Cyber Savvy: Clean Energy, Cleaner Security—Staying Ahead of Cyberthreats with Uplight CISO Alex Wood

As a CISO, navigating the ever-evolving cybersecurity landscape is a constant challenge. With new threats emerging alongside persistent older ones, it’s crucial to stay ahead while maintaining strong security fundamentals. In this edition of Cyber Savvy, Alex Wood, Chief Information Security Officer (CISO) at Uplight shares their biggest security concerns, the potential risks posed by generative AI, and how their team is adapting to these challenges.

From embracing AI to streamline operations to fostering a security-first culture, Alex offers practical advice and lessons learned from their own journey. Whether you’re managing an existing security team or just starting out, this discussion is packed with strategies to help you tackle the challenges ahead.

What are your biggest security concerns/challenges as a CISO?

A: Both the technology landscape and the threats presented to it by attackers are constantly changing, which makes it a challenge to keep up with everything. As technology evolves, those old threats usually don’t go away, so there is an ever-increasing number of threats to contend with. It’s tempting to look at the new and shiny threats while not paying attention to the existing ones. Ensuring our program has good fundamentals (patching, vulnerability management, logging/monitoring, etc.) to deal with current threats helps us manage all the threats.

What new challenges do you anticipate in the coming year?

A: Generative AI (GenAI) has become a huge buzzword recently, and we’re still only at the tip of the iceberg in terms of its impact. While it can be a great enabler, it also has to be well-governed, just like any technology. It also has the potential for misuse, and we’re already seeing attackers leveraging GenAI to make their operations better. Security teams need to embrace GenAI so they can use the people resources they have more efficiently and even the playing field with attackers.

How is your team adapting to the evolving threat landscape?

A: In order to be effective as an information security professional, you have to be curious and interested in learning new things. Our team spends a lot of time learning about new technologies and trends. Lately, there’s been a big emphasis on how to leverage GenAI to make our operations easier and better. Some of this is learning best practices for general utilization, but also learning how we can leverage it to reduce mundane tasks or enrich current processes. We also spend a lot of time reading security news, research, and other emerging threat intelligence to make sure we’re covered for new threats. Reducing mundane tasks gives us more flexibility to keep up.

What do you consider your most important success metric?

A: It’s so hard to pick just one thing! Ultimately, information security is an exercise in risk management, so ensuring our business is at or trending toward acceptable risk levels is the best indicator of succeeding in our mission. I’d love to be able to say we have no incidents or something similar, but that’s not realistic. In most cases, if we drive security risk to zero, we’re spending too much on security and probably impacting the business’s ability to operate, which is the reason for taking risks in the first place.

What are your three biggest goals for the coming year?

A: We’re always trying to mature our operations to make sure we’re reducing risk, and we have several initiatives related to that. In addition, Uplight is releasing a new developer platform that we’re very excited about as a company. We’ve had great partnership with other teams to ensure that we build it with security embedded.

Are there any security leaders, besides yourself, that you look to for guidance?

A: Community and teamwork are what allow people to grow and succeed. I’ve spent a lot of my personal time developing community and being part of communities that help me and others. Several years ago, I helped start Colorado = Security along with Robb Reck to amplify the Colorado information security community. We have a lot of great community members and security leaders that participate, and I would recommend anyone in Colorado to join.

I also belong to an organization called the Information Security Leadership Foundation (ISLF) that was started by Clint Maples and others. It’s a great organization that helps security leaders get better as well as give back to the community as a whole. There are so many amazing members who share their knowledge and advice—it’s hard to single any one of them out.

What advice do you have for other CISOs or aspiring CISOs?

A: Our goal as information security professionals is to reduce risk to an acceptable level for our companies. In order to do that, we have to understand what our companies do, how they do it, and where those areas of risk are. While we are participants in determining what the right level of risk is, we’re not the ultimate deciders—so my advice is to focus on the business side. Spend time building relationships with leaders outside of security. Understand where risk is in the organization, and work with those same leaders to agree and what the right level of risk is. Once you can do that, you’ll have a much clearer path for the technologies and controls you need to put in place to manage that risk.

Want to learn more from Alex? You can connect with him here. (Please include a note to ensure you receive a response.)

In our upcoming Cyber Savvy segment, we'll be conversing with yet another security expert to explore their perspectives on the constantly shifting threat environment. Whether you're a seasoned CISO, aspiring security analyst, or simply curious about industry insights, this is an opportunity you won't want to overlook.

Want to be featured yourself? Contact us here and we’ll be in touch!