Gary Eppinger: Specialize in Motivating and Enriching Teams to Ensure the Most Effective Productivity

The 10 Most Influential CISOs to Watch in 2023

Technology must be viewed by successful businesses as a differentiator in how they serve their clients. Making decisions slowly and inflexibly has a cost for business. This is one of the areas where technologies should add value. How can a legacy company infuse innovation into its DNA like a start-up company? You do not want to be the next example of a company that did not innovate, such as: Blockbuster, Polaroid, Toys “R” Us or Borders.

With extensive background in enterprise applications, risk management, business transformation, IT controls and cyber security, Gary Eppinger has significant experience leading complex, global change management programs.

Gary conceives, implements and leads technology solutions that protect corporate assets, increase organizational capability and advance productivity at Fortune 100 companies. He is very skilled at using technology to support and achieve business objectives. Gary was ranked 24th in ExecRank’s “Top Security Executive Rankings” and has excellent interpersonal, technical and communication skills. He is regarded both internally and externally as a highly valued resource with a remarkable capacity for creating and nurturing IT teams that successfully accomplish crucial business goals for organizations undergoing transformation. Gary serves as a valuable board advisor for many businesses and is a frequent speaker on IT and cybersecurity.

Most recently, Gary was the Global CISO and VP, Corporate Privacy Officer at Carnival Corporation and VP Real Estate Market Develop, Legal and Pharmacy for Supervalu. Gary has also had previous experiences in IT security, infrastructure and engineering systems at Rockwell Automation and GE Healthcare. He holds a bachelor’s degree from Campbell University, an advanced leadership certificate from Cornell University and is a certified six sigma master black belt from GE Healthcare.

CSX

CSX is a renowned transportation firm with its headquarters in Jacksonville, Florida. Customers in a variety of international markets, including those for energy, industrial, construction, agricultural and consumer goods, can use its rail, intermodal and rail-to-truck transload services and solutions. For almost 200 years, CSX has been essential to the growth of the country’s economy and industry. Nearly two-thirds of the population of the country lives in the eastern United States, where its network connects every significant metropolis. Additionally, it connects major population centers, farming towns and more than 240 short-line railroads with more than 70 ocean, river, and lake ports.

As the Chief Information Security Officer (CISO), VP of IT Operations, Gary is responsible for leading both information security and IT infrastructure at CSX. Within information security, this entails establishing and maintaining a corporate wide information risk management program to ensure that information assets are adequately protected. He and his team oversees determining, assessing and disclosing information security risks in a way that complies with legal and regulatory requirements, supports the enterprise’s risk posture, and aligns with it.

As the IT Operations leader, Gary is responsible for the strategy, implementation and operation of all technology infrastructure deployed across the enterprise. This includes distributed technology, mainframe, telephony, server’s services, storage, cloud, data center, network and related software.

Becoming a Tech Expert

Gary believes that when he received his first global promotion, he first began to consider himself an influential leader in the cybersecurity industry. He shares, “I was fortunate to work on global projects that transformed me, our business, and I was asked to speak to peers on the experiences.” He further adds, “This includes acquisitions and integrations, SOX significant deficiency remediation, global remote access transformation and business resiliency.”

The growth of employees and teams is what Gary now views as his most significant professional accomplishment. He has nurtured, supported, mentored, and learned from many outstanding leaders. In fact, some of them are CEOs of their own businesses, while others have advanced to become CISOs or infrastructure VPs and are outstanding technical leaders within their organizations. Finally, yet importantly, Gary continues to work with people who have just graduated from college and are brand new to IT/Cybersecurity.

Taking Risk to Ensure Constant Growth

Gary firmly believes that obstacles and setbacks make people stronger. It goes against human nature to accept challenges or experience failures due to the risk, though. According to him, one must push their own personal limit for a safe risk. Some examples of Gary taking a risk include when, early in his career, he accepted the position of CISO for GE Healthcare and moved from Cleveland to Milwaukee. He recalls, “I moved my young family, my wife and two kids, to a city with no support.” Another example is when Gary took a position as the Chief Quality and Six Sigma Leader while also being in a global CISO role and thought the risk was too large. Both examples forced him to grow and learn new areas, which helped him grow into the leader he is today.

Journey to Achieving Balance

Work- life balance is not something Gary has figured out in 30 years of working in IT/Cybersecurity. His phone is on 24/7, 365 days a year. The roles and responsibilities do not allow for vacation time. He states, “My best practices for trying to achieve some balance are be 100% engaged in the experience, no matter if, you are working with the CEO, board, your kid’s science project, or at dinner with your spouse. Be all in. Just because my cell phone is always on does not mean I will not put it on silent and let the call go to voice mail. Find something you love to do and you will never work a day in your life.”

Defining himself by the word, adaptable Gary considers it an asset in his cyber role. He truly does not have a typical day. He has two areas of focus that are 24/7. Cyber demands and priorities are continuous in IT operations that support a rail company that never stops. However, the themes of Gary’s day are the following:

5:30 – 6:00          Wake up

6:00 – 6:40          Workout

7:00                     In the office

7:00 – 7:30          Review operation reports

8:00 – 9:00          Emails

9:00 – 11:30        Staff and/or business partner meetings

12:00 – 12:30      Working lunch

12:30 – 1:00        Emails

1:00 – 3:00          1 on 1’s

3:00 – 3:30          Walk around

3:30 – 4:45          Mentor meeting

5:00 – 5:30          Return calls

5:30 – 6:30          Open action items

7:00                     Home

8:00 – 9:30          Dinner

9:30 – 11:00        Family time

The Path of Success

For Gary success is defined first driving value. That can be driving value for your own team, business partners, customers, organization, community, or family. He thinks the other component of success is around the “how” one drives success; one cannot run over or take advantage of others on his or her journey to success. The last component is helping, supporting, and mentoring others to obtain their success.

Gary asserts, “Faith is something you believe in even when you cannot see all of the steps or know how successful the end result will be. This translates into lots of big transformational projects. You will put together your business case, designs, budgets, contingency plans, and detail project plans, but you still do not know how successful or accepted the change will be. You are leaning on faith and experience.”

Harnessing Future Tech

Over the last year at CSX, Gary and his team collaborated with Tata Consulting Services (TCS) and successfully transitioned the technology organization to implement a workforce strategy that will improve resiliency by providing a flexible resourcing model to help meet additional business demands, increase agility to build faster through increased automation, and enhance innovation capabilities for faster value delivery for customers. In addition, the company has further enhanced its zero-trust model to protect business and customer assets and data.

At CSX, Gary and the leadership team are driving a strategy to harness technology and transform how the company delivers IT systems and services to the business and its customers. Gary sees this as an exciting time, not only because CSX is transforming a 200-year-old company, but also an industry critical to the country’s success.