Jim Powell, CISO at Trane Technologies

Today’s CyAlliance Birds of a Feather Spotlight interview is with Jim Powell. Jim is Vice President, IT Security (CISO) of Trane Technologies (previously Ingersoll Rand) since October 2018. In this role, Jim serves as the global head of information security and cyber risk functions. He also leads efforts related to technology compliance, including interfacing with internal and external auditors, and responding to new and changing regulatory requirements. Jim serves on the Information Technology Leadership Team, the Compliance Investigations Committee and the Enterprise Risk Management Steering Committee.

Jim has over 20 years of experience in IT positions, with the majority being in Information Security roles. Prior to Trane Technologies, he was the Chief Information Security Officer (CISO) at LPL Financial since 2015. Prior to that, Jim held a variety of security positions with increasing responsibility for nearly ten years at TIAA, beginning as a Senior Security Analyst in 2005 and concluding as the Managing Director of Security Operations in 2015. Prior to that, he held multiple technical roles in security and infrastructure at Bristol-Myers Squibb Company since 1999. 

I am so excited to have this time with Jim today and get an opportunity to go through some of our Birds of a Feather Q&A quick fire questions -- So - let's get started!

*******

Q:     So Jim, whether you are working virtually or at the office, what time do you go to work each day?

A:     I typically arrive to the office by 8 AM, but it can vary.

_______

Q:    How do you personalize your office?

A:    I don't personalize my office much, honestly. I do, however, have some pictures of my family and trinkets collected during business travels.

_______

Q:     Would you describe yourself as creative?

A:     When I look at creativity - well I feel like I’m “big picture creative”… I like to create teams, processes, even businesses.... But ask me to draw a picture... write a song?  HA!!!

_______

Q:     Do you have any quirky daily rituals? 

A:     That is a great question - I am not sure it’s quirky, but I exercise 5-6 days a week. What does that mean? It means that I am at a 5 AM CrossFit class. When you think of the "quirky part" it has to be my wake-up routine… I wake up every weekday at 4 AM to an alarm I set on my iPhone.  The alarm text says “Winners don’t Snooze!!!”  My iPhone is in my bathroom on a charging station next to the sink. So it requires me to stumble over there every morning to turn it off, AND that is the moment of truth… Am I going to “WIN” by grabbing the toothbrush and starting my day, or “LOSE” by stumbling back to bed for more sleep?  I like to win… 

_______

Q:     What keeps you up at night? 

A:     What keeps me up are thoughts running though my head - usually things I should have said or done. I have found I almost never regret some action I have taken, it’s usually my inaction or silence that upsets me. I will definitely lose sleep over it – once – and then work hard to correct it the next day. Fortunately, I’m pretty outspoken and action-oriented, so these times are rare – so, I mostly sleep well.

_______

Q:    What is the characteristic you most look for and admire in those that work with you? Most dislike? 

A:     The characteristics I look for most are Effort and Integrity.  I like when people try hard and be real.  People get a long way with me if I see them care, try and tell it like it is. To the contrary, lack of effort is my biggest pet peeve.

_______

Q:     Do you use social media much – personally? for work?  

A:     Social media - now there is a topic that varies by many. For me, the answer would be Sort of. I use LinkedIn sparingly for work – not as much as I should. I do use Twitter as a type of “canary in the coal mine” for all things related to Cyber.  I follow a pretty wide-ranging group of smart people, and this helps me stay abreast of noteworthy happenings in our field. I use Instagram to keep up with hobbies and share pics with friends. I didn’t have a real Facebook account until I opened a small business earlier this year.

_______

Q:     What accomplishment are you most proud of? 

A:     Professionally, I’m very proud of the first DLP program we implemented. It was a great opportunity (since we were replacing something draconian and flawed) to improve security while simultaneously improving user experience and business enablement – we reduced false positive email blocks by 90%!  

_______

Q:     What is your greatest extravagance? 

A:     This is a great question - for me it has to be that I spend way too much money on suits. My last two employers had pretty casual dress policies, but I continue to invest in suits because I feel best when I’m dressed professionally. David B. Wright did help me ditch the ties about 4 years ago, though. 

_______

Q:     What is the most overrated security technology? Most underrated? 

A:     When I look at the market right now, in my opinion, the most overrated has to be user and entity behavior analytics, UEBA. Where it’s an actual solution being sold, it’s just analytics and data science applied to logs/raw data. Where it’s just a buzzword, UEBA is even more annoying – and many products are now claiming to be or have UEBA capabilities.  

Underrated for me is Endpoint detection and response, EDR. For nearly the past 5 years, I’ve been amazed at how many attacks the companies I’ve worked for have thwarted through strong EDR detection and device quarantining processes.  It’s become so advanced and seamless, many have actually stopped talking about it – but that’s only because we now have the cycles to go put out other fires!

_______

Q:     What is the soundtrack for your career? 

A:     Weird question, (Gee thanks Jim....) to be honest… I feel like my career has been a nice crescendo, with many different musicians playing solos (including me) and in ensemble. I feel like I’ve been blessed with a lot of great opportunities and have a lot to be thankful about, so the soundtrack is definitely very upbeat!

_______

Q:     What book are you currently reading? 

A:     I am always reading or listening to at least two books concurrently: one for fun, and one for learning/self-improvement.  My fun book right now is a book called Stillhouse Lake by Rachel Caine. My self-improvement book is Atomic Habits by James Clear.

_______

Q:     Are there any things, through your career, you’ve been especially glad to no longer do? 

A:     I used to get exception requests from various groups in IT via fax, get them manually signed by my boss and file them in a locked cabinet. Terrible waste of time and energy, but this was in 2001-ish… One day, we got 2,100 exception requests (the day before the enforcement data of a newly published security standard).  This (finally) drove us to revisit the exception process… 

_______

Q:     How do you like to relax after work? 

A:     After work I’m usually ready to “wind down”… I like to eat a good meal, catch up with my wife, talk with my teenage kids (if they are around ?? ), watch maybe an hour of some show on Netflix, and then start getting ready for the next day… I get up early, so I go to bed early…

_______

Q:     How do you create Work/Life Balance? 

A:     I believe in Work/Life integration. We’re all so connected all the time, and I don’t try to fight it… I do the things I need to do throughout my day to maintain my health and wellness – I covet and protect my workout time in the morning, I stretch and walk during meetings when I can, I take time to make myself food and eat healthy.  Meanwhile, I don’t sweat, regret or begrudge the times when I need to be in meetings until 8 PM, or something important needs my attention over the weekend. 

_______

Q:     Which words or phrases do you use too often? 

A:     “We’re going to use a risk-based approach.”  But it’s so important… people need to hear it a LOT. The decision to do xyz over abc has to be risk-based, or we’re in the wrong profession.

_______

Q:     If you could try out any job for a day, what would you choose? 

A:     I’d really like to be on a corporate board.  After sitting in the hot seat in many board meetings, I’d like to be one of the people asking the questions! ??

_______

Q:     What would you say to your 18-year old self? 

A:     Learn to code NOW, not almost ten years later.

_______

Q:     What is your Superpower? 

A:     I’m a translator. I can help people understand complex things in a language they understand. In my role, that helps me explain technology and security to business people without being condescending or getting into the weeds. It has helped me communicate successfully with Board members, executives and leaders, but it’s a skill that must be honed. I’m always working on it.

_______

Q:     If you could share one tip with the world, what would it be? 

A:     Have a bias for action… Start the thing, do the work, finish the task, take action. Don’t wait… move!

**********

Thank you so much for your time today Jim! Love your answers and candidness, as always. It is nice to see others that absolutely love that they do every day and truly make a difference in this crazy cyber world. 

If you would like to read more about Jim's background - here is his LinkedIn Profile:

If you would like to be a part of the CyAlliance "Aviary" just let me know and we can get you engaged with the Birds of a Feather series. 

Hope you have an amazing week - and stay healthy and safe!

#DoWhatYouLove #LoveWhatYouDo

Tammy Moskites, CEO/Founder, CyAlliance, LLC

#BringingCyALLIANCESTogether