Skip to main content
search

Copyright © 2024 TERANET

Inside Cybersecurity at Teranet: A Q&A with Chief Information Security Officer, Brenda McCulloch

Cybersecurity is more than just a buzzword at Teranet—it’s a shared responsibility that touches every part of the organization. As we celebrate Cyber Security Awareness Month, we wanted to provide insight into the important work being done behind the scenes. We sat down with Brenda McCulloch, Teranet’s Chief Information Security Officer, to talk about the challenges, strategies, and future of cybersecurity at Teranet, as well as how every employee plays a role in keeping the organization safe.

Q: Can you provide a brief overview of your role as Teranet’s Chief Information Security Officer?

A: I joined Teranet almost six years ago when the role of Chief Information Security Officer was newly created. At that time, the position was separated from IT Infrastructure and Operations with a clear mandate to mature the security program. Since then, my focus has been on ensuring that Teranet remains vigilant and prepared for the ever-evolving cyber threats we face.

Q&A with Teranet CISO Brenda McCulloch

Q: Cyber Security Awareness Month is a key event in the tech calendar. How does Teranet participate in Cybersecurity Awareness Month, and what are some of the initiatives planned for this year?

A: Cybersecurity holds high visibility and importance at Teranet. A major component of maintaining our security posture is ensuring our employees are aware of our security policies and integrate them into their day-to-day routines as well as during project and operations delivery. While we continuously educate employees on security industry practices, Cyber Security Awareness Month allows us to dive deeper into emerging threats. This year, we’re focusing on the latest advancements in cyber protection and providing up-to-date information on evolving threats through our partners. It’s all about staying relevant and ensuring our employees have the knowledge they need to protect both themselves and the organization. 

Q: Regular training is crucial to maintaining a strong cybersecurity posture. Can you share more about the cybersecurity awareness training program at Teranet and how often employees are engaged with it?

A: We engage our employees with cybersecurity training through various platforms. At the start of their employment, everyone is required to complete security training and familiarize themselves with our policies. Beyond that, all employees undergo annual security training, while technical roles will be subject to additional specialized training. We also conduct unannounced phishing tests to ensure vigilance—phishing remains one of the most prevalent threats. Additionally, we work with a third party to run tabletop exercises to simulate current cyber threats, ensuring our incident response playbooks are up to date.

Q: Phishing is one of the most common threats facing organizations today. What kind of phishing training does Teranet provide to employees, and how do you assess its effectiveness?

A: As mentioned, phishing tests are an integral part of our approach. These unannounced tests help assess how prepared our employees are in spotting malicious emails and links. We also provide ongoing training on how to recognize phishing attempts, reinforcing the importance of immediate reporting. The effectiveness of training and protection controls is measured including the number of suspicious emails reported by employees or failed phishing attempts.

Q: What are some of the biggest cybersecurity challenges organizations face today, and how is Teranet addressing these challenges?

A: There are several major challenges in cybersecurity today. One significant issue is the evolution of AI and the use of deep fakes to socially engineer our workforce into unknowingly allowing access to malicious actors. To address this, we continuously evolve our security awareness program, monitor for alerts, and encourage employees to promptly report suspicious activities. 

Another challenge is managing the use of technologies like large language models (LLMs), which, while innovative, present unintended risks. To mitigate these, Teranet has established an AI Trustworthy Committee to guide employees on responsible AI use, ensuring we manage risks without stifling innovation. 

Lastly, balancing tight budgets and timelines while maintaining security is a common struggle. At Teranet, we integrate security practices from the start of every project, ensuring that security becomes an enabler for efficient and effective use of resources, aligning with our business objectives. 

Q: What can employees do to be more proactive in ensuring the security of Teranet’s information and assets?

A: Every employee plays a vital role in safeguarding Teranet’s security. By applying their security awareness knowledge and following established processes and policies, regardless of their role, they become integral to the company’s overall security posture. To be proactive, our employees have processes they follow to design security from project inception through the development lifecycle and into the final build. Further, our operational staff follows our integrated security validation processes on newly developed solutions and enhancements to existing solutions. Our priority is to minimize security risks and vulnerabilities before our technologies go into production. Subsequent to production migration, we continuously check for new vulnerabilities to ensure our posture is aligned with our risk appetite and objectives.

Q: Looking ahead, how do you see cybersecurity evolving at Teranet, and what are some of the key focus areas for the future?

A: Cybersecurity at Teranet is far from stagnant. We are constantly evolving to meet new challenges and adapting to changes in the marketplace as well as within our internal transformations. In the future, we will continue to enhance and streamline our security stack following our cloud migration, pursue intentional certifications, and increase our efficiency through automation, AI copilots, and modernization of our architecture. Partnerships with vendors will also play a key role as we remain agile and proactive in securing Teranet’s future. 

Cybersecurity is everyone’s responsibility, and at Teranet, it’s clear that Brenda McCulloch and her team are leading the charge. As we observe Cybersecurity Awareness Month, we are reminded of the importance of staying informed and proactive in the face of evolving threats. By working together and remaining vigilant, Teranet continues to strengthen its defenses and build a more secure digital future.