Ken Athansiou
CISO
VF Corporation
JUNE 2020
There’s no one path to becoming a CISO. And while the role and responsibilities look different at every organization and industry, learning from one another’s road to success is essential. As the role of the CISO continues to evolve, so do the traits and scope of a successful security leader.
Ken Athanasiou, CISO, VF Corp, joined VF Corp – a 120+ year-old worldwide outdoor and lifestyle apparel and footwear company – as CISO in August 2019, but his 23-year career spans apparel, automotive, financial services and the US Air Force. From serving as the CISO at AutoNation and JP Morgan Chase to leading his own consulting practice, each unique experience has shaped his approach to leadership, risk and consumer and data protection.
What was your path to Chief Information Security Officer?
I spent 13 years in the United States Air Force – first as an enlisted airman working on the Minuteman nuclear intercontinental ballistic missile system, and then once I gained my commission, I worked as a communications and computer officer on satellite command and control systems. Then I worked on the operational test and evaluation of the B-2 Bomber.
During this time, I received an enormous amount of leadership training and technical training working on highly secure systems. This translated well when I left the service and began working for a credit card company as a data security officer. From there it was a series of progressive roles, including a stint as a consultant, that led me to my current position.
In one sentence, can you sum up your role and responsibilities?
My job is to manage my company’s technology and cyber risks and protect our employees and customers from threats and vulnerabilities that may lead to exposure of confidential information, integrity issues with critical company data, and illicit use or disruption of our information systems. VF Corp is a billion-dollar corporation with 50,000 employees and a portfolio of iconic consumer brands.
As CISO, how do you want to impact the business?
I My primary role is to ensure that technology risk is understood by the business so it can be either mitigated, compensated for, or accepted. I consider the controls we put in place to be akin to seatbelts, anti-lock brakes, and other safety systems that allow the business to perform faster and more effectively with less risk.
When you have controls that interfere with business’ processes, then either the controls are flawed and those controls either need to be reworked, or perhaps those business processes are flawed and they can be modified for efficiency and effectiveness.
How have you dont this in your new role?
I’ve been here at VF for a few months now and have gone through an extensive evaluation of the existing controls environment. This has resulted in multiple discussions on strategy and vision for the cybersecurity function and how it can better help the business to move forward faster with less residual risk.
What advice do you have for executives looking to grow to the next stage of their career?
Learn to speak to the business in their language without losing your technical edge. Understand true risk from an enterprise level and recognize what your business executives truly care about and why. Use that knowledge to communicate risks to them effectively.
Leadership skills are crucial to advancement and that includes good followership.
What are your leadership principles?
Situational leadership is crucial. Understanding the needs of your team and being able to adapt to the best style suited for a particular situation -- whether it be directing, coaching, supporting, or delegating -- is the best way to get the most out of your team while also encouraging their growth.
Hire the best and the brightest that you can find. Surround yourself with highly intelligent people with solid values and work ethics.
How has being involved in the Evanta CISO community made you a better leader?
The peer interactions I get with the Evanta events are the best I’ve had in my career. The Evanta team driving us to produce relevant content from actual practitioners results in truly excellent insights into what works, what doesn’t, how to avoid mistakes, etc.
These events also help to establish a strong peer network that is regularly refreshed. Prior to attending these events, I spent a good bit more time on the care and feeding of my peer network.
Special thanks to Ken Athanasiou and VF Corporation.
by CISOs, for CISOs
Join the conversation with peers in your local CISO community.