products to organizations across a variety of industries.

“I’ve enjoyed my time with the pension firm so much. It was a way of using my expertise to help people—and I’m now doing something very similar at GMI,” Schlotfelt says. “It may not be as fun as Thanksgiving cooking, but when I can help people work from home and secure a company’s data, that’s a different kind of joy.”

View this feature in the Spring I 2023 Edition here.