Tim Johns, Vice President of IT Operations and Chief Data Safety Officer, Custard Insurance coverage Adjusters
Tim Johns, Vice President of IT Operations and Chief Data Safety Officer, Custard Insurance coverage Adjusters
Tim Johns, Vice President of IT Operations and Chief Data Safety Officer (CISO) at Custard Insurance coverage Adjusters, has constructed a profession over 4 a long time, witnessing firsthand the transformation of IT and cybersecurity. From working with mainframes and punch playing cards within the early Nineteen Eighties to main IT safety technique for a significant insurance coverage adjuster, his journey is a testomony to adaptability and management in a quickly evolving digital world.
On this interview, Johns shares insights into as we speak’s greatest cybersecurity challenges, business tendencies, the function of vendor danger administration and the significance of management buy-in for efficient safety methods. He additionally discusses the human consider cybersecurity and why proactive safety measures should be a precedence for each group.
A Profession Outlined by Technological Shifts
My journey in IT began in highschool after I was launched to keypunch operations and punch playing cards, each of which had been foundational in monetary establishments on the time. I started my skilled profession in mainframe computing, spending seven years mastering its complexities earlier than transitioning into server expertise because the business developed. By the late Nineteen Eighties, Microsoft was beginning to disrupt the IT area. Initially, I used to be skeptical that PC expertise might exchange mainframes, nevertheless it shortly turned evident that the business was shifting. I tailored by shifting into client-server expertise in 1990. At the moment, Novell dominated networking, and I turned a Microsoft-certified techniques engineer (MCSE) in 1996. My profession took me throughout a number of industries, from medical information administration—the place I led a workforce overseeing 60 million medical information—to healthcare IT, finance and authorized operations. Finally, I joined Custard Insurance coverage Adjusters as an IT Supervisor, a task akin to an IT Director in lots of firms. Over time, my management in IT technique and cybersecurity led to my promotion as vice chairman of IT Operations and chief info safety officer (CISO), the place I now oversee enterprise safety, IT governance and danger administration.
From Paper Credentials to Actual-World Readiness
One of many greatest challenges in cybersecurity as we speak is the scarcity of expert professionals. Many candidates look nice on paper, however they fall brief in relation to hands-on expertise. Certifications and formal schooling are useful however don’t all the time translate into the experience wanted to deal with real-world threats. Excessive wage expectations additional complicate the problem. Whereas cybersecurity roles demand aggressive compensation, firms wrestle to seek out candidates who justify the funding.
I’ve interviewed many individuals who checklist cybersecurity expertise on their resumes however lack the depth wanted to function in a highstakes setting.
One other problem is getting management buy-in. Many organizations solely prioritize cybersecurity after experiencing a breach, which is usually too late. At Custard Insurance coverage Adjusters, we’re lucky to have management that understands the significance of integrating cybersecurity into enterprise processes slightly than treating it as an afterthought. This dedication helps us cut back danger publicity and align safety efforts with broader enterprise goals.
Regardless of elevated consciousness, many firms stay reactive slightly than proactive of their cybersecurity methods. The rise of ransomware, provide chain vulnerabilities and cloud safety dangers has made cyber resilience a necessity. Sadly, some organizations delay funding in cybersecurity till they expertise an assault, resulting in pricey penalties.
A powerful cybersecurity technique must be proactive and incorporate steady menace intelligence, safety monitoring and danger administration. At Custard Insurance coverage Adjusters, we deal with staying forward of threats by leveraging safety intelligence and business finest practices. Common safety assessments and governance frameworks assist us be certain that our defenses stay efficient in opposition to evolving cyber dangers.
Closing the Cybersecurity Gaps
Cybersecurity isn’t nearly defending inner techniques—it additionally requires securing the third-party distributors we depend on. Many breaches occur attributable to vulnerabilities in an organization’s provide chain, the place attackers exploit weak safety measures in vendor techniques.
At Custard Insurance coverage Adjusters, we take vendor danger administration severely. We assess our companions’ compliance with safety laws, conduct common audits and implement strict entry controls. A key instance was a current vulnerability present in Fortinet’s VPN software program. When the safety flaw was disclosed, we instantly patched our firewalls. Shortly after, we detected suspicious exercise, however as a result of we had already utilized the patch, we prevented what might have been a severe breach. This strengthened the significance of staying forward of threats by fixed monitoring and immediate motion.
Know-how is essential in strengthening safety, nevertheless it’s solely efficient when mixed with agency insurance policies and worker consciousness. At Custard Insurance coverage Adjusters, we’ve built-in AI-driven safety analytics, machine studying and automatic menace detection into our operations. These instruments assist us determine and mitigate threats earlier than they escalate.
Cybersecurity shouldn’t be a onetime initiative—it requires ongoing funding, ability improvement and cultural integration 
Nevertheless, expertise alone isn’t sufficient. Staff are sometimes the primary line of protection, and with out correct coaching, they’ll inadvertently expose the corporate to cyber dangers. We conduct common safety consciousness packages to coach our groups on phishing assaults, social engineering and different cyber threats. A powerful safety tradition is simply as vital because the instruments we deploy.
Common safety audits and penetration testing assist us keep away from potential threats, guaranteeing that vulnerabilities are recognized and addressed earlier than attackers can exploit them.
Cybersecurity shouldn’t be a one-time initiative—it requires ongoing funding, ability improvement and cultural integration. For a company to be resilient, safety should be embedded into each side of enterprise operations.
At Custard Insurance coverage Adjusters, safety isn’t simply an IT operate— it’s a enterprise enabler. By integrating cybersecurity into decision-making processes, we be certain that safety initiatives align with operational objectives and long-term enterprise continuity.
The Subsequent Period of Cybersecurity Begins Now
Cyber threats have gotten extra advanced, requiring organizations to stay agile and proactive. Predictive safety fashions will outline the way forward for cybersecurity management, the place organizations anticipate threats earlier than they materialize. AI and automation shall be essential in managing large-scale safety operations effectively. Regulatory compliance and information privateness legal guidelines will even form safety methods. Firms that fail to remain forward of rising laws danger monetary and reputational injury. At Custard Insurance coverage Adjusters, we’re dedicated to steady enchancment, adapting our cybersecurity technique to align with evolving threats and compliance requirements.
Cybersecurity is not non-obligatory— it’s a necessity for enterprise survival. Organizations that put money into proactive safety measures as we speak will thrive sooner or later. At Custard Insurance coverage Adjusters, we stay dedicated to constructing a resilient cybersecurity framework by staying forward of threats, strengthening vendor danger administration and fostering a tradition of safety consciousness. By prioritizing strategic management and steady enchancment, we be certain that our group stays safe, aggressive and ready for the everchanging digital panorama.
