Ricardo Johnson currently serves as the VP, Chief Information Security Officer for Dentsply Sirona, a global medical device manufacturer and dental consumables producer in over 120 countries, where he oversees corporate and product security across its global portfolio including cloud, IoT, hardware and supply chain. Ricardo has over 25 years of experience in the information technology industry having held security, privacy, and IT leadership roles across several business verticals.
Prior to Dentsply, Ricardo served as VP and Chief Information Security Officer for Citrix where he oversaw product, enterprise security, risk and compliance. He also held senior leadership roles at Dropbox, CrowdStrike, Ryder System Inc, KPMG including Chief Privacy & Risk officer at Burger King Corporation. Ricardo holds an MBA from The Chapman School of Business and a BBA from Florida International University. He is a regular speaker on cybersecurity, data privacy and risk topics. Some of his speaking engagements includes the following: the Gartner Risk Summit, Visa PCI Symposium, WorldCompliance Summit, IAPP, Cloud Security Alliance (CSA), Institute of Internal Auditors (IIA) and Compliance Elliance Journal (CEJ).
Recently, in an exclusive interview with Digital First Magazine, Ricardo shared his professional trajectory, insights on the evolving role of CISO in the next 5 years, personal hobbies and interests, his favorite quote future plans, words of wisdom, and much more. The following excerpts are taken from the interview.
Hi Ricardo. What drew you to cybersecurity, and how did you begin your career in this field?
It was 1991 during my sophomore year when I was frustrated with my then major, when my dad uttered the following life altering words, “I heard about this thing called the internet. I think it’s going to be big, perhaps you should try something in that field”
After changing my major to Computer Science, I immediately sought employment in the field. I started as an intern at a small IT services company that catered to law offices and medical practices. Being one of the first employees, I handled everything from cabling to PC repairs, network setups, and data security. While my role wasn’t explicitly in cybersecurity, protecting client data naturally became part of the job.
What do you love the most about your current role?
I love blending business acumen with technology. For me, cybersecurity is fundamentally a business function. As a CISO, I focus on communicating risks, prevention strategies, and mitigation plans as they relate to business value. I also enjoy the variety my role offers—every day brings new challenges and opportunities, keeping me engaged and excited. I am never bored. Perhaps that’s my undiagnosed ADHD 😂
What skills and expertise do you believe are essential for aspiring cybersecurity professionals to develop in the next 2-3 years, and how are you investing in talent development within your organization?
Emotional intelligence is critical, as the biggest challenges in cybersecurity often revolve around people—customers, end users, and employees. Additionally, mastery of Artificial Intellegence is crucial. Cyber professionals must must understand the technology, discern practical use cases, discern practical use cases and expertly articulate the risks.
For talent development, I ensure our vendors include training in contracts, encourage participation in grassroots cybersecurity organizations like ISACs, and support attendance at key industry conferences.
How do you stay current with emerging trends and technologies in data and analytics, such as AI, machine learning, and cloud computing?
I rely on tailored threat intelligence reports to stay updated on risks specific to our industry and technology stack. I also engage with peers in various CISO and vendor forums, Slack channels, and LinkedIn groups. Podcasts are another great resource—I listen to them while exercising or walking my dog.
How do you envision the role of the CISO evolving in the next 5-10 years?
The role will likely mirror that of a Chief Risk Officer in financial institutions. CISOs will serve as strategic advisors on managing the risks associated with business critical computing services, including SaaS, PaaS, SOC and DaaS.
Is there a particular person you are grateful for who helped get you to where you are?
Mack, a retired senior executive, mentored me during college. He advised me to learn the roles of the four peers I’d interact with most—IT, Engineering, Legal and Finance,—to build empathy and collaboration skills. Taking this advice, I pursued roles in these areas and also earned an MBA, which continues to help me build strong partnerships across the business.
How do you keep your mind healthy and stay resilient? And how do you motivate your team?
To keep my mind healthy, I make time to disconnect. I enjoy playing soccer, mountain biking, volunteering, and spending time with family and friends. For my team, I focus on providing clear, measurable goals and eliminating subjectivity. Defining and quantifying what good performance looks like helps align and motivate everyone.
What is your favorite quote?
Unless a kernel of wheat falls to the ground and dies, it remains only a single seed. But if it dies, it produces many seeds.
Where do you see yourself in the next 5 years?
I’d like to take on a role with P&L responsibilities. Additionally, I hope to gain clarity on what my post-corporate “second act” will look like.
What advice would you give aspiring cybersecurity professionals?
Cybersecurity is a business function that requires empathy and people skills. Those two should be foundation upon which your build your technical expertise.