With Cybersecurity Titan and Duke Alum Bryan Palma: How collaborations between industry and academia help address cyber fatigue and CISO burnout

12/20/24 Featured

With Cybersecurity Titan and Duke Alum Bryan Palma: How collaborations between industry and academia help address cyber fatigue and CISO burnout

Bryan Palma is Trellix’s CEO and a member of the Duke Cybersecurity master’s Advisory Board

“What Duke’s Master in Cybersecurity Program does well is prepare students for the reality of battling the unknown”

Trellix was a key sponsor of the “Cybersecurity at Duke Conference” this year. Why do you think that conferences like this are important and deserve industry support?

I am a big believer in community within the industry. For years, I’ve been advocating for there to be more collaboration in cybersecurity because, guess what, the bad guys use community to their advantage in the form of Shadow Syndicates: this phenomenon of strange bedfellows between hacktivists and nation-states. It’s unfortunate but the bad guys figured out community works to their advantage long before we, the good guys, did. Any chance for there to be a “team” gathering, is generally a good thing. 

Specifically, at Duke it’s even more important because you all are building the next generation of Cyber Titans; you’re developing the talent that will make up the team in the future. So, for us at Trellix, it’s really a no-brainer to support the “Cybersecurity at Duke” conference. 

Cybersecurity at Duke conference

What are some of the creative ways that universities should embrace to enhance industry engagement? What companies would like to gain from partnerships with top ranked universities?

I think universities can enhance industry engagement in two ways. First and foremost, going back to the idea of Cyber Titans, universities are training the next generation. In anywhere from 1-4 years from now, the students at Duke will be applying to companies like Trellix to join the good guys. The work we do is important, I believe it is Soulful Work, and so providing access to talent and these young brilliant minds can be of tremendous value to the industry. Second, I think there is an intelligence sharing element of these conferences, where the good guys can gather on a campus like Duke and share what is on the forefront; what they are seeing, talk with faculty, talk with students… take full advantage of academic discourse. 

Partnering with top-ranked universities like Duke provides companies with unique recruiting opportunities, but also collaborative opportunities with leading researchers to help enhance and optimize cybersecurity products.  

Can you name 1-2 significant challenges in cybersecurity today and how an applied master’s program like the one at Duke can help overcome them?

At Trellix, we like to think of ourselves as the “official sponsor of the CISO” and to that end, a couple of times a year, we publish our Mind of the CISO study. The data we gather from personally speaking with thousands of CISOs around the world is nothing short of incredible. One of the key challenges we’ve seen creep up in recent years is the idea of CISO burnout or “cyber fatigue.” For example, from our most recent study we learned that half of current CISOs do not see a future in their role because of the ever-expanding list of responsibilities. Now, do you think 50% of CFOs or 50% of COOs would say they don’t see a future in their role? Of course not. So, we need to figure this out.

And one of the ways to achieve higher retention rates is a master’s program like Duke’s. The CISO, frankly, is a relatively new role in the grand scheme of things, and it has changed so much over the past twenty years…compared to when I was a CISO. But, moving forward, we know technology improves at exponential rates. We know it’s more than just security; board reporting, team management, regulatory compliance… you name it, a CISO does it. Programs like Duke’s can best prepare talent for the role. 

How does the Duke Master in Cybersecurity Program fit into the cyber landscape? What is the potential impact on the future of the cybersecurity profession?

Duke is in a position to train the next generation CISO, the next generation of Cyber Titans. And I think the program’s role is preparing students for what they’re up against. So, what Duke can do, and I think what Duke’s Master in Cybersecurity Program does well, is prepare students for the reality of battling the unknown. Duke creates thinkers and empowers students to tackle whatever challenges come their way when they are one day inevitably sitting in the CISO chair. 

“We keep hospitals running, we keep the power grids on, we keep governments functioning – the work we do in cybersecurity matters”.

How have you decided to become a Cyber professional and why?

I’ve always tried to do work that matters to me. That was true when I was a Secret Service agent, it was true when I joined PepsiCo in the early days of the CISO role to help keep the company safe, and certainly true now as the CEO of Trellix. We keep hospitals running, we keep the power grids on, we keep governments functioning – the work we do in cybersecurity matters. I also love the challenge of getting up every day unsure of what to expect, unsure of what the next big thing will be. It motivates me. Working in cybersecurity certainly has its stressful moments, but we can genuinely say “we make a difference” without any question. 

What was more important to you for becoming who you are today?

In the context of cybersecurity, I think it was having great mentors. There were so many people who helped me along the way. You have to remember, when I was a CISO in the early days, very few people had been a CISO before that. So, I’m grateful to all the mentors who helped me when I got started and it’s why I love coming to Duke. It’s my way to pay it forward. 

What advice do you have for students or young professionals who aspire to build cybersecurity careers?

Because the roles are so diverse and varied, and because it changes so quickly, I always encourage students to learn as much as they can about everything and never stop learning. For example, we need accountants. It’s a really important job. But accounting doesn’t change every year. It’s not like CFOs look at a new balance sheet they’ve never seen before every twelve months. Cyber professionals are facing off against the unknown every single day they show up to work. And that requires a unique set of skills: you have to be a good manager, a good tactician, a good communicator, a good strategist, a fast learner… it takes a lot to do this work. So, learn as much as you can now at school, and prepare to never stop learning.