Top 100 Interview: Marlene Allison

CISO, Johnson & Johnson

Marene Allison is a US Army veteran, former FBI Special Agent, and has been VP and CISO at American multinational Johnson & Johnson since 2010. After leaving public service, she developed extensive experience in corporate security, both physical and cyber, including as Chief Security Officer at pharmacy benefit company Medco and Head of Global Security for tech firm Avaya.

How will you drive your organization's cybersecurity strategy forward in 2021?

We are going full-on digital in 2021, and that it is all about the data. Everybody thinks digital is about technology, but it really is all about the data – where you collect it, how your process it, who it belongs to, and then all the requirements around it. And so, in 2021, as Johnson & Johnson pushes forward more into this digital world, cybersecurity will be more important than ever before in terms of knowing where that data is, how it is accessed, and how to protect it. There are a lot of marketing terms out there – zero trust, SASE, cloud security, but basically, it all comes down to some simple things: Where is your data? What’s the importance of that data? And how is it secured?

What should information security executives focus on in 2021 to generate business value?

I would say there are primarily two areas. One is going to be underpinning IT as it moves into the digital arena to make sure that cybersecurity leadership is a business partner. The role of the CISO cannot be in a back room, we must be at the business table. I think that is one of the largest things that we have on our plate. We also need to pivot away from the on-premise legacy.

No company that has been around for more than 10 years is going to be able to do pure-play digital. That is where information security steps in to assist and ensure that the data is protected, private and secure.

This is an excerpt from the Top 100 Global Leaders in Information Security Report. Click here to read the full list.