Bad actors will do anything to either disrupt an organization or lock up key information. The rate and complexities of cyberattacks with AI, deepfakes and other new brazen ways to infiltrate an organization’s cyber defenses continue to keep many a chief information security officer (CISO) concerned. 

Dwayne Smith is one of them. 
 
That’s why it’s interesting to hear that what truly occupies Dwayne, Vensure’s senior vice president of security and CISO, is when things are calm. To him, “No news is good news” goes hand in hand with “It’s too quiet in here.”  

Since it’s Halloween season, let’s put it this way: For Dwayne, it’s like a scary movie where someone walks into a room. Nothing is happening, but something just doesn’t feel right, which can be just as unsettling as a big scare. 

It’s that constant vigilance that makes Dwayne such a well-respected member of the cybersecurity community. He is a member of the Cyber Security Hall of Fame advisory board for a reason after all. Dwayne was also recently recognized by his peers as a Top Global CISO for 2024  from Cyber Defense Magazine. This is his second-consecutive win. 

As he receives this honor, it’s a great time to learn more about Dwayne, his career and his thoughts on keeping customers’ and clients’ information safe under the umbrella of a complex, multinational organization like Vensure Employer Solutions. Here’s a recap of our recent interview with Dwayne: 

**************************************************************************************************************

Congratulations on this award. It’s the second year in a row for you. What does this award mean to you and this organization? 

Dwayne Smith: To me it means that we continue to be successful in the field of cybersecurity and being recognized for it by not only our customers and partners we get to collaborate with directly, but also by industry peers—the people who must do it every day. It says a lot. It’s not just about me. I’ve always said that nobody can do this job alone. It’s about the team, and when I say team, it’s my cyber team. It’s the Vensure team. It’s our customer team. It’s everyone, including our families.  I don’t want to leave our families out. I said last year when I won: If it wasn’t for my wife and some of the support I have from my brothers, my in-laws, my mom and dad, I don’t know where I’d be today. 

It’s clear that the job of a CISO gets more and more complicated each and every year. Can you talk more about that? 

Dwayne Smith: It’s not only the number of threats that are coming; it’s the number of technologies. Cybersecurity is a much bigger part of the business lingo today than it’s ever been. As a stakeholder in the business, just like an accountant has to know where every penny’s at, I have to know where every cyber asset’s at and how to protect it. 

Vensure Employer Solutions is clearly growing quickly thanks to mergers and acquisitions. Can you talk about the process of bringing a new company on board and getting them to the level of security that meets your expectations in terms of keeping data safe? 

Dwayne Smith: As you mentioned, we do several M&A deals each year. Vensure, PrismHR and Solvo all have a standardized approach. It’s then developing that pathway to bring them into that standardized approach and into our framework. That framework has been set up to meet compliance, threat detection and threat response. I see cybersecurity now more than ever as not only a metric for protection, but also a quality metric in how you build products. Nobody wants to buy a product that does not deal with quality, and cybersecurity is now considered part of that equation related to how good that product is. We also have an outstanding M&A Integration team led by our CIO whom I partner with heavily at the peer level. 
 
You’ve been in cybersecurity for many years; can you talk about the evolution of the CISO position? 

Dwayne Smith: I would say the CISO position evolves every year. There’s no shortage of things to learn, retool, rethink. Cybersecurity definitely gets a whole lot more attention these days because it could interrupt the business and revenue, and it could take years for companies to recover monetarily, as well as reputationally, from a cyber event. 

Talk a little bit about your background coming from the U.S. Navy and how you got involved in cybersecurity in the first place. 

Dwayne Smith: I was an engineer to start with, and I always had an engineering focus. I always loved math and technology. When I went to college and wanted to try to figure out the type of engineering I wanted to do, none of it really appealed to me, so I was kind of let down a little bit. When the U.S. Navy came into the picture, they offered nuclear engineering and a practical application—powering war ships—it was a practical application making things move around the world. It seemed interesting to actually be able to lay hands on it, get experience with it and work with a bunch of other people. Coming into that, the nuclear field wasn’t one that was actually very digital either. It was more analog, but it fueled my desire to learn more about the digital world thinking, ‘How could you do this differently?’ Cybersecurity presented itself through webpages and change in career field within the U.S. Navy. I started writing webpages and then hacking webpages by just testing. So, I found myself with an opportunity, a unique opportunity, to start doing web and network analysis. With cybersecurity, I got a chance to take a ride on what I consider a once-in-a-millennium opportunity. 

How has your role changed since you joined the company a couple of years ago?  

Dwayne Smith: When I started here, cybersecurity was a shared responsibility among a lot of different teams. Walking in, I was able to start to establish this as a central cyber organization and state this is what we do. The buck stops with my team when it comes to cybersecurity, so that was an important component to start to establish. Not that they didn’t have cybersecurity, but a truly proactive, evolving, mature, dynamic and agile cybersecurity organization. People took it seriously, but they needed a ‘guide.’ So, I became that guide. We relied heavily on a lot of our partners within the organization and still partner and collaborate with them today as we evolved. Over time, we focused on improving our protections, working with the technology team and making sure our technology had as much security built into it as possible. Not just monitoring for threats, but shifting from a less reactive approach to a proactive approach. We also did a lot of work with the business teams discussing business processes and how they could be more secure. That led to things like increasing our messaging and communication. We improved our cyber awareness across the board and the increased the expectations of every employee when it comes to cybersecurity. 
 
If you had a chance to talk to ‘AI Dwayne’ from when Dwayne was a young lad in Kentucky, what kind of advice would you give young Dwayne? 

Dwayne Smith: I actually often think about where I would be if I hadn’t taken the steps that I’ve taken in life. I don’t know where I would be, but I will say one of the best pieces of advice I ever got came from my stepfather. He said, ‘If you’re going to make a mistake and you’re going to try something, do it while you’re young.’ Trust me, I tried many things, and I failed at many things. Traveling, trying things, experiencing things that I actually failed at is an important part of life. I learned more from my failed attempts than I did my successes. At Vensure Employer Solutions, we have partners who we’ve built relationships with that are key to both Vensure’s and their success in business. Not everything is going to go 100% correct, so you must be able to have those experiences to lean on when you’re trying to fix something or troubleshoot an issue. 
 
Want to learn more about Vensure’s cybersecurity initiatives and how they help our customers? Contact us today!