Nasrin Rezai is GE’s Global Chief Information and Product Cyber Security Officer, responsible for all aspects of cybersecurity strategy and operations for GE products and enterprise, including incident response, threat intelligence, security services, architecture, commercial OT security and regulatory & compliance. Her previous roles include Global CISO for GE Capital and head of Corporate Governance, Technology Risk and M&A security, for the industrial GE businesses. Prior to GE, she served as SVP, Chief Tech Risk Officer in the Enterprise Risk Management Organization at State Street and as CTO of Security at Cisco. Throughout her career, Nasrin has promoted engineering and architecture in designing security solutions for large enterprises.
What was your first job? I was hired as an entry-level software developer at Hewlett Packard [HP] following my internship there.
How did you get involved in cybersecurity? I was working at Cisco in engineering and architecture roles, but I was always looking to find a specialized niche with a broader reach than just technology. I was introduced to cybersecurity as a key differentiator for customers and fell in love with the protection aspect – 14 years later, it’s still my fascination.
Tell us about your career path. I started as an entry-level developer, moved into project management, then IT management – not really a detour per se, but I did zig zag into a business leadership role for some time, which was hugely beneficial to me as it helped me broaden my horizons, and helped me understand how businesses need to run. I’ve been in various cybersecurity roles for about 14 years now.
Was there anyone who has inspired or mentored you in your career? At HP, one of our female leaders took me under her wing and pulled me out of my developer role into technical project management. She said she saw potential in me and she helped foster it by putting me in charge of my first large-scale project, which really kicked off my career growth and gave me the confidence to take on bigger and bigger projects. It’s so important for leaders to observe junior talent and look for that untapped potential – sometimes all it takes is a little nudge and someone can achieve great things.
What do you feel is the most important aspect of your job? Most important is to continually mature and up-level GE’s cyber capabilities, embed them in GE business practices (the art of cyber risk management), and ultimately enable secure business growth. This is our customers’ and regulators’ expectation of GE as we continue our digital industrial transformation.
What metrics or KPIs do you use to measure security effectiveness? We measure both lagging and leading indicators across the spectrum — we have goals around risk management, threat detection and resiliency around readiness to make sure it’s from the top down. We track critical success measures and initiatives that will close gaps around critical risks.