Senior Vice President and Global Chief Information Security Officer
Aflac

Tim Callahan

Guiding the Next Generation of Cyber Leaders

When Tim Callahan joined the U.S. Air Force, he found a passion for cybersecurity and problem-solving that guided his career from military service to enterprise security. Working in bomb disposal during his service prepared him for the evolving challenges of today’s cybersecurity threat landscape. “I find a very strong correlation to what I did in bomb disposal,” Callahan says. “We had to anticipate what the enemy or terrorist was going to do and try to outflank them to disarm the bomb.”

Callahan’s previous security experience at financial institutions such as SunTrust Bank and People’s United Bank also played a role in his cybersecurity strategy and leadership style. As financial institutions opened up opportunities for online banking, the security threats banks faced moved to the virtual space as well. “That was really the genesis of developing some of the skills that we needed to use in the insurance industry to start fighting off similar criminal threats,” he shares.

The lessons Callahan learned from multiple sectors have greatly informed his cybersecurity priorities. Now, Callahan and his team work to prevent and disarm not explosives, but cyber threats. As Senior Vice President and Global Chief Information Security Officer (CISO) of Aflac, anticipating the actions of cyberattackers has allowed Callahan to remain ahead of potential security incidents. Not only does the Aflac security team focus on protecting standard attack vectors, the insurance firm also deals with sector-specific threats such as fraudulent insurance claims.

Critical to Aflac’s security model is the cybersecurity team’s posture within the organization. Both the security team and the business as a whole consider security to be a business imperative, not a cost center or technology issue to solve. As Global CISO, Callahan reports directly to the president and chief operating officer of Aflac Incorporated. This reporting structure ingrains security into the business development of the organization, allowing Callahan and his team to partner with IT organizations to better secure and provide services to their users.

Valuing and incorporating cybersecurity voices from the ground up was a focus for Callahan as he co-founded the National Technology Security Coalition (NTSC), the first organization connecting CISOs working in various industries. One of NTSC’s goals was to ensure the inclusion of security experts in relevant government hearings. “I would get very frustrated when I would watch hearings on Capitol Hill about cybersecurity, and the people testifying were not security professionals. They were software CEOs or academics, and while they may have been incredibly intelligent, they had never had to fight on the frontline, defending a company,” he says.

That’s what inspired the Cybersecurity Advisory Committee Authorization Act of 2020. The legislation, co-developed by NTSC and U.S. Representative John Katko, established an advisory committee to the director of the Cybersecurity and Infrastructure Security Agency (CISA) made up of security leaders. NTSC’s involvement in the creation of the legislation has ensured the long-term existence of the CISA advisory committee, which “brings together cybersecurity professionals to act as a sounding board and advise the CISA director and staff on ways we can work together in a public-private partnership, protect the nation and build a cybersecurity discipline,” Callahan explains.

Callahan has prioritized building the cybersecurity field not only through NTSC’s work, but also in the development of cybersecurity programs at Columbus State University. Through Aflac’s partnership with the Georgia institution, the organization helped develop curricula that guide the next generation of cybersecurity professionals seeking undergraduate and graduate degrees in the field. Callahan and the Aflac team also offered insights leading to the creation of stackable options within the nexus degree in cybersecurity, which Callahan describes as akin to a certificate program.

Lowering the barrier of entry into the cyber field can narrow the workforce talent gap and benefit people in underserved populations with an interest in cybersecurity, according to Callahan. “Within a year, a student can come out of the program being very much employable and win a good cybersecurity job,” he says. “Then they can make the decisions on how much more conventional education they want, but at least they have effective skills; they are able to be employed, gain experience and become a contributing member of their company,” he says. “Everybody wins in those cases.”

In addition to his work with higher education, Callahan sees mentorship as an integral part of the cybersecurity field. According to him, a successful mentor-mentee relationship is truly a partnership. In his mentorships, Callahan and his mentees establish goals and expectations for one another to ensure that the partnership benefits both parties to the fullest extent. “I get a real charge out of helping, especially some of the underserved communities,” Callahan says. By partnering with diverse talent looking to further their cybersecurity careers, his team’s decision-making abilities have benefitted greatly. “I have found that by having a very diverse team, I get diverse ideas. They don’t all think like me, and I don’t want people that think like me. I need people that are thinking differently,” he says.

Over his more than three-decade-long security career spanning military, physical security and cybersecurity roles, Callahan’s focus on education and mentorship has defined him as a leader. Collaboration and information sharing are keys to his success. From forming business partnerships to sustaining mentoring relationships, “We have to all help each other to enable our business to thrive, protect our customer and protect our interests,” he says. “That’s a strong partnership. And we can only do it with mutual cooperation.”

These cybersecurity professionals are bridging the cybersecurity skills gap, championing diversity and focusing on how to make the industry safer and more successful as a whole.