Q&A: Mike Smola on Bringing his Retail, Security & Intelligence Expertise to Flashpoint
Mike Smola joined Flashpoint this month as our Director, Business Development, with a heavy focus on providing support and solutions to the retail industry. Why retail? He spent upwards of the last decade building and leading security teams at Walmart.
Overall, Mike has more than 25 years of experience in the operations and security field, also working for organizations like Foot Locker, Finish Line, and Starbucks
Read on for more about Mike, his impressive experience, and why he joined the Flashpoint team.
Q: You spent more than a decade of your security career at Walmart. What does it take to protect a Fortune 1 enterprise and global retailer?
A: Like many global enterprises, Walmart’s business model is very complex—far more complex and with far more assets, systems, and endpoints than most people realize. Prior to joining the company I had no idea of the extensive breadth of its retail verticals. As a security practitioner, it was important for me to learn about these verticals and understand what the key stakeholders in each of them were most concerned about and challenged by from a business perspective.
After I accomplished this, I was able to build internal capabilities tailored to the needs of each vertical and ultimately offer security as a service to the entire enterprise. One of the most important parts of this process was establishing a capability matrix that included a mix of internal resources augmented with the right external resources to meet enterprise security needs.
Q: While at Walmart you successfully started, developed, and led various security teams and programs. What advice would you give to other security practitioners in the retail industry who are looking to start initiatives or mature capabilities at their organizations?
A: First and foremost, do everything you can to identify and deeply understand your organization’s priorities from a business perspective. As a security practitioner, your top priorities initially may likely differ from the C-suite’s top priorities. However, once you align your objectives to the organization’s priorities, you can effectively build a capability matrix to align to any business vertical need.
If your CEO’s top priority is to become profitable in a new region, for example, ask yourself this: what security threats, challenges, or related issues might hinder our ability to be profitable in that region? And what can we do to mitigate the risks posed by those issues? Once you’ve asked and answered these sorts of questions, build your capabilities internally to address them. Not only can this approach help you achieve better alignment with—and buy-in from—the rest of the business, but it can also enable you to better prioritize your own objectives accordingly.
Another piece of advice that tends to be especially relevant for security practitioners in the retail industry is to operate based on a service offering model. This starts with viewing stakeholders at your organization as if they were your customers, because essentially they are. Rather than focusing solely on telling them what to do to achieve better security, (though that will likely always be necessary in certain situations) be collaborative. Ask them what their priorities and challenges are and then tailor and position security as a service that can help them fulfill those priorities and overcome those challenges. This approach is how you get stakeholders across the entire enterprise to view—and action—security as an enabler rather than a roadblock.
Lastly, staying agile, building transparency and rapport both internally and with trusted external partners, being mindful of budget and the return-on-investment of your budget, and being humble yet bold are all also crucial for taking just about any security initiative or capability from where it is to where you want it to be.
Q: The rise of e-commerce has rapidly and drastically changed retail. What have been the most significant security implications of these changes—for both defenders and adversaries?
A: The technology landscape has grown exponentially, and as a result, securing this landscape has become increasingly difficult. Since security has traditionally been seen as a roadblock to business operations and agility, many enterprises favor shadow IT efforts or seek to bypass security audits. Unfortunately, adversaries are aware of this and know the odds are in their favor in these situations. It is important for security functions to evaluate their own capabilities and evolve them to not only meet the needs of the business, but also to outpace adversaries. We must always aim to evolve at the same speed as—if not faster than—the adversary.
Q: What would you say is the most critical challenge facing security practitioners in retail? How does this compare to other industries?
A: Retail encompasses a broad range of business verticals to meet consumer demand. Margins are traditionally low, therefore volume, price, service offerings, and speed often matter significantly to the bottom line. Retailers rely on technology to optimize their operations in these areas. Technological innovation requires speed to meet consumer demand, but security must match this speed so that business owners will continue to be open to adopting security controls.
Q: Your background spans multiple security disciplines including cyber intelligence, physical security, and insider threat. How will your experience in each of these areas support your role as Director, Business Development at Flashpoint?
A: I have been fortunate in my career to work in a variety of roles across the operations and security spectrums. My goal is to bring real-world experience and match that with Flashpoint’s security offerings to help organizations leverage Business Risk Intelligence to meet their business needs. Although each organization’s needs are unique, there are always similarities. I’m hopeful that my experience will position me to understand and relate customers’ needs to Flashpoint offerings in a manner that helps them mitigate potential exposure and resulting risks more effectively.
Q: Why Flashpoint? Why switch to the vendor side of the industry?
A: I’ve known many members of the Flashpoint team for years and have always seen them as invaluable partners. Flashpoint also has an excellent reputation as a vendor with the expertise, dedication, and willingness to move as quickly as its customers need. The team understands that although they are providing much-needed product and service offerings, they prioritize relationships, trust, and confidentiality above all else. These characteristics are exceedingly unique in an industry where it seems like a new security vendor is being stood up everyday. Matching great offerings with an equally great leadership team and core values is something I couldn’t be more thrilled to be a part of.
Switching to the vendor side of the industry was an easy decision because that vendor is Flashpoint. I’ve always been passionate about helping other organizations protect their most valuable assets, and I wanted to represent a company that does this best and also aligns with my core values.
Q: What are your interests outside of work?
A: This may or may not count as “outside of work,” but I like to read any and all types of security publications. This industry never ceases to fascinate me! Beyond the world of security, I enjoy being with my family, spending time outside working on our property in Arkansas, and watching documentaries and sporting events. I’m also an avid fisherman. I love to participate in bass fishing tournaments and just about any kind of fishing. It’s exhilarating and also a great way to unwind in the outdoors.