Gary McAlum
Gary McAlum
How do you describe your job to average people?
I am responsible for the security of our 22,000 employees and for protecting the information and transactions of our 7.4 million members. It sounds simple but it's an extremely complex mission that requires a 24/7 mindset, especially in today's threat environment. I liken the work to a scene from the movie Gettysburg to describe it in more basic terms. On day two of the harsh fighting, Colonel Joshua Chamberlin and his unit are moved to the “extreme left flank” of the Union Army. His commander places him there and tells him that he is responsible for holding that position at all costs and that if he fails, the entire Union Army will be at risk. In fact, he reminds Chamberlin several times in the scene that he must hold this position and cannot fail. Over the years, I've often used that scene to highlight the importance of security and it resonates well.

Why did you get into IT security?
Throughout my military career, I had the opportunity to work in a variety of IT jobs but the most challenging were those positions involving cybersecurity.  During my last years on active duty, the scope and magnitude of cyber issues facing our nation became crystal clear to me. When I retired from the military in late 2008, I decided I wanted to continue to work in this important area for a company like USAA.   

What was one of your biggest challenges?
The biggest challenge I think all security executives face is “how to measure success” in cybersecurity? For example, if you are tracking the number of intrusions (or attempted intrusions) into your enterprise, and the trend is going up or down for any given period of time, can you draw a definite conclusion from either trend? No, you can't. There are so many variables involved and they have to be correlated to risk.

What keeps you up at night?
What I don't know. Both in my military experience and short time on the commercial side, I've had the opportunity to see how quickly the bad guys can adapt to most of today's security measures. There just isn't any room for complacency in a field where the good guys are seeking to be right 100 percent of the time and the bad guys only have to exploit one unknown or unmitigated vulnerability to be successful.  

Of what are you most proud?
Without a doubt, I am most proud of the amazing team of security professionals I work with every day and the support of senior leadership. In the military, it's all about teamwork and getting the job done. I've seen the same, if not higher, level of teamwork and mission-focus here at USAA. From the security officers at our campus gates to our security and fraud analysts working long hours to our investigators, I am truly honored to work with such a dedicated group.