Todd Bearman – TE Connectivity
In the rapidly evolving cybersecurity landscape, the role of a chief information security officer has become paramount. To be successful in that requires a blend of technical expertise, strategic vision and a passion for people. Todd Bearman has used those traits to navigate the challenges of securing a global company in the manufacturing sector as the CISO for TE Connectivity.
When Bearman first stepped into his role at TE Connectivity in early 2016, he encountered a cybersecurity landscape that, while equipped with many core elements of a standard security program, they have recognized the benefits of implementing a more comprehensive and deeply layered defense strategy. There are always gaps in security programs as not all risks can be eliminated, making it paramount to evaluate the current program and map out the needed improvements to keep up with evolving threats.
So, he spent his first 100 days documenting everything the company had in place, the gaps that existed and how they could be filled. This may seem like an easy exercise, but much of the work included partnering with others in IT and across the business to ensure the new proposed control framework didn’t have unaccepted levels of user impact.
“Before I joined TE, ransomware wasn’t a thing,” Bearman recalls.
However, his foresight into the evolving threat landscape and the emergence of sophisticated attackers prompted him to build a more robust security program. He recognized the importance of governance and visibility, signaling a shift towards a proactive and strategic cybersecurity approach that always seeks to balance the company’s risk appetite and user productivity.
Securing the data
Bearman leveraged multiple security frameworks to build a security program that would stand up to the evolving threats landscape and satisfy customers, insurers, and stakeholders. Using evaluative and standard frameworks, including ISO 27001 and NIST CSF, ensured that all possibilities were considered before plans were made and executed, and the approach has successfully prevented significant impacts on the business.
Education plays an important role in Bearman’s strategy. He embarked on a tour of TE Connectivity’s IT landscape, ensuring that every team member understood the security objectives. From end-users to the IT infrastructure team, phishing tests and mandatory training became regular occurrences.
Bearman emphasizes the significance of people in the security equation. Recognizing that resources are not unlimited, he strategically built a robust team, drawing from trusted individuals with diverse skill sets.
“One of the things I regularly say is that I prefer people over technology,” he says. Of course, good security technology is absolutely needed, but at some point, all of the best technology won’t help if you don’t have the skills to operate it. A skilled and engaged security practitioner can often code their way to better defenses than having a tool with limitations. Most often, good technology and talent balance will keep the program operating smoothly.
Another crucial aspect of Bearman’s role as CISO is partnering with the business and understanding their resilience needs. He works closely with stakeholders, continuously re-engaging with them and understanding their concerns and any changes in the business that can affect security and technology. Bearman emphasizes the importance of being adaptive and agile to meet the evolving needs of the business. Business strategies and priorities will change, and keeping all colleagues as productive as possible while maintaining the appropriate level of security is of the utmost importance.
Keeping up defenses
Over his eight-year tenure, Bearman transformed TE Connectivity’s security posture. With a well-coordinated security team and proactive measures, the company has avoided ransomware events and achieved a level of security maturity that instills confidence.
“However, complacency is the enemy of cybersecurity,” Bearman adds. “There will always be new and evolving threats, so continuous improvement is your mission and what keeps you in the game.”
Bearman’s commitment to transparency is evident in his plans for 2024. He aims to provide executives with a model that allows them to better understand the risk decisions made by the security team and the opportunities to improve with any associated costs or productivity impacts. This continuous monitoring approach aligns with the dynamic nature of cybersecurity, ensuring that the company’s security posture adapts to changing conditions.
Threat conditions change and evolve quicker than the technology designed to stop them, so Bearman and his team are constantly following the latest trends in the cybersecurity sector and making decisions with the best interests of TE Connectivity in mind. It is the only way to operate, he says.
“A security team’s technology, talent, and processes will lose some level of efficacy over time, making it crucial to apply the right care and feeding to each,” he says. “The security technology portfolio will need to evolve, talent will need training and development, and processes can always be improved to be more efficient and effective.”
A connected world
Bearman’s story is rooted in a deep passion for technology, honed during his early days as a UNIX administrator in college. His journey from technical roles to leadership positions reflects a profound understanding of the evolving nature of cybersecurity and a desire to serve his company as a technologist or business advocate.
“I was a little hacker on my Apple computer when I was 15. I was clearly a nerd, but something told me to keep going and that there was a future in it. Hacking at the time was quite different than it is today, but it taught me to think outside the box and use creativity to test different approaches to achieving a desired outcome,” he recalls. “What we know today as cybersecurity didn’t come in until the internet was born.”
Bearman was a managing consultant for security for a global oilfield industry company before spending five years as director of security for a bank in the Philadelphia area. He then worked as CISO for Willis Towers Watson for over eight years and joined TE Connectivity in February 2016. He became vice president and CISO of Global Infrastructure and Security Solutions in May 2020.
One of Bearman’s proudest achievements is the cohesiveness of his security team. Transforming it from groups of individuals to an efficient, dynamic and high-performing team, Bearman draws an analogy with the success of the sports teams that may not have superstars or may lack a specific skill or talent, but with highly motivated and supportive teammates they can outperform and beat expectations. That said, Bearman believes he has an all-star team.
“The thrill is being a well-oiled machine that the executives know and trust,” Bearman notes.
Looking back, Bearman attributes his success to his team, his company’s supportive leadership, and the positive relationships with his numerous stakeholders. Keeping it fresh and always challenging himself and his team is what he thinks has taken the security program so far and gives it great hope for the future.
“We must be able to adapt to the changing needs of the business and the cybersecurity landscape, and the only way to successfully navigate change is to embrace it,” he adds.
View this feature in the Winter I 2024 Edition here.
Showcase your feature on your website with a custom “As Featured in Toggle” badge that links directly to your article!
Copy and paste this script into your page coding (ideally right before the closing