Johnson & Johnson CISO Marene Allison: “You can’t sit on today’s technology”


The oath Marene Allison took years ago to defend and protect the United States is the same principle that now guides her work maintaining cybersecurity at one of the world’s largest pharmaceutical and consumer goods manufacturers. wrapped in the world.

“It’s like raising my hand [in an oath] every morning and the mission is to protect and ensure the viability of my business in the cyber world,” says Allison, who has been CISO at Johnson & Johnson for more than 12 years. “It is important to understand that I am here to protect this company which focuses on human health. It is a very, very important mission that I take seriously every day.

Allison is used to missions.

She was a member of the first class of women to graduate from the United States Military Academy at West Point, earning her Bachelor of Science degree. His ties to the august academy remained strong, becoming a member of the West Point Women’s Board of Trustees and the military academy liaison/Congressional Coordinator for the State of New Jersey. And before joining the corporate world, she served as a special agent in the FBI, working on covert drug operations in Newark, NJ and terrorist attacks in San Diego.

Securing Johnson & Johnson

For the past twelve years, however, Allison has focused on securing Johnson & Johnson’s global information technology systems and operations. It’s a big job.

The 136-year-old American company is a household name, making and selling ubiquitous products like Tylenol painkillers, Band-Aid adhesive bandages, Listerine and Aveeno body lotion, as well as orthopedic implants and medical devices. However, since the COVID-19 pandemic hit in 2019, the Fortune 100 company has made global headlines for developing a COVID vaccine that has quickly become an essential tool to protect people against the highly contagious and deadly disease. .

Ensuring the security of information systems, data and people in a healthcare enterprise comes with its own set of challenges. Ensuring those protections when suddenly this company is at the center of the world’s attention, especially when the pandemic is mixed with a heated political storm, becomes exponentially more difficult.

“I think what COVID has done has put health care in the spotlight,” Allison says. “At J&J, we had already built cyber defenses and data protection, so we had resilience in place that kept us above the fray. You had to understand what was happening to you and put those defenses in place.

This aligns with Allison’s philosophy that it’s important to look beyond the technology in use today and the issues that arise immediately. It focuses on the future, not just on the devices and software that Johnson & Johnson employees will want to use in the future, but on the challenges they may face.

“Mature companies with large security organizations constantly consult roadmaps. You need to look at what is needed and what is out there and have plans in place to pivot quickly,” she explains. “You can’t sit on today’s technology and not think about what you’ll need for the future. Whether it’s artificial intelligence or machine learning, you have to look to the future: the workforce wants to be able to rely on new technologies.

Safety during the pandemic

This forward-looking look helped when Johnson & Johnson employees left their desks in droves to work remotely when the pandemic hit. When employees needed to be able to use Zoom to connect and communicate from their living room and kitchen, the question was whether it was secure enough. It was a question Allison asked and answered before COVID hit; she had evaluated Zoom before it became critical for the company’s remote working needs.

“We were ready for digital,” she says. “We are reviewing our technology platforms and assessing what needs to happen before we start using them every day. Security should be the “yes and here’s how” department. When new technologies come out, people say, “We’re going to use these things. I say, ‘I hope so. They will help us in so many ways.’ »

Another aspect of safety in the time of COVID was protecting employees by educating them about the dangers of oversharing on social media.

“We looked at the use of social media: how we communicated, what platforms were used, how much information was shared,” says Allison. “Because everyone was at home and on social media, people had to learn how to be safer on social media. Rather, it was to ensure that they did not become targets.

Creative team building

Staying ahead of technological advancements and allowing employees to work from home safely, while securing Johnson & Johnson’s IT systems and data, is a big job. But it’s a case that Allison doesn’t take on alone.

CISO says one of the things she’s most proud of is the team she’s built around her – the team that keeps all the trains running.

“I think it’s really about creating a team that can manage the risks that exist today in a very dynamic and changing cyber world, while helping to protect our business so that it’s free from operate and solve health problems for humanity,” she says. “It’s about creating a team with a diversity of thought so they can see things from all angles and understand technology, the business and threat. The real thing is the talent that has been created in the organization that we have at J&J.

Building a top-notch cybersecurity team when there’s a shortage of people trained for tech jobs takes vision.

Allison says she’s had to get creative with how she looks at people and what they can do. There are plenty of people who may not have started out with a tech degree, for example, but that doesn’t mean they can’t be a valuable part of his team.

“I believe in investing in people and knowing that they can grow,” she says. “I saw police officers who became forensic experts and the chief of security operations. Creativity is believing in people and what they are capable of…. You can’t say, “You went to mainframe school, so you can’t be a cloud expert.” [They] box. That’s what makes security guards so special. They are always looking to solve problems. If you find someone like that, you seize the opportunity.

Copyright © 2022 IDG Communications, Inc.

Previous Why should agencies implement real-time intelligence operations?
Next What is the best VPN? These three guarantee privacy and security.