Craig Newell
VP, Enterprise Information Security
GDI Integrated Facility Services
Craig Newell has been keeping organizations and their data safe and secure for over two and a half decades. His career has brought him experience in a wide variety of industries, including banking, utilities, public sector, and retail. Craig enjoys a good challenge and finds helping organizations build their Information Risk program from the ground up, "the right way...his way!" to be very rewarding.
Learn more about the Toronto CISO community here.
Give us a brief overview of the path that led to your current role.
I actually have a diploma in Print Journalism and was only interested in computers as a hobby.
After I left the Royal Canadian Navy, I took a federal government retraining program and earned my MCSE 4.0 certification and started working in techology for real. Over the years, I've worked doing phone tech support, desktop and server admin, network install and support, but always found the information security side of things the most interesting.
It was actually when I was working in television production that one of the people I started Toronto's first CISSP study group with reached out and told me about a full-on information security job with his company and thought I would be a great fit.
The rest is history. I’ve been working my way through the ranks, building trust and relationships, balancing business realities with security needs to become the InfoRisk leader I am today.
What is one of your guiding leadership principles?
My leadership is totally based on my time in the Navy. My foremost role as a leader is the care and feeding of the people under my command… translated to mean that my job as a leader is to break down barriers, provide resources, provide guidance and direction, then get out of the way so that my people and my organization can succeed to their best potential.
With disruption being a key theme of the past few years, where do you see your role as a CISO going in the next 1-2 years?
CISOs need to have a much larger seat at the table and provide critical risk assessment services. Security isn't binary. Changing the conversation from "Is this secure?" to "What are the risks if we do this?" will allow us to be recognized as business enablers, not roadblocks. Risks are always present, some are worth accepting, some need mitigating, but very few are ever hard showstoppers.
What advice would you give to someone just starting out in the role as a CISO?
Learn your business and understand your role in it. Be patient. Make friends and allies. Build trust and relationships with senior leaders and executives before there is an incident. Be known for being fair, helpful, and thoughtful, and not hard headed and irrational. Don't take it personally if what you want to do or your advice isn't accepted.
Tell us 3 fun facts about yourself.
- In my spare time, I volunteer with the Canadian Coast Guard Auxiliary, rescuing people on Lake Ontario. My crew has five confirmed life saves.
- I have "competed" in dozens of triathlons and running races, and am currently training for my second Ironman.
- I have been in over 20 musicals as an actor, singer, "dancer", producer, set designer, props master, and stage manager.
What is the value of participating in a professional community through Evanta?
I love the format of Evanta events and the community that comes from them. The executive roundtables, one-on-one meetings, and dinners are much more helpful and useful than traditional conference presentations.
Evanta Governing Body members share their insights and leadership perspectives to shape the agendas and topics that address the top priorities impacting business leaders today.
by CISOs, for CISOs
Join the conversation with peers in your local CISO community.