Security eMagazines

march 2022

Special Report: 2022 Top Cybersecurity Leaders


Rectangle, Slope, Plot, Font, Line

Bio Image courtesy of McLeod / Background image courtesy of KrulUA / iStock / Getty Images Plus

Product, Rectangle, Font
Rectangle, Font
Azure, Gesture, Rectangle, Font

Vice President and
Chief Information Security Officer
Cox Enterprises

David McLeod

Collaboration Makes Cybersecurity Stronger

By Maria Henriquez, Associate Editor

David McLeod is Vice President and Chief Information Security Officer (CISO) at Cox Enterprises, a leading communications, media and automotive services company. A privately held and diversified company, Cox Enterprises is the holding company for both Cox Communications and Cox Automotive, as well as several other businesses and divisions with many disparate networks and assets that need protection at all times.

As such, collaboration across the organization is a key priority. “One of our greatest strengths at Cox is that we have multiple divisions with multiple CISOs who love to collaborate and challenge one another. It’s critical to have trust and healthy debates about how to make Cox brands stronger. Garnering support to improve our enterprise security policy when it comes to awareness and training has been a big enabler to building our enterprise-wide security policy awareness, training, incident management and other threat protections.” This collaboration brings out the best in every CISO, McLeod says. “Behind all initiatives are cross-divisional security teams. We learn from each other, and together, we advocate for initiatives with formal processes; therefore, we have a lot of muscle across the company.”

In 2017, the roles of CISOs at Cox Enterprises expanded to cybersecurity risk and enterprise-wide security policy, awareness training, incident management and threat protection. “Since then, we have strengthened our program every year, automating and streamlining different functions, as well as initiating the first cross-divisional tabletop exercise focused on global security preparedness to embed security across the organization. Cox is very successful and on a great path for growth, so we focus on making security effective and not burdensome.”

Since joining Cox Enterprises in 2016, McLeod has been instrumental in helping craft a holistic approach to the organization's enterprise information security, working closely with peer CISOs, organizational leaders and employees to identify challenges and opportunities to reduce security gaps and risk. “The military taught me that the best information is available at the frontline. If you want to know what’s happening, go talk to the people doing the job closest to the danger,” he says.

With a wealth of experience  from previous leadership positions at Walmart, VF Corporation and JCPenney, McLeod has leveraged his personality, collaboration skills and experience in IT risk and cybersecurity to embark on several initiatives at Cox.  

“Collaboration is the key to our overall effectiveness. We are strongest when we passionately share efforts to drive business value without compromising privacy and security protections. In that collaboration, we find better ways to deliver a great experience while protecting the business.”

McLeod has also worked with the physical security team to identify user behavior that, in turn, has influenced the creation of key security metrics. “One of our most successful and effective metrics is focused on phishing. With simple metrics, we have connected, engaged and influenced all Cox employees while making sure we are not a burden. As cybersecurity leaders, we need to translate cybersecurity and IT jargon to build metrics that align and connect with the organization.”

For McLeod, empowering all employees with the right tools and training is a pillar of effective leadership. “Engaging with our most important assets, our people, is crucial. In particular, establishing a high level of trust is a must for any leader. When you establish trust, you create engagement. In turn, you can have employees who are invested and passionate about protecting the company and its security. That’s the key to maintaining security.”

Another initiative for McLeod is chartering a data governance program, which will be completed in 2022. “Data governance is important to Cox because we're a growth business, and data is a foundation of not only the business value, but also key to ensuring privacy, compliance and adding value to the business to expand into new markets.”

For this new initiative, McLeod and peer CISOs are partnering with the organization’s general counsel. “For me, this is an important task because it will help streamline all processes, roles, policies, standards and metrics to ensure effective use of information to help Cox achieve its goals, improve the mapping of data, and get a 360-degree view of all Cox businesses.”

Outside of the enterprise, McLeod mentors and advocates for building up skills in those with interest in information security. From desktop support personnel to company executives, he helps his mentees work on personal development that feeds overall strategy to help them identify risk and explain complex technical problems in simple terms. In particular, McLeod serves as the Technology Lead Mentor for the City of Refuge Tech Transformation Academy. Founded in 1997 with the mission to transform the lives of individuals and communities in Atlanta and beyond, the City of Refuge partners with people in crisis to help break the cycle of poverty through services in health and wellness, housing, human trafficking intervention, vocational training and youth development.

“At the City of Refuge, I am a mentor to a group of cybersecurity students, and I help coding students find jobs who face many barriers to entering the normal workplace,” McLeod explains. “They are incredibly gifted. They’re capable, resilient and continuously prove their learning abilities and show they want to work. It’s my job to encourage and support them. We work with one of our vendor partners, Capgemini, to create group hiring opportunities and remove hiring barriers to landing a career in cybersecurity and technology. I’m very excited about the work we’re doing with our modern apprenticeship program, particularly as it relates to helping fill security jobs.” Within the program, cybersecurity students have a choice to train and test for industry-recognized certifications, such as CompTIA+, CompTIA Net+, CompTIA Security+ and SOC Analyst.  

McLeod truly believes in the power of mentorship programs such as these not only to help the people involved, but to help the industry find undiscovered talent. For McLeod, he says he knows firsthand the power of vocational guidance.

“Mentorship is so important to everyone. Your destiny is made in a moment. One piece of advice can change a life forever: a third-grade teacher, a band teacher and unboxed computer provided by my math teacher changed my entire life trajectory,” McLeod says. "We have to help bridge the gap between experience and smooth the transition into cybersecurity for those who have a readiness and willingness to learn and are prepared to do the hard work.”

march 2022