CISO Jim Rutt on the transition from marketing to cyber leader – CyberTalk

CISO Jim Rutt on the transition from marketing to cyber leader – CyberTalk

EXECUTIVE SUMMARY:

Jim Rutt is the CISO/CIO of The Dana Foundation, a private philanthropy group that explores the connections between neuroscience, society’s challenges, and society’s opportunities.

In this edited interview excerpt from the CISO’s Secrets podcast, CISO Jim Rutt shares secrets about how he got his start in cyber security. A distinguished professional with a storied 27-year career, he has acquired 15 cyber security certifications, been quoted in the Wall Street Journal, is the former president and chairman of the Technology Affinity Group (TAG) and is on the board of the New York Chapter of the Cloud Security Alliance.

Jim’s narrative is particularly relevant to individuals with non-traditional career paths, those seeking to understand where the field of cyber security is headed, and to those who wish to inspire the next generation of cyber security leaders.

Tell us a little bit about the course of your career and how you’ve found yourself where you are?

The ironic thing is…I actually started in marketing in the early 1990’s, when I got out of college. So, how do you transition from marketing to technology? It’s a very interesting jump!

I think a lot of it was very fortuitous, when you think about what happened in the mid-‘90s. Think about the rise of the internet, think about all of the then-emerging technologies. I saw that and said ‘you know what, this is a direction that I really think is going to be exciting.’

And boy, has it ever been so. I could never have anticipated the opportunities that have come my way in the last 25-26 years. It’s been very exciting.

That’s really interesting. So what kind of marketing did you start out in? Corporate marketing, product marketing, field marketing – Was there a particular area of marketing that you were focused on?

So, I worked for an import/export company in New Jersey. I was the guy who did all of the internal marketing and the trade shows.

Every time that I attend an RSA or a Black Hat, I remember when I was working the trade show booths, and things were a little bit different then.

Right. Well, so it was about ’98 when I happened to get into security, although it was ’83 when I got into computing. But I can certainly appreciate the massive transformation that took place when we went from everybody being in their own fishbowl – you were using Token Ring and I was using IPX.

And then, all of a sudden, those fishbowls went away and we were in the ocean, and that was the internet…it was really the birth of the ‘bubble’ and the firewall and VPN market went crazy…right?

Oh yes. To even consider some of the downstream impacts of network security, when we were trying to grapple with network standards…I mean, you elucidated it perfectly. It’s amazing to look back at all of the different architectures that we had to handle in the late ‘90s and to see it converge – very satisfying.

So, I have to ask, Jim. How exactly did you manage to navigate the transition from marketing to cyber security? How did you obtain the foundation, the knowledge, the technical aptitude that you need to have in order to be in your role?

It’s a great story. I was about 4-5 years into my marketing career, and I realized that it wasn’t really going to be a long-term career option for me.

I enjoyed some of the accomplishments, but it wasn’t my cup of tea, necessarily. I started looking around at the early internet, some of these other smaller networks, like AOL, Prodigy and CompuServe, and I thought to myself, ‘I wonder if I can make a career out of this.’

One day, I happened to open a Sunday paper, where one of the ads was for MCSE training, or Microsoft Certified Systems Engineer training. I said, ‘I wonder what that would be like.’ So, I contacted a small training facility in New Jersey, and inquired about prerequisites and costs…etc. At the time, for three months of training, it was about $5,000.

And $5,000 back in 1996 was a lot more than it is today, given all of the macroeconomic conditions that we have. So, I said, ‘okay, I’ll write the check’. And it was a big commitment for me – I had my regular job on weekdays, and then attended this training on the weekends.

After about six months of that, and after a series of about six certification exams, I got my MCSE. And I said ‘okay, let me see if I can go out and get a job.’

At the facility, where I’d taken my exams, I literally went up to the desk after taking my last exam and said ‘do you have any jobs that I might fit? You know, I don’t have any experience, but I have this certification.’

And I remember the receptionist saying, ‘Hold on a second.’ She went to the back, brought a recruiter out, and the recruiter said ‘We’ll find something for you, don’t worry.’

And that’s how I got started. I got my first job as a help desk analyst…

That’s fascinating!

About four years later, I got into other engineering jobs. Then, in 2001, heading towards the focus in cyber, I got my first management job, which was at Emblem Health, here in New York.

Around the same time, the HIPAA regulations started to come into effect. There was a lot of discussion around regulation, and a lot of discussion around cyber in general, and we really didn’t have a security department there. We didn’t have a CISO as we know it today.

We just happened to have someone who was focused on physical security, and they were kind of thrown into the cyber security role. At that point, I had a few years of technical experience (obviously), and so he asked me, ‘what do you know about cyber security?’

While he was learning how to take care of cyber security from the regulatory/government side, I helped him with the technical side. So, the cyber portion of my career really took off about 22 years ago at this point…

In every role since then, I’ve had some measure of cyber responsibilities. I became a little more focused on it around 10-11 years ago, at Dana. I started taking some certifications training, and began getting involved in the greater ecosystem. And the timing couldn’t have been more fortuitous…

Can you talk a little bit about the journey from CIO to CISO?

Sure. To do that, I’d probably have to…

Did you find Jim’s story interesting? Listen to the whole conversation – Right here.

Does “food as medicine” make a big dent in diabetes?

Does “food as medicine” make a big dent in diabetes?

How much can healthy eating improve a case of diabetes? A new health care program attempting to treat diabetes by means of improved nutrition shows a very modest impact, according to the first fully randomized clinical trial on the subject.

The study, co-authored by MIT health care economist Joseph Doyle of the MIT Sloan School of Management, tracks participants in an innovative program that provides healthy meals in order to address diabetes and food insecurity at the same time. The experiment focused on Type 2 diabetes, the most common form.

The program involved people with high blood sugar levels, in this case an HbA1c hemoglobin level of 8.0 or more. Participants in the clinical trial who were given food to make 10 nutritious meals per week saw their hemoglobin A1c levels fall by 1.5 percentage points over six months. However, trial participants who were not given any food had their HbA1c levels fall by 1.3 percentage points over the same time. This suggests the program’s relative effects were limited and that providers need to keep refining such interventions.

“We found that when people gained access to [got food from] the program, their blood sugar did fall, but the control group had an almost identical drop,” says Doyle, the Erwin H. Schell Professor of Management at MIT Sloan.

Given that these kinds of efforts have barely been studied through clinical trials, Doyle adds, he does not want one study to be the last word, and hopes it spurs more research to find methods that will have a large impact. Additionally, programs like this also help people who lack access to healthy food in the first place by dealing with their food insecurity.

“We do know that food insecurity is problematic for people, so addressing that by itself has its own benefits, but we still need to figure out how best to improve health at the same time if it is going to be addressed through the health care system,” Doyle adds.

The paper, “The Effect of an Intensive Food-as-Medicine Program on Health and Health Care Use: A Randomized Clinical Trial,” is published today in JAMA Internal Medicine.

The authors are Doyle; Marcella Alsan, a professor of public policy at Harvard Kennedy School; Nicholas Skelley, a predoctoral research associate at MIT Sloan Health Systems Initiative; Yutong Lu, a predoctoral technical associate at MIT Sloan Health Systems Initiative; and John Cawley, a professor in the Department of Economics and the Department of Policy Analysis and Management at Cornell University and co-director of Cornell’s Institute on Health Economics, Health Behaviors and Disparities.

To conduct the study, the researchers partnered with a large health care provider in the Mid-Atlantic region of the U.S., which has developed food-as-medicine programs. Such programs have become increasingly popular in health care, and could apply to treating diabetes, which involves elevated blood sugar levels and can create serious or even fatal complications. Diabetes affects about 10 percent of the adult population.

The study consisted of a randomized clinical trial of 465 adults with Type 2 diabetes, centered in two locations within the network of the health care provider. One location was part of an urban area, and the other was rural. The study took place from 2019 through 2022, with a year of follow-up testing beyond that. People in the study’s treatment group were given food for 10 healthy meals per week for their families over a six-month period, and had opportunities to consult with a nutritionist and nurses as well. Participants from both the treatment and control groups underwent periodic blood testing.

Adherence to the program was very high. Ultimately, however, the reduction in blood sugar levels experienced by people in the treatment group was only marginally bigger than that of people in the control group.

Those results leave Doyle and his co-authors seeking to explain why the food intervention didn’t have a bigger relative impact. In the first place, he notes, there could be some basic reversion to the mean in play — some people in the control group with high blood sugar levels were likely to improve that even without being enrolled in the program.

“If you examine people on a bad health trajectory, many will naturally improve as they take steps to move away from this danger zone, such as moderate changes in diet and exercise,” Doyle says. 

Moreover, because the healthy eating program was developed by a health care provider staying engaged with all the participants, people in the control group may have still benefitted from medical engagement and thus fared better than a control group without such health care access. 

It is also possible the Covid-19 pandemic, unfolding during the experiment’s time frame, affected the outcomes in some way, although results were similar when they examined outcomes prior to the pandemic. Or it could be that the intervention’s effects might appear over a still-longer time frame.

And while the program provided food, it left it to participants to prepare meals, which might be a hurdle for program compliance. Potentially, premade meals might have a bigger impact.

“Experimenting with providing those premade meals seems like a natural next step,” says Doyle, who emphasizes that he would like to see more research about food-as-medicine programs aiming at diabetes, especially if such programs evolve and try to some different formats and features.

“When you find a particular intervention doesn’t improve blood sugar, we don’t just say, we shouldn’t try at all,” Doyle says. “Our study definitely raises questions, and gives us some new answers we haven’t seen before.”

Support for the study came from the Robert Wood Johnson Foundation; the Abdul Latif Jameel Poverty Action Lab (J-PAL); and the MIT Sloan Health Systems Initiative. Outside the submitted work, Cawley has reported receiving personal fees from Novo Nordisk, Inc, a pharmaceutical company that manufactures diabetes medication and other treatments.

ElevenLabs Review: The Most Realistic AI Voice Generator?

In a world where AI startups and tech are constantly pushing the boundaries of what’s possible, one groundbreaking platform is changing the game in speech synthesis: ElevenLabs AI. If you’ve ever yearned for an AI voice generator that exceeds your expectations, you’re in for a treat….

DiffSeg : Unsupervised Zero-Shot Segmentation using Stable Diffusion

One of the core challenges in computer vision-based models is the generation of high-quality segmentation masks. Recent advancements in large-scale supervised training have enabled zero-shot segmentation across various image styles. Additionally, unsupervised training has simplified segmentation without the need for extensive annotations. Despite these developments, constructing…