Don Baham is a business-focused Chief Information Security Officer and Security Technologist with 20+ years of experience in enterprise technology, and 15 of those years in information security. He is highly skilled in the planning and development of information cybersecurity strategy and best practices in support of the information technology architecture. In his current role as Chief Information Security Officer at Rubicon Founders, Don is responsible for Information Security and IT Risk & Compliance for the Rubicon Founders portfolio of companies, prioritizing investments that strengthen defenses, achieve compliance, increase cybersecurity maturity, and reduce risk.
Don has earned a Bachelor of Science degree from Western Governors University and several industry certifications including Digital Directors Network Qualified Technology Expert (QTE), EC-Council Certified Chief Information Security Officer (CCISO), ISC2 Certified Information Systems Security Professional (CISSP), and ISACA Certified Information Systems Auditor (CISA).
Recently, in an exclusive interview with Digital First Magazine, Don shared his professional trajectory, insights on the evolving role of CISO in the next 5 years, personal hobbies and interests, his favorite quote, future plans, words of wisdom, and much more. The following excerpts are taken from the interview.
Hi Don. What drew you to cybersecurity, and how did you begin your career in this field?
I fell into information security. It was not something I sought out initially. While working for an IT consulting firm in a system administrator role, I was asked if I had any interest in security and risk management. The consulting firm had a separate division focused on risk management and security consulting. I enjoy change so in 2009 I said yes to security without really knowing what I was saying yes to. Beyond saying yes to my amazingly supportive wife on our wedding day in 2003, that turned out to be one of the best “Yes” answers in my life.
My manager at the time mentored me through an accelerated onboarding to learn Linux (Ubuntu), penetration testing techniques, and the necessary tooling. I soon learned most of our client engagements included physical social engineering and penetration testing. Soon enough I was on assignment trying to break into financial institutions, high rise office buildings, and datacenters (all legally of course). I’m grateful to have started my cyber career through red team work, the thrill of the chase always got the heart racing. Pen testing was also a good use of my system and network administration experience from the previous 10 years working in infrastructure administration.
What do you love the most about your current role?
As I mentioned previously, I enjoy change and in my current role there is constant change. I also enjoy building, and my position allows me to do that as well. Starting new companies and participating in acquisition transactions means I am continually pulled into new projects with diverse requirements. The environment allows space to strategize and create while also holding on to performance outcomes. Security is an integral part of how we structure company operations from the beginning of the life of a portfolio company, so my team is in the early conversations as the businesses are forming.
What skills and expertise do you believe are essential for data professionals to develop in the next 2-3 years, and how are you investing in talent development within your organization?
Most important to me are the less tangible skills such as resiliency, adaptability, and emotional intelligence (EQ). Resiliency is a secret superpower – it allows us to bounce back from all the inevitable glitches, bugs, and project hiccups. When things go off the rails (and they will), we need to dust ourselves off, learn from it, and keep going. Adaptability provides the ability to be a tech chameleon. New tools, shifting goals, sudden changes – it’s all part of the game. Staying flexible keeps us ahead, no matter how fast things move. And finally, EQ – that’s the secret sauce for working with people. Technology may run on code, but teams run on emotions. Being able to read the room, support colleagues under pressure, and keep cool when things heat up. That’s just as important as solving the toughest security challenge.
How do you stay current with emerging trends and technologies in data and analytics, such as AI, machine learning, and cloud computing?
The top three ways I stay ahead on current and emerging trends are: networking, networking, and more networking. Peer groups and security associations are the primary way that work for me to make sure I’m keeping up with and stay ahead of the curve. Cultivating authentic community with peers, tangent industries, and people I admire are vital to my success in this area. For example, with AI, as security leaders we must be out in the lead learning about how businesses are going to leverage AI as a competitive advantage and solution ideas to do so as securely as possible. There are plenty of technology and business focused conferences, workshops, and get togethers where these topics are being discussed and debated. We must take the initiative to find our way into those conversations to keep pace with the businesses we are helping to protect.
How do you envision the role of the CISO evolving in the next 5-10 years?
I would like to say the CISO role will continue to gain importance in organizations everywhere and security in general will rise to the level of visibility it should have been for some time. I’m not as optimistic as others on this evolution. For that evolution to be successful, I believe CISOs need to be working on the skills that will help them be seen as a member of the executive team. CISOs need to understand sales, marketing, budgeting, enterprise risk, operations, human capital management, etc. As a well-rounded executive, CISOs have an opportunity elevate their profile and positively impact in an organization. But I’m not seeing a majority of CISOs grab onto this thought process yet. And so, I think what could happen over the next 5-10 years is the CISOs that are focused on non-cyber professional development and broader impact will end up moving on to other C-level roles such as CIO or COO and leaving the traditional CISO role to those who want to stay more technical and less involved in the rest of the business. The good news if this holds to be true is that we will have more senior level executives with cybersecurity expertise throughout various functions.
Is there a particular person you are grateful for who helped get you to where you are?
About 12 years ago, through an acquisition, I was put under a leader named David and he really challenged me to think differently. He was very different than any of the other leaders I had up until that time in my career. And I’m grateful that was the case. He saw something in me I didn’t see in myself, and he cared enough to invest time with me. He was a big thinker, a visionary, and very deeply invested in people. One tangible example of what he walked out in his leadership style was real delegation. As I was working on myself to be a better leader, I watched how he delegated responsibilities to team members including me. Delegation was not something that came naturally to me as I was a bit of a perfectionist when it came to work product. But David was able to quickly build initial levels of trust and delegate small and large responsibilities and truly let those team members run with their assignments. While the outcomes may not have been exactly what he would have done, the level of trust he built by the way he delegated was something I never forgot and was something I worked on for several years after learning the right way to delegate from him.
How do you keep your mind healthy and stay resilient? And how do you motivate your team?
I need time away from work, technology, and the cyber world. I have a beautiful family including my wife, three daughters, and two dogs. Spending time with my family, spending time in nature, spending time with God, and spending time not staring at a screen help me to find joy and inspiration. My true source of strength is found in God and without that foundation, I know the stress of this job and life in general would be too overwhelming.
What is your favorite quote?
“With man this is impossible, but with God all things are possible.” – Jesus
Where do you see yourself in the next 5 years?
An empty nester enjoying time with my wife while still enjoying building and leading teams and organizations.
What advice would you give aspiring cybersecurity professionals?
The job market is tough right now, but don’t give up. We need more cybersecurity professionals. If you are serious about entering the field, be prepared to take a technology-focused job first, rather than jumping right into a security position. Take the help desk job or data analyst position and find your way to a security position from there. Having some related experience will give you a good foundation for the first cyber role.
And network, network, network. Don’t try to go at this career alone. Get into professional associations or meetups and keep expanding your network. You never know who you might meet.