From Data Chaos to Clarity - Hans Vargas - Guardians of the Data - Episode #11
What happens when your organization doesn’t know what it needs to protect?
Today Ward welcomes Hans Vargas, Enterprise Data Protection Lead at Marathon Petroleum Corporation, who brings over two decades of experience in cybersecurity. Hans shares insights on the importance of understanding what data needs to be protected, and the challenges organizations face in this area, especially with the adoption of cloud services. He discusses the significance of communicating the value of data protection to business leaders and data owners, and offers practical advice on data discovery, retention, and governance. Hans emphasizes the necessity of including data security considerations in the early stages of application development and innovation. He also shares his personal journey from Peru to a successful career in the U.S., highlighting the importance of mentorship, continuous learning, and proactive problem-solving in cybersecurity. This episode provides valuable strategies for integrating data security into organizational processes and fostering collaboration between cybersecurity professionals and business stakeholders.
Takeaways:
- Know What You Need to Protect: Start with data discovery and identify what data you have, where it is, and what is sensitive. You can't protect what you don't know exists.
- Engage Data Owners Directly: Build relationships with data owners, not just stakeholders. Have open conversations to understand what is truly sensitive and important to the business.
- Communicate the Value of Data Protection: Clearly explain to business units why data protection matters, using relatable analogies if needed (e.g., moving houses, hoarding).
- Establish and Strengthen Data Governance: Ensure your organization has clear data governance policies covering the entire data lifecycle from creation to disposition.
- Collaborate Across Teams: Work closely with data governance, legal, and business units. Data security is a two-way street; share discoveries and insights to improve overall protection.
- Don’t Rely Solely on Tools: Deploying a tool is not enough. Make sure processes and responsibilities are in place before or alongside technology adoption.
- Consider the Full CIA Triad: Don’t focus only on confidentiality. Ensure data integrity and availability are also prioritized to keep the business running smoothly.
Quote of the Show:
- “If you don't know what you need to protect, that's a problem.” - Hans Vargas
Links:
- LinkedIn: https://www.linkedin.com/in/hansvargas/
- Website: https://www.marathonpetroleum.com/
Ways to Tune In:
- Transistor: https://guardiansofthedata.show/
- Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ
- Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323
- Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
- iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
- YouTube: https://www.youtube.com/@GuardiansoftheDataPod
Creators and Guests
