With millions of policyholders and tons of personal information to protect, cybersecurity is a crucial focus at Mutual of Omaha.
In a recent interview, Chief Information Security Officer Jason Hamilton and Information Services Director Mike Quast answered important questions about cybersecurity efforts at Mutual of Omaha. They also discussed the many benefits the company provides for cybersecurity professionals.
Q: Tell us about your division and the work it does
Hamilton: Our core mission in cybersecurity is to safeguard the confidentiality, integrity and availability of information systems, identities and data resources in support of Mutual of Omaha’s strategic business plan. In addition, we create and maintain a resilient infrastructure and foster security awareness throughout the enterprise.
Quast: The Information Security division works with other IT teams and business partners to ensure controls are in place to protect Mutual of Omaha’s network, data and other assets. Whether it’s consulting on business projects or collaborating with our colleagues on technology implementation, my team is at the forefront of initiatives to protect our customers.
Q: What can Mutual of Omaha offer cybersecurity professionals?
Hamilton: Mutual of Omaha pays for associates to learn, train and get certified. In addition, the company also provides tuition assistance for continued education, bonuses for earning advanced certifications and paid entry to numerous industry conferences. We also offer a hybrid work environment where our cybersecurity associates can work remotely or in the office if they’re near our headquarters.
Q: What qualities do you look for when adding a cybersecurity professional to your team?
Quast: Besides the typical IT and cybersecurity skills, we’re looking for self-motivated people who can think independently and make decisions, have excellent communication skills, possess a strong sense of accountability and have the ability to collaborate with business partners who don’t always understand technology.
We’re also looking for the “Ideal Team Player,” as described by business management expert Patrick Lencioni. These are people who are humble, hungry and smart — the three essential virtues that make an effective team player.
Q: How does your team collaborate with other departments in the organization?
Quast: Collaboration is the primary way we get things done at Mutual of Omaha. Oftentimes, we execute projects in partnership with our stakeholder through collaboration and clear communication. The most important aspect is explaining why and how our efforts tie back to supporting business objectives.
Q: How do you and your leadership team invest in the professional growth of your associates?
Hamilton: Beyond the financial investments made in training, certification classes and continued education, we also invest by helping associates create a career development plan. Associates and their managers collaborate on setting specific and measurable goals, timelines and expected outcomes. Managers then provide the guidance and support associates need to execute the plan, grow professionally and achieve their goals.
Q: Can you share a story from one of your team members who experienced this growth?
Hamilton: Many of our team members started as interns then eventually became full-time employees. This includes over half of the current Information Security leadership team, which demonstrates our investment in the growth of our associates. A recent success story is Nathan Coates. Nathan started as an intern in 2015 and switched to a full-time associate after graduating in 2017. Over several years, Nathan progressed from an associate security analyst to a senior security analyst, earning multiple certifications and graduating from Mutual’s Information Services Leadership Academy. Recently, Nathan was promoted to security architect III and joined the Information Security leadership team.
Q: How has your team evolved over the past few years and where do you see it going in the future?
Hamilton: Traditionally, the Cybersecurity program has been centralized whereby we own all the policies, standards and controls. Over the past few years, the program has started decentralizing those responsibilities to other areas where they can better secure assets and resources, as those areas are closest to the data we’re trying to secure. That includes policies, technology and people. In the future, we see a day when the Information Security division is purely a second line of defense in overseeing and governing policies, standards and controls that are owned by others throughout Information Services and the business areas.