Steve Ferrigni
VP, IT & CISO
Workplace Safety & Insurance Board
Steve Ferrigni is currently the VP, IT & CISO of WSIB. Within this role, Steven is responsible for managing and overseeing all areas of cybersecurity and IT risk to help protect the organization and the sensitive data of its clients and members. Steve is responsible for developing and managing the overall cybersecurity program which includes security operations, policy development, architecture and delivering corporate-wide awareness programs.
Learn more about leaders in the Toronto CISO community here.
Give us a brief overview of the path that led to your current role.
I started as a part-time teller at a bank while going to university. Upon completion of my degree, I moved to the IT department where I was doing both quality assurance and end user support (having had the experience of working in a branch). At one point, I was the only support person in the organization supporting both software and hardware for over 500 users, spread out over 12 branches across Canada.
With the introduction of Windows and the Internet, we quickly realized that Information Security was going to be a critical factor for organizations going forward, and so I became the Information Security Manager and developed the first security policy and strategy for the organization.
Following this position, I joined the Government of Ontario where I started as a Security Architect and moved through various roles including building and managing the IT Forensics team, managing the SOC, and developing the identity and access management strategy.
What is one of your guiding leadership principles?
Inclusion and loyalty for me are primary guiding principles. It is important that people feel like they are key parts of a team and that their input is valued and helps make the team successful. I pride myself on being a good listener, and people throughout the organization know they can discuss anything with an open and honest conversation.
With disruption being a key theme of the past year, where do you see your role as a CISO going in the next 1-2 years?
Cybersecurity is really becoming more about risk. While understanding the technical details of security operations, assessment and architecture will always be important, more and more the role is about being able to translate those details into a risk framework that makes sense to the leaders of the organization in business terms.
The key to success for CISOs is that you must be able to understand the organization as a whole and its overall operations and mission, and then be able to describe how risks would impact those goals.
What advice would you give to someone just starting out in the role as a CISO?
The job can be extremely stressful, and stepping away from the job is difficult. Be prepared, and make sure you have a good team so that you can take some time to yourself and you know there won't be any slippage.
Additionally, you will need some thick skin and have an ability to counsel your team on dealing with adversity. Security is always viewed as a roadblock or obstacle as people's natural inclination is to take the shortest path to a solution (and that often involves skirting some rules). A key part of the job is being a part of the process from the onset and framing issues so that developers, operations staff, business staff understand the impact that risks will have on them.
Tell us 3 fun facts about yourself.
- I enjoy playing soccer, but enjoyed coaching it even more.
- I love playing cards and will play anything, anytime, anywhere, especially poker (though am better at the Italian card games).
- I enjoy golfing, though I don't get out nearly as much as I would like.
What is the value of joining an Evanta community?
The Evanta community has been a great experience for me personally. The conferences and summits are always informative, and meeting like minded and experienced people has been both enjoyable and helpful professionally. It gives me an opportunity to discuss any issues I’m having with others who are dealing similarly or who went through it before. Knowing that others are suffering the same challenges or achieving the same successes helps level-set my expectations.
Evanta Governing Body members share their insights and leadership perspectives to shape the agendas and topics that address the top priorities impacting business leaders today.
by CISOs, for CISOs
Join the conversation with peers in your local CISO community.