Kashif Parvaiz
CISO, RSOC Program Director
University Health Network
Kashif (Kash) Parvaiz is a seasoned cybersecurity executive with over 20 years experience managing security programs for large private and public sector organizations in the Energy, Education and Healthcare sectors. Kash is currently the Regional Chief Information Security Officer (CISO) overseeing security strategy for over a dozen large hospitals in the Toronto area.
In his career, Kash has overseen the implementation of successful enterprise wide security awareness, vulnerability management, MSSP and incident response programs. As an executive leader, Kash regularly reports cyber risk to senior executives and board members. Kash is also active in the local cyber community and has spoken at many conferences, events and customer groups. Finally, Kash loves to continue learning and has obtained several industry certifications including CISSP, CISM, CCISO, CRISC and an MBA.
Learn more about the Toronto CISO community here.
Give us a brief overview of the path that led to your current role.
Upon graduation from University, I held several front line network support and server admin roles for various organizations. One of these roles included the opportunity to work with and support firewall technology and remote access infrastructure. This led me down the cybersecurity path, and after several years, I decided to make the transition into management and obtained my MBA to assist in translating operational activities into business risk reduction. As they say the rest is history.
What is one of your guiding leadership principles?
Being a CISO, it is your role to understand your core business services and the risks that could impact their delivery. I have found that one of the best ways to improve cyber operation is to listen carefully and regularly to your team of technical analysts and security specialists. They have first hand experience with organizational processes that may be inefficient and in need of improvement. Most of the time you can increase your security posture simply by refining these processes and playbooks (rather than investing in more technology).
With disruption being a key theme of the past few years, where do you see your role as a CISO going in the next 1-2 years?
The CISO role has come a long way since being just another name for a security operational manager to being acknowledged as a senior role that has accountability for an entire program. With the number of cyber incidents and their impact on business increasing rapidly, I believe that more organizations will elevate the CISO role even further, either reporting directly to the CEO or to the Chief Risk Officer if the organization is large. This is a great time to be in cyber as the future for emerging leaders is bright!
What advice would you give to someone just starting out in the role as a CISO?
Making the transition from technical leader to business leader is not a simple task. You have to shift your thoughts and think about the impact of certain risks on the entire business rather than thinking about technical solutions first. Once you have made this shift, the transition to the CISO role will be much easier.
Tell us 3 fun facts about yourself.
Those close to me know I am a fitness freak (get to the gym at 5:30 AM, 5 days a week), mostly into lifting weights but cardio, as well. Aside from that I am also a huge Marvel fan and watch all their new movies usually the day they come out (waiting for Guardians of the Galaxy 3). And finally, I am fond of traveling the world and experiencing new cultures.
What is the value of participating in a professional community through Evanta?
I have been an active member of the Toronto Evanta CISO group for several years now, and I find it a great place to not only discuss ideas but also connect with peers who have become friends over the years. The events are always very professional and the discussions are at the right level (they don't get overly techy like some events).
Evanta Governing Body members share their insights and leadership perspectives to shape the agendas and topics that address the top priorities impacting business leaders today.
by CISOs, for CISOs
Join the conversation with peers in your local CISO community.