When you think of cybersecurity defense you don’t often associate it with corporate culture. At Praxair, a $12 billion industrial gas company, the two are closely linked. Because of the dangerous work its employees undertake each day handling active and inert gasses, Praxair has a no-nonsense safety policy. The company has applied the same philosophy to dealing with and managing company data.

That’s the topic of our discussion with Earl Newsome, CIO at Praxair. Earl contends information security must go beyond standard IT operating procedure; his viewpoint is that a company will only be as secure as its employee training, education, and preparation has been extensive.

Watch this video to learn more about how Praxair handles digital and physical safety. Hear why the company’s CIO believes training is just as important as monitoring, detecting, and patching digital problems. To learn more about how to employ safe security practices at your organization, or to hear Praxair’s cybersecurity strategy, be sure to listen to our conversation with Earl.

Transcript

Michael Krigsman: The issues of security and support are central to any enterprise software operation in any company you choose. I'm Michael Krigsman. I'm an industry analyst and the host of CXOTalk. Today, I'm delighted to welcome Earl Newsome, the chief information officer of Praxair. Earl, please tell us about Praxair.

Earl Newsome: Absolutely. We are a $12 billion industrial gas company. We basically bring the periodic table to life. We bring active gasses, inert gasses to our customers for their utilization inside their manufacturing processes.

Michael Krigsman: When you think about security, what comes to your mind initially?

Earl Newsome: I think we've gone from a mode of 100% protection where our goal is about protecting ourselves against every potential incident or potential happening out there to one that's more about having a defensible strategy.

Michael Krigsman: What is the connection between security and support?

Earl Newsome: Security is not just the job of IT or our vendors. It's actually the jobs of the board. It's the jobs of our employees. It's the jobs of everybody that we have employees. Security is everyone's job.

You get to establish your own level of currency for your company. For us, N-2 is the right area.

Michael Krigsman: N-2 Strategy, what is that?

Earl Newsome: N-2 is a strategy for currency. You're at version 11 of something. The latest version that we allow in our operations is version 9. That's N-2.

Then when you're on version 9, you have to make sure that you maintain the currency on the dot release. If it's 9.3 is current, and you're at 9.1, you need to get to 9.3.

Michael Krigsman: Earl, it sounds like this defensible strategy you're describing has both a business/cultural set of dimensions along with technology pieces and working with your vendors that you're putting into place.

Earl Newsome: It absolutely does. In fact, it's essential to our culture. At Praxair, I talked about [how] we're an industrial gas company. Physical safety is a cornerstone to how we operate and think as a company.

We take safety very seriously. It's embedded to everything that we do. I'm taking those same safety tenants, which are part of our culture, and then appending our data safety elements to that. We have a series of principles that we use to help drive safety throughout our organization, whether it's data safety, cyber safety, or physical safety, that's now being built into everything that we do.

Michael Krigsman: What are the primary security and support issues that you see? When you think about security and support, what comes to your mind?

Earl Newsome: What comes to my mind is training, awareness, and preparation are part of your program because most of the issues that happen in security happen on two legs, not on two wires. We need to do what's necessary on the two wires side on technology making sure that we have the right monitoring, detection, and patching capabilities put in place, but we also need to make sure you're testing those folks, that you train them, you educate them, you test them, and then you repeat.

Michael Krigsman: Fantastic. Any closing thoughts?

Earl Newsome: Absolutely. We think about safety [as] being not only just a technology component but a people component. I think we, not only as corporations, can play a role in that, but we as a society can play a role in that and keep everyone cyber safe.

Michael Krigsman: I love it. Earl Newsome, Chief Information Officer at Praxair, thank you so much for taking the time to speak with us today.

Earl Newsome: Thank you, Michael.

Michael Krigsman: The issues of security and support are central to any enterprise software operation in any company you choose. I'm Michael Krigsman. I'm an industry analyst and the host of CXOTalk. Today, I'm delighted to welcome Earl Newsome, the chief information officer of Praxair. Earl, please tell us about Praxair.

Earl Newsome: Absolutely. We are a $12 billion industrial gas company. We basically bring the periodic table to life. We bring active gasses, inert gasses to our customers for their utilization inside their manufacturing processes.

Michael Krigsman: When you think about security, what comes to your mind initially?

Earl Newsome: I think we've gone from a mode of 100% protection where our goal is about protecting ourselves against every potential incident or potential happening out there to one that's more about having a defensible strategy.

Michael Krigsman: What is the connection between security and support?

Earl Newsome: Security is not just the job of IT or our vendors. It's actually the jobs of the board. It's the jobs of our employees. It's the jobs of everybody that we have employees. Security is everyone's job.

You get to establish your own level of currency for your company. For us, N-2 is the right area.

Michael Krigsman: N-2 Strategy, what is that?

Earl Newsome: N-2 is a strategy for currency. You're at version 11 of something. The latest version that we allow in our operations is version 9. That's N-2.

Then when you're on version 9, you have to make sure that you maintain the currency on the dot release. If it's 9.3 is current, and you're at 9.1, you need to get to 9.3.

Michael Krigsman: Earl, it sounds like this defensible strategy you're describing has both a business/cultural set of dimensions along with technology pieces and working with your vendors that you're putting into place.

Earl Newsome: It absolutely does. In fact, it's essential to our culture. At Praxair, I talked about [how] we're an industrial gas company. Physical safety is a cornerstone to how we operate and think as a company.

We take safety very seriously. It's embedded to everything that we do. I'm taking those same safety tenants, which are part of our culture, and then appending our data safety elements to that. We have a series of principles that we use to help drive safety throughout our organization, whether it's data safety, cyber safety, or physical safety, that's now being built into everything that we do.

Michael Krigsman: What are the primary security and support issues that you see? When you think about security and support, what comes to your mind?

Earl Newsome: What comes to my mind is training, awareness, and preparation are part of your program because most of the issues that happen in security happen on two legs, not on two wires. We need to do what's necessary on the two wires side on technology making sure that we have the right monitoring, detection, and patching capabilities put in place, but we also need to make sure you're testing those folks, that you train them, you educate them, you test them, and then you repeat.

Michael Krigsman: Fantastic. Any closing thoughts?

Earl Newsome: Absolutely. We think about safety [as] being not only just a technology component but a people component. I think we, not only as corporations, can play a role in that, but we as a society can play a role in that and keep everyone cyber safe.

Michael Krigsman: I love it. Earl Newsome, Chief Information Officer at Praxair, thank you so much for taking the time to speak with us today.

Earl Newsome: Thank you, Michael.