Daniel Nunez
CISO
New York City Employees’ Retirement System
Daniel Nuñez is the Chief Information Security Officer at New York City Employees’ Retirement System and Governing Body Member of the New York CISO Community.
Learn more about the New York CISO community here.
Give us a brief overview of the path that led to your current role.
I started my career thirty-six years ago in data communications and was fortunate enough to enter the world of cybersecurity. After five years, a financial institution named Instinet was looking for volunteers to manage their DMZ firewalls - this was when companies saw the potential of using commercial Internet for networking and began moving away from legacy WAN communications, such as T1, T3, X.25, Frame Relay, and MPLS. I gained a quick appreciation for the hacker mentality because back then, it was more about being creative, mischievous and competitive, as opposed to now where cybercrime can be malicious, life threatening, and impactful to our economy.
Over the years, I immersed myself in the various domains of information security and evolved as a pragmatic CISO. I’m mission-oriented in both offensive and defensive tactics to protect our nation’s infrastructure and our good citizens. I made a decision in my journey to work for the city government and become a civil servant, because I feel the need to apply my experience to do some good and protect the city of New York as best as possible.
I was born and raised in Brooklyn, and it was my way to give back to the city that gave me so much growing up. I’ve held several positions in the city, one where I was New York City’s first Deputy Commissioner CISO for the Department of Information Technology, but I’m mostly proud of my current role where I manage an information security program to protect the pensions of over 350,000 active members and retirees.
What is one of your guiding leadership principles?
I have to give you two. The first is “lead by example”. If you want people to gain your trust and support you, you have to roll up your sleeves and practice what you preach. Demonstrate that you know what you are doing as a leader. Do not tell people to do something you wouldn’t do yourself, and remember, nothing is beneath you.
The second is “never forget where you came from”. Always remember humble beginnings. We all had to learn this somehow and we should maintain a level of humility when helping our colleagues focus on the mission. I truly enjoy mentoring potential future CISOs, because it’s our obligation to pass our responsibilities over to future defenders.
With disruption and transformation being a key theme of recent years, where do you see the CISO role going in the next 1-2 years?
The CISO role has evolved beyond being business enablers to where we have become risk decision makers. We have to progress from technologists to thinking like board executives with a balance of strategic planning, risk tolerance, and execution.
In the theme of transformation, I’ve seen CISOs fail in their careers, because they were not willing to embrace emerging technologies such as big data and cloud computing. As modern day CISOs, we have to adapt to the latest trends of automation, artificial intelligence, machine learning, etc. - all of which have their own set of good and bad use cases.
What advice would you give to someone just starting out as a CISO?
Never stop learning. Read, attend sessions, network, listen to podcasts, join groups, and invest in your career, because adversaries and bad actors are not going away and the cybersecurity problem will only get worse.
Identify an outlet in your life that you truly enjoy as a stress reliever, because this is a stressful job. This goes back to the cliché question – “What keeps you up at night?” However, never give up. Something drew you to this field, and you have chosen a great career where you will always be employed and never be bored. When things get tough, take a step back and learn how to leverage the people you work with. Everyone has something to contribute, so you don’t need to feel like you’re alone in this battle.
Tell us 3 fun facts about yourself.
- I’m a comic book nerd, and I love both the DC and Marvel universes. It’s an appreciation of the art. I’ve seen the artistic styles progress from fundamental to very advanced lifelike art. It all started when I went to the High School of Music & Art in Harlem where I majored in art.
- I practiced martial arts for years - since 16 years old and stopped recently due to a bad hip. I’m hoping to find a softer style that will allow me to get back into it. I see many parallels in martial arts and cybersecurity. For example, maintaining discipline, preparing for an attack, sparring and kata (table top & attack simulations), and agility (being able to adapt to new technologies and threats).
- My greatest achievement is my family. I didn’t grow up in the best of neighborhoods, but by the grace of God, I made it out when most of my friends didn’t. I was able to build a family and give them everything I’ve dreamt of. I’m proud of them. My wife runs Cybersecurity Internal Audit for a major bank, my daughter is working on her masters for music business, and my son has recently graduated from Adelphi and is working on his masters in Psychology.
What is the value of joining an Evanta community?
Evanta has provided an incredible platform for CISOs to collaborate and network beyond scheduled meetings. This is invaluable when sharing threat intelligence, recommending effective controls, opinions on compliance, and keeping abreast of the latest breakthroughs related to cybersecurity.
As leaders, we are responsible to protect our organizations, our reputations, our customers, our intellectual property, proprietary and customer data, and our nation's critical infrastructure. Evanta brings CISOs together with these common interests from various industry sectors to fulfill this responsibility. Joining Evanta is one of the best decisions I’ve made to help my personal career growth.
Evanta Governing Body members share their insights and leadership perspectives to shape the agendas and topics that address the top priorities impacting business leaders today.
by CISOs, for CISOs
Join the conversation with peers in your local CISO community.