Securing the Future: Leading Through Complexity and Change

My journey into cybersecurity and IT leadership has never been about technology alone. It’s been about people, risk, resilience, and trust. From early roles in IT infrastructure to leading security programs in complex, highly regulated industries, I’ve learned that the real challenge isn’t the tools—it’s navigating change while safeguarding the core of the business. At Highline Warren, a national leader in the automotive aftermarket, I’ve had the opportunity to put this philosophy into practice in an environment defined by rapid growth and constant evolution.

Balancing Vigilance and Innovation

The pressure to stay ahead of evolving threats is relentless. But focusing solely on defense can stifle innovation if you’re not careful. In our environment, I’ve found success in embedding security into the innovation process—not as a gatekeeper, but as an enabler. We work to partner with Engineering, distribution operations, and other business units from day one, ensuring security is built in, not bolted on. This collaborative approach helps us maintain agility without compromising integrity.

Security cannot be about saying “no”; it has to be about enabling smart, calculated “yeses.” By aligning security with business objectives and risk appetite, my goal is to create guardrails that support innovation rather than obstruct it.

A Risk Management Lens for M&A and Regulation

Working with acquisition-minded organizations demands a disciplined yet flexible risk management approach. Every acquisition introduces a new culture, new systems, and a new risk profile. My approach is to prioritize early assessments— both technical and cultural—before integration begins. Ideally, we use a phased risk onboarding model that allows us to triage immediate exposures while developing a longer-term alignment plan.

In regulated industries, compliance is table stakes—but it’s not enough. I view regulatory compliance as a baseline, not a goal. We focus on building sustainable programs aligned with NIST and other recognized frameworks, so when the next audit or acquisition occurs, we’re not scrambling— we know where we are on our maturity roadmap, and we are prepared.

Building a Resilient Security Ecosystem Through Partnerships

In today’s connected world, no organization stands alone. Supply chain risk, third-party dependencies, and cloud infrastructure demand that we think beyond our own walls. I’ve found that bidirectional partnerships—with vendors, regulators, and peer organizations—extend our visibility and resilience.

By aligning security with business objectives and risk appetite, my goal is to create guardrails that support innovation rather than obstruct it.

We’re building relationships with key suppliers to drive better transparency into their security practices, and we’re introducing third-party scenarios into our tabletop scenarios. Participating in information-sharing communities like ISACs has also proven invaluable, as well as collaborating with peers in our PPC Family of Companies. The truth is, your ecosystem is only as strong as its weakest node. We treat external partners as extensions of our own security posture, because they are a part of our attack surface.

Leading Through Crisis and Complexity

When facing a crisis—whether a ransomware attack, data breach, or reputational threat—technical acumen is critical, but leadership is what carries the team through. In highpressure situations, I lean on my experience in the Marines and Scouting, both of which stress preparedness. My role is to be the calmest person in the room. That means clear communication, rapid decision-making, and above all, empathy.

I remind myself and my team regularly that it’s about how we lead our people, engage our stakeholders, and protect trust. Building a resilient security culture starts long before a crisis—and it continues with how you show up when everything’s on the line.

Developing Strategic Cyber Leaders

To emerging cybersecurity leaders: don’t limit yourself to the role of auditor or enforcer. Learn the business. Sit with your CFO. Understand how your company makes money. When you do, you’ll begin to see security not as a cost center, but as a competitive differentiator. You can then socialize that idea with the business leadership – but you have to believe it before you can communicate it.

Compliance will always be part of the job—but it’s just the beginning. The real value you bring lies in your ability to translate risk into opportunity, to move from “why can’t we?” to “how can we safely?” Elevate your role by becoming a business partner first, a technologist second.

Final Thoughts

Cybersecurity is no longer a back-office function. It’s a boardroom topic, a brand issue, and a strategic imperative. Our challenge is to make security actionable, approachable, and aligned with the mission of the business. At Highline Warren, that means protecting not just data and systems— but trust, reputation, and growth.

In a world of accelerating threats and continuous transformation, success lies in our ability to lead with clarity, communicate with purpose, and build security into the DNA of the enterprise. That’s not just the job of a CISO or CIO—it’s the responsibility of every leader who believes in building resilient, forward-looking organizations.