Moses Bulus – Bunzl

It could be the label on the premade salad you bought at the supermarket or the container it comes in. It could be the steel-toed boots, or the goggles and ear protection you wear at work. It also could be the gloves your dental hygienist wears. 

These are among the wide-ranging products Bunzl supplies customers in 31 countries on four continents—everything from cleaning equipment and solutions to lightbulbs and traffic cones. 

Moses Bulus | Global Chief Information Security Officer | Bunzl

While Bunzl helps customers package food or promote safety, Moses Bulus protects the company’s network, tech stack and its IT as its global chief information security officer.  

“I’ve been in technology throughout my career,” says Bulus, who joined the company in August 2022. “I love everything about it as a whole—it’s one of my passions. Cybersecurity has opened a different opportunity to provide defense and protection strategies for what I love the most—technology.” 

Assessments first 

As part of his one-year plan to build the cybersecurity management program, Bulus is visiting and consulting with five Bunzl regional CISOs working in the company’s security operations centers. 

In his travels, Bulus is assessing Bunzl’s current security program and efforts. He’s looking for system vulnerabilities, security gaps and ensuring there are protections, such as multi-factor authentication, to access the network. For instance, he’s making sure each region of the company is installing the latest security patches and learning what potential cybersecurity threats each region faces. 

He’s also ensuring each region complies with privacy regulations. Bunzl operations in Europe, for example, must adhere to the EU’s strict data rules. 

“The regional teams will be responsible for implementing our strategy and vision,” Bulus says. “It’s my job to ensure they are heading towards that direction. I need to provide executive-level decisions including metrics, dashboards, risk analysis and mitigation, risk acceptance and risk reporting.” 

NIST a must 

In maintaining the cyber security program, Bulus says he will follow a framework developed by the U.S. Department of Commerce National Institute of Standards and Technology. 

As a first step, he will take inventory of equipment, software and data the company uses—including laptops, servers, applications, smartphones, tablets, and cloud infrastructure. He’ll also outline the roles and responsibilities for everyone with access to sensitive data, including employees and vendors. 

After that, Bulus says he’ll limit access to networks, giving it only to employees who need it, and implement limited security access control. As part of this, he’ll make sure regional CISOs monitor network use, especially for unauthorized access, and he’ll help to establish policies to dispose of electronic files and old devices. 

The last step will be developing response and recovery protocol—he needs to ensure Bunzl can notify anyone whose data may be at risk in a cyberattack as its investigated, contained and reported to law enforcement and other authorities. The plans and cybersecurity policies will need to be updated after a cyberattack, too, Bulus adds. 

Ultimately, the success of a cybersecurity program rests on employees, which is why he plans to roll out phishing tests, as well as games and training modules. He’s also worked with employees one-on-one because it allows him to answer their questions directly. 

“We can invest in tools, but the human factor is crucial and the best investment an organization can have,” Bulus says. “It’s a way of life and you have to think about it continuously.” 

A rewarding career turn 

Bulus earned his bachelor’s degree in computer engineering from the University of Missouri, Columbia. He also has a Master of Science in cybersecurity from the University of Maryland and is currently completing his doctorate in IT with a specialization in cybersecurity from Capella University. 

Bulus has enjoyed a varied tech career—he was a systems engineer for CompuCom from 2008 to 2010 and an exchange engineer at USI from 2010 to 2013. He’s built Windows servers, networks and led an IT team that supported Walgreens pharmacies with hardware upgrades and more. 

After joining Hussmann, a Panasonic Company in 2013 as a network technologist and server engineer, Bulus was tasked with helping the company protect its email and other systems.  

“I was working in cybersecurity before it became a buzzword,” he says about becoming Hussmann’s senior cybersecurity manager shortly after joining the company. “I’m tech-driven but I’ve also learned about businesses and their varied divisions because cybersecurity involves everything.” 

As he created the cybersecurity strategy, policies and training at Hussmann, Bulus rose to become cybersecurity director in 2018, and was CISO and director of IT infrastructure before joining Bunzl. 

“I came to Bunzl for the opportunity to help and work with a global team in providing defense and protection strategy,” Bulus says. “Bunzl’s culture makes it a great place to work. I’ve always defined my success as my teams’ success and everyone is very supportive.” 

View this feature in the Winter I 2023 Edition here.