Kevin Paige has been defending the country and corporations from attack for nearly 30 years. Listen to Paige’s full conversation with our CEO Daniel Barber on the Grailcast.
A Career Built Around Defense
Kevin Paige thinks of himself as a defender. It’s a role he has held for 27 years since he signed up for the Air Force at 18. Back then, he was assigned to serve in law enforcement and found himself drawn to computer and technology problems. Eventually, he was moved into computer operations and was given assignments that fit his law enforcement background. “In the government and the military, you’re kind of constantly under attack,” Paige, who is now the Chief Information Security Officer at Flexport, a freight forwarder company, says on The Grailcast.
Although the stakes were high, Paige had access to the top resources and technologies. “I got the opportunity to put my hands on some interesting defensive tools,” he says.
Transitioning Into Corporate Security
After leaving the military, Paige worked as a government contractor but was drawn to the corporate sector. He soon realized that civilians had little to no idea about the security threats surrounding them.
“In the government, we’ve been doing security since before the term ‘cyber’ was coined,” he says. However, in the private sector, there was a lack of knowledge about security threats and basic security hygiene. Plus, there was a dearth of experienced talent able to handle the issues that Paige knew were on the horizon. “That was probably my biggest surprise, but I also saw it as a major opportunity,” he elaborated.
Changing the Conversation About Privacy & Security
In the past few years, particularly since GDPR took effect in 2018, Paige has seen a desire for privacy and security catch on in the United States. Even when Europeans began to argue that the protection of personal information was a human right, most Americans didn’t immediately see it that way. Now, that is rapidly shifting. “These guys are right. Our personal data is our personal data, and we should know what’s happening to it,” Paige says.
When people and corporations accept that data privacy is a fundamental human right, protecting that becomes a central task. Robust protection through steps like encryption, authentication, and controlled access become expected, rather than optional, Paige says. The key is thinking about protecting privacy and boosting security when you’re constructing a system. Being proactive about protecting rights needs to be built into the digital ecosystem and top of mind.
“If we do that, I think privacy just becomes a footnote in the future,” Paige says.
Paige’s Resources and Advice
Paige believes that whether you’re in data privacy or security, to succeed, you need to have a deep-seated understanding of the systems that you’re working within. “If you’re a security operations person, really spend time to understand the systems and the technology. If you’re in privacy, really understand the personal data and the interactions between systems,” he says. “Go deep. Don’t just take superficial answers.”
To keep up to date on the latest innovations in the systems he’s protecting, Paige monitors O’Reilly and keeps up to date with Medium articles by security professionals. He looks for real-time updates on Twitter and Reddit and uses that information to jump into further research. He also created an RSS feed through Feedspot that aggregates the latest news from security sites, including The SANS Institute, Bruce Schneier, Packet Storm, and The Hacker News.
With those resources, CISOs and other security & privacy professionals will have a thorough understanding of the systems and rights that they are protecting. “You really want to not just be a person who’s overseeing things,” Paige says. “Fundamentally, you want to really understand the areas that you’re trying to protect or defend.”