John Flores
CISO & AVP, Information Security
UTMB Health
John Flores is a security executive and former engineer with 20 years of technology and information security experience. His focus as the CISO at The University of Texas Medical Branch (UTMB) is on the operations of an institution-wide security program that protects the vital missions of UTMB to improve healthcare, provide nationally recognized education and conduct innovative research.
Outside of cybersecurity, John enjoys spending time with his family and playing video games with his boys. A fun fact about John, he was once featured on the front page of the Houston Chronicle.
Learn more about the Houston CISO community here.
Give us a brief overview of the path that led to your current role.
I started my career as an IT Student Assistant – my original interest was sparked after building a gaming PC. Technology became a passion, and I decided to advance my career by obtaining my degrees and gaining experience as a helpdesk technician, system and network administrator and later a principal network engineer.
While working on my Master’s degree, a new passion was discovered, information security. This gave me a renewed and singular purpose to help advance information security and assurance. In 2022, I was given the opportunity to dedicate my career and deep experience in technology entirely to information security at UTMB, as the Deputy CISO and now the CISO.
What is one of your guiding leadership principles?
Passion drives purpose, be clear with expectations and watch people do great things!
What is the greatest challenge CISOs face today, and how are you addressing it?
Influence is the biggest challenge facing CISOs. The requirements and reporting structures are not well defined and lead to organizations not providing the correct level of visibility, autonomy, and authority for CISOs to identify, treat and mitigate risks to the business. Organizations must empower the CISO role and properly position the CISO to drive business outcomes and protect the organization. The CISO must set clear expectations and find creative and effective communication methods, while building key strategic and collectively beneficial relationships.
What is the key to success for someone just starting out as a CISO?
Be passionate about what you do and be able to articulate that passion to others. Communication and relationship building are key to influencing and advancing security initiatives and culture.
How do you measure success as a leader?
As a former engineer, metrics and outcomes are important in gauging success. Stabilizing, improving, and optimizing are key indicators that work is advancing and security is moving forward. True leaders serve others and believe that the best work comes from empowered individuals who feel supported in their work.
What is the value of being a member of Gartner C-level Communities?
This community has been a blessing and a great forum for discussing important topics with peers. Community is really the best way to describe it, because we all come together with the same mission and purposes, to make our industries and organizations more secure and to support each other.
Gartner C-level Communities Governing Body members share their insights and leadership perspectives to shape the agendas and topics that address the top priorities impacting business leaders today.
By CISOs, For CISOs®
Join the conversation with peers in your local CISO community.