Michael Baker, IT CISO, DXC Technology
Q: Who or what was the greatest influence on your career as you’ve developed into the area of cybersecurity as a CISO?
A: Like most people in tech, I have the typical story of growing up around computers and really leaning into them in childhood as an outlet for fun, creativity, and amazement at the pace of technology. Information security has always fascinated me from a young age when I was running bulletin board systems (BBS), choosing a college major, and finally choosing my first foray into the professional world. I jumped into penetration testing right out of college with EY and from that point I was hooked. Simply put, the field was fun, and I knew I wanted to be in it. I have been incredibly fortunate to be surrounded by colleagues and mentors who have consistently supported and challenged me as I have navigated my career. Starting a career at EY afforded me the opportunity to work on a variety of clients across industries and put me in a position to sit in rooms I otherwise would not have been in as a young professional discussing cyber topics with CIOs, CISOs, and other business leaders. These experiences allowed me to grow technically but also taught me the importance of being a change agent, developing soft skills, and focusing on clear and concise communication. Many of those colleagues from EY have gone on to become amazing CISOs themselves and I still lean on them for advice to this day. Also, I have enjoyed the opportunity to work for leaders in the past and at DXC Technology who prioritize cyber in all they do. These mentors have taught me a passion for digital transformation that I didn’t know I had coming out of consulting. That passion has resulted in a shift where the pride of ownership of a program, seeing it grow in efficacy, and developing a high performing team that supports it is extremely fulfilling. Now my focus has shifted to make sure I pay I forward by prioritizing my availability to mentor the next generation of cyber leaders looking to break into the field or achieve their maximum potential.
Q: Your career has been expansive with E&Y, GDIT, and now DXC Technology. You’ve been in a CISO role for over 9 years. What are 3 challenges you’ve faced the past 5 years, and any specific challenges prior, that has made you a more savvy CISO that you’d share with others?
A: The first challenge I encountered during my first two years as a CISO was developing the self confidence to overcome imposter syndrome in the role and be assured that the program we were building would meet the mark. To overcome this, I heavily relied on the community of cyber and IT professionals in the Washington DC area. This collaboration allowed me to validate priorities, ensure alignment with industry, and become aware of any challenges that could arise. It was this early collaboration that set me on a path to promote and lead industry collaboration with various professional organizations. I truly believe that when we come together as an industry is provides the best outcomes for our customers and companies.
The second challenge was making the shift from an operational mindset to becoming a strategic enabler for the business. This was a slow evolution where I was fortunate to have mentors that challenged me in where I was spending my time and the true value I could bring to the business in the role. I shifted from a “down and in” role to “up and out” and caused me to re-evaluate the time I was spending on certain tasks. Most importantly this led to me to improving in areas of delegation, team building, and story telling to support the program. Most of all, it caused me to learn to simply let go of things I had grown accustomed to and actively seek to evolve and prioritize the development of an expanded skillset.
The third challenge all revolves around scaling up. Scaling a program, scaling an organization, and scaling up your leadership mindset. This originally happened through a large acquisition which doubled the size of our cyber program and then subsequently moving to DXC Technology which operates critical IT infrastructure in over 70 countries globally with 130,000 employees. These experiences drive growth for our entire team and allows everyone to embrace change as not something to be feared but a new and exciting opportunity.
Q: Looking at the current landscape, and ahead, what are the challenges you’re working on and the solutions you’d like industry and government to bring to bear in making our nation more secure in the fight against cyber threats?
A: The same amazement at the pace of technology change is evident in how our threats have evolved in recent years. The growth of threats across a variety of vectors requires myself and all CISOs to lean into learning and collaboration even more. A key tenant of this is the free flow of cyber threat intelligence across borders, companies, and industries to reduce time to react to new tactics and exploits as they evolve in real time. Leveraging techniques and technologies to get this intelligence in the hands of operators quickly is key to our collective defense.
Part of this is controlling the risk that AI poses to our data but not shying away from the innovation it offers our teams as a force multiplier. AI models in our tools are making it easier to sift through the noise and respond to threats at machine time. It also allows us to rapidly upskill our cyber defenders or bring more people into the workforce with less training leveraging AI in their daily tasks. It is our responsibility to put the guardrails around this technology without stifling innovation and value.
Finally, future talent development is all our responsibility. Providing an opportunity driven environment for our teams to learn and grow their skills is essential to meeting the workforce needs of the future. This requires all of us to pull talent from a diverse set of sources and backgrounds and provide the coaching and mentorship to ensure success at not just the current role, but future roles to come.
At DXC, we have leaned into secure by design practices and a zero-trust journey to act as our true north for increasing cyber resiliency over time and meeting the latest threats. This drives our investments, our partnership decisions, and how we apply our capacity to drive the most value for our clients and our company.
Q: What is one parting piece of wisdom you’d share to aspiring CISOs now?
A: Stay humble and always drive value. This industry rewards people who are curious and commit to learning and evolving. At the same time, make sure you develop the self confidence to be assured in your skills and ability to lead a program and a team with a bias for action. Always be open to change, foster trust and transparency, and work to manage cyber risk while enabling the business.
