Gernette Wright is a seasoned cybersecurity leader with a proven track record in infrastructure and information security management across a variety of industries. His expertise spans incident response, governance, risk management, vulnerability management, BCP/disaster recovery, and third-party management. Prior to joining Schneider as an IT Security Officer for the Americas, he worked in various roles in Information Technology, before moving into more security-focused leadership roles serving as Senior Manager for Security Operations, and then VP of Information Security. Gernette actively participates in industry-aligned groups. He holds advanced security certifications from IAPP, ISC2, ISACA, & EC-Council, and is a Computer Science graduate of Stockton University in NJ. He also holds a Graduate Certificate in Cybersecurity from the Van Loan School at Endicott College, and an Executive Certificate in Management & Leadership from MIT Sloan’s School of Management.
Recently, in an exclusive interview with Digital First Magazine, Gernette shared his professional trajectory, insights on the three major tech trends to watch out for, personal hobbies and interests, future plans, words of wisdom, and much more. The following excerpts are taken from the interview.
Hi Gernette. What inspired you to pursue a career in cybersecurity?
I’ve always been fascinated with the intricacies of how things work and fixing them if there’s an issue. On my cybersecurity journey, this initially manifested predominately around IT projects that required the implementation of controls to achieve compliance around areas for PCI & SOX. This eventually led to other projects around securing active directory, least privilege implementation, and vulnerability management. It was fascinating to look at the problem, sort through the results, and plan the various mitigations. I got to talk to all areas of the business and found out how one fix could affect in very different ways and how one bad decision could have negative consequences on production, so I had learned early on that we were much more integrated into the business than one thought, although it was not always apparent looking from the business side in.
Another driver is the feeling of making a difference. We all want to feel that what we do makes a difference and I’ve always been curious about how that translates for me in my day-to-day activities for the company I work for and the people I work with. Cybersecurity has always played an important role in safeguarding our assets, but it is now an even more important driver for the business by being an enabler. Customers and consumers are now demanding more from us for being good stewards of the data they’ve entrusted us with, as are our regulatory bodies. I love the creativity that goes along with keeping those data & relevant systems safe but allowing it to flow freely & securely where it needs to go to facilitate the business and customers’ needs.
What do you love the most about your current role?
I began my career on the technical side of IT before moving into more security-focused leadership roles. Throughout those roles, I’ve been able to build up my skill sets and experience in risk & incident management, working cross-functionally in governance & compliance, risk management, vulnerability management, and BCP/disaster recovery planning. As a normal cycle of business, the company acquires other businesses that align with the strategic objective and boosts its product offerings. Some of these companies are young in their security journey and as part of the integration process, we follow a strict security assessment process to align the incoming company to the security practices of the parent company and help them build a maturity roadmap to enhance their program. This includes areas such as reviewing and creating policies, technology adoption, risk assessments, stakeholder engagements, etc. I’m able to use the culmination of all my experiences to help these companies understand what’s required. I can talk to them from an IT perspective and then show them how that then translates into a security requirement for their security program.
Working with these various teams is the best part of my current role. It’s not just about remediating technical gaps but how to adopt a framework and use governance as a key part of the program to drive adoption, standards, collaboration, and a continuous improvement mindset. One of the most important shifts is to help the teams to stop thinking of a technical solution in isolation as security cannot thrive on its own. They now need to think of how what they do can help facilitate business and improve the lives and experiences of both internal and external customers. Our group has a key symbiotic relationship with the company and loves to show ways to connect with the rest of the organization and show how security can be a valuable partner to add value to the organization.
What are the three major trends do you foresee in your industry in the next 12 months?
We’re in a unique time of unprecedented growth in technology fueled by GenAI, growth in IoT, and the widening of the traditional perimeter. Like many others, I believe artificial intelligence is just in its infancy and is poised to make a big difference in our day-to-day personal lives and at work. We’ve seen some use cases for boosting productivity such as in automating threat detection & intelligence, use of co-pilots for task enhancements, analyzing large datasets, etc. but we haven’t really seen a true AI powered solution for the security stack, just augmentation. I think some of that is companies are just trying to figure out what AI means for them in their products, some are cautious and want to see what the market is doing, and I believe there’s also fear of the unknown, but I do believe a truly extraordinary breakthrough is right around the corner. We also need to keep a key eye on the malicious actors. Unlike us, they have no guardrails and also have access to the same tools, and more, as we do. They’ll continue to increase the sophistication and speed of attacks, powered by AI, making the cybersecurity landscape even more volatile. Other areas such as data governance, privacy, government regulations, AI usage in products, etc. make this area a complex topic for the business to undertake and will continue receive increased focus in 2025.
I only have to take a look at my phone to see how the rise of IoT (Internet of Things) devices has dramatically transformed our homes, personal lives, and businesses. At home, it’s incredibly easy for this number to grow without much thought and the same can be said within our organizations. As the number of interconnected IoT devices grows, so does the attack surface. Typically, these devices do not have protection mechanisms built in and must be protected by other mechanisms which means, if left unsecured, they are a prime attack area for bad actors to gain a foothold in an organization. IoT offers incredible opportunities for business but also poses a substantial risk to companies. The importance of which was highlighted by the FCC this year with the introduction of the Cyber Trust Mark Labeling Program. Although voluntary at the moment, the program aims to elevate cybersecurity standards across IoT devices, marking an important step forward in bringing attention to this crucial area.
Whether traveling for business or working from home, remote work and cloud resources eases the barrier of entry for bad actors as the boundary is no longer the four walls of your building driving a growing need for robust endpoint security and practices such as zero trust. The protection of the remote worker sometimes takes a backseat to the return to the office conversation. However, remote work has been around for a long time but only became commonplace with the onset of the pandemic. Things that we were told for years that couldn’t be done, were done overnight. Availability of applications and access to data is now at your fingertips from anywhere in the world. As the hybrid workplace continues to be prevalent and access to data increases during our business trips, this area continues to draw focus. More than ever, the need to make our endpoints secure, trustworthy, and isolation friendly/capable is extremely important and I believe we’ll see more vendors taking on this challenge.
What role does data quality and governance play in AI initiatives, and how do you address data-related challenges?
AI has done for data what COVID-19 did for remote work. The importance, accuracy, and access to data was always there but GenAI hastened the importance. Data quality and governance are crucial to AI success. A good governance program ensures that the data used for AI training purposes is accurate, and consistent in order to prevent bias and inaccurate results. Despite what your use case may be, good data practices are needed. The old adage, “garbage in, garbage out”, is being used to sum up data quality needs and it is fairly accurate. Adhering to these practices allows organizations to meet legal requirements around data usage protection & privacy, build trustworthy AI systems and foster trust from your customers, be they external or internal.
Of course, selecting a governance model is probably the easiest task, actually getting a handle on the data, where it is, who has access, and how much to keep is the hardest task. While IT & Security can help with access and storage, we cannot determine usage, data accuracy, sensitivity, and applicability from the business perspective. This task has to be driven by the data owners themselves and with so many across the business lines and the amount of data we’ve kept as companies, it’s quite a surmountable task. To help the teams get a grasp on these requirements, we need to leverage technology to sift through the vast amount of data. Some newer vendors in this space are leveraging AI to assist with this and with tuning for your specific use case, this is the best way to go about doing the initial phase of the data discovery.
You were recently named as one of the 2024 Future CISO 100 award global winners. Our readers would love to know the secret mantra behind your success.
I’m not sure if I have a secret mantra, but there are a few things that are important in how I approach my career. The first is people, first and foremost it’s really important to treat people how you’d want to be treated and be respectful even if you disagree. I’ve been lucky to have had great teams and have also been fortunate to have had a few great managers who gave me the latitude to fail or succeed because they believed in me, so I make sure I do the same. The team members individual successes is as important as the overall team so give their voices and their skills a chance to shine. Take time to listen and embrace the team’s ideas and thoughts. I believe if you’re the loudest voice in the room, you’re not doing enough listening.
You’re never too old to learn, and there is always someone smarter than you, the list can go on so it’s important for me to remain teachable. As my career changes, so does the guidance I need so having great people I can reach out to or people I can look to for examples, is extremely important. It doesn’t have to be someone at work or even talk to, you can learn so much by listening and watching what they do. Get plugged in and get involved with your local Evanta, CISO Society, HMG Strategy, CyberRisk Alliance, The CISO Society, HotTopics groups, etc. There are no shortages of communities, just pick a couple. I recommend checking out as many of the communities as you can over time, and then deciding on which one aligns best with your goals and personality as they are all a little different. My only advice there is don’t just attend conferences, volunteer to run discussion groups, panels, and support the sponsors. I’m a huge believer that you will get more out of something if you put time and effort into it. You will end up meeting some truly amazing leaders who not just talk the talk but also walk it. Imitation is the greatest form of flattery, but it can also be one of your greatest teachers.
Another tool in my kit is goal setting. It is indispensable. I keep mine in a spreadsheet so I can track it year-over-year. If you don’t accomplish your goal for the year, don’t just drop it, add it on for the upcoming year. With my goals, I try to have a healthy balance of both personal and professional goals so I can keep an eye on my work-life balance and ensure I’m setting aside time for family. What signifies success is different for everyone and can also look different for you at different stages but invest the time, get comfortable with the uncomfortable, and think long term as it doesn’t happen overnight.
Is there a particular person you are grateful for who helped get you to where you are?
We moved around quite a bit when I was younger, but we eventually settled in central Jersey, where I still call home. Playing music was always a comfort to me and immediately found the band room and signed up, as I did at my schools prior. I had no idea the profound impact that decision would have on my life. There I met my lifelong friends and more importantly, Mr. Richey, our high school band director. He embodied kindness, strength, resolve, and leadership.
I came into the band playing valve trombone but the next year, he needed a player for baritone. I had no idea how to play but he kept telling me he believed in me and that he knew I’d get it. I did and even made it into a wind ensemble. The following year, we needed a sousaphone player to fill in the bass line in marching band, he again turned to me to ask to fill in and learn a new instrument and again offered the same encouragement and some extra lessons over the summer break, as it was a bit more difficult to grasp than the baritone. I put in the extra work and by the time the season came around I was good enough to memorize the sheet music.
I know the younger me didn’t see the lessons he taught me, but over the years, I’ve reflected on the numerous occasions he taught me about how to be versatile and flexible in my path to where I want to be, how to be a team player and function as a part of the team, the value of hard work, how to not be afraid to fail, how to try new things, and most importantly, he to taught me to believe in myself. Those lessons have not only stayed with me over the years but also heavily influenced me.
What does the term “authentic leadership” mean to you?
Authentic leadership to me means that my core values drives my decisions and how I live my life, both in and out of work, and there is no discernable difference in how treat people, I not only talk about my values, I live and lead by them. I hold to six values, 1) Do the right thing at all times, especially when no one is watching, 2) Be kind, 3) Be Transparent, 4) Keep it Simple, 5) Think Long Term, 6) Don’t be afraid to fail. By being kind, doesn’t mean that everyone will like me, but I will treat everyone with respect and respect brings trust, which is key to having a successful team and peer relationships. On the other hand, if one of my coworkers sees me outside of work and I am extremely rude to someone else, that kindness that I try to foster internally would appear fake and forced. The values I portray need to be me, inside and out, and aid in fostering a team environment where everyone feels that they have value and is valued.
What are some of your passions outside of work? What do you like to do in your time off?
I love gardening and doing things for my family. Gardening is mostly for my pastime. I find it therapeutic and extremely rewarding to take a bare section of the yard, plan the layout, and have no idea if it’s going to work as sometimes you have to wait a whole year for the seeds to grow and reach a place of maturity that it starts to fill out. I have two kids, the youngest being 6 so I love to plan things that make them happy and bring joy to his face and my wife. Sometimes it’s cooking particular dishes and sometimes it is planning dinner to a new restaurant, family outings, and vacations, any place with an elevator or pool makes my youngest happy.
Where are you investing your time now to prepare for the future?
There are two areas that I’m dedicating time to. The first is soft skills and for me, it’s a range of areas, presentation skills, public speaking, and inter-peer communications. Recently, I took an executive presentation workshop and plan on setting 1 or 2 goals for the upcoming year around this target. As security leadership roles continue to evolve, these skills are becoming more and more important as security becomes more far-reaching across the business than just a technical topic as you need to now talk and present cyber risks to your peers and leadership in a non-technical manner and also translate & align those to the business objectives and overall risk framework.
It’s hard to turn around while running into some type of AI topic. I’m in the camp where I don’t believe AI will reduce the number of jobs, but I do believe if you don’t embrace/learn about AI, including GenAI, you will be without a job. This year I took the ISACA Artificial Intelligence Fundamentals course, Prompt Engineering at Coursera, attended a few talks on Generative AI, and several other webinars, and consumed numerous amounts of YouTube hours, and even after that, I feel like I still can’t keep up. The rate of change right now is staggering and to stay informed, you need to invest the time for your personal growth and career.
What is your biggest goal? Where do you see yourself in 5 years from now?
My biggest goal is to live a life of meaning and be happy. In terms of my career, when I look back 5 years from now, I hope that I can look back and see that I’ve progressed in my career, continued on my lifelong learning journey, and have made an impact in my community, or am well on my way of contributing to that goal. To me, it’s not isolated to being a security leader at work but also outside of work contributing to efforts to give back to the security community and getting involved more in mentoring, particularly for people of color who would like to get into the security space.
What advice would you give to aspiring technology leaders who aim to make a positive impact in their organizations and the industry as a whole?
There are no shortcuts and there are times you may feel like you may not be where you want to be but put the work in. Be inquisitive about the organization and find out how your work affects the other teams and what they are looking for to help them further their own goals I do believe all our departments have a deeply tied symbiotic relationship. We all need to win but we all can’t win at the same time. Help contribute to other people’s success and they’ll in turn help you with yours. Lastly, pursue your passion and find your purpose. Efforts in pursuit of purpose will never disappoint you.