Leaders Profile: Eric Freeman, QTC Management

Cybersecurity, sandstorms and lessons in crisis management

What does it take to be a cybersecurity leader in the Marine Corps? Eric Freeman talks technology leadership, handling high-risk scenarios under extreme pressure, and misconceptions of the role of the CISO.

A cybersecurity leader through and through, Eric Freeman has built a long-lasting career in the technology industry, from heading cyber operations for the Marine Corps to his current role as CISO of QTC Management. His journey is a study in adaptability, strategic thinking and staying proactive in the face of emerging threats. In this Leaders Profile interview, Eric shares his perspectives on career development in technology, the balancing act between security and innovation and why effective CISOs must be more than just technical experts.

Leaders Profile with Eric Freeman: Overview

• From the battlefield to the boardroom
• Crisis management in action
• Balancing security and innovation
• AI, cloud and the next big threats
• Quick fire questions

Eric Freeman (middle) accepting his CISO 100 award at The Studio in Nashville's Country Music Hall of Fame.

When most people think of cybersecurity professionals, certain stereotypes come to mind. Maybe you picture them as deeply technical, buried in lines of code, or as the “office of no.” Eric Freeman, however, isn’t your average CISO. Although he admits that technical expertise is crucial for any CISO, he argues that the real key to success is understanding business strategy. 

“You need someone who understands business and understands how cybersecurity can enable the business to reduce risk,” he explains. For Eric, security isn’t about blocking innovation, it is more about making sure that organisations can innovate safely.

Eric knew who he was from a very early age. His first taste of programming came in middle school ( years 6 to 8, in the UK). 

“I've always been very intrigued and interested in computer science.” 

His journey in the field started when he took his first computer course—a computer math class on an old Commodore 64, which at the time was considered one of the best-selling computers of all time, evening making it into the Guinness Book of World Records for selling around 30 million units between 1982 and 1993. “One of the first computer math programs we had to develop was… the logic around ATM machines. Very simplistic… but this is a kid in the seventh grade.” That early spark led him to pursue both a bachelor’s and master’s degree in computer science before launching his career in cybersecurity.

From the battlefield to the board room

Eric’s time in the Marine Corps lent him an unique advantage in cybersecurity leadership. As Head of Cyber Operations, he had to grasp not just the technical side of defense but also the broader mission of national security. “As a Marine you have to understand the business of what we do as Marines, which is warfighting, right? And protecting the nation and executive operational components.”

Being able to understand how those systems and operational components support the business is why Eric thinks he was best suited to become a CISO. 

“I essentially bring that into the private sector and the organisations that I support now because it's one, understanding the business first and then understanding how the supporting systems can either impact or hinder the business operations.” 

Crisis management in action

Naturally, being a CISO comes with added pressure, quite frequently coming under fire from the Board and rest of the organisation. As a result, more than half of cybersecurity professionals have experienced burnout. For Eric, his role came with some bonus obstacles. While leading cyber operations in Iraq during his time as Cyber Operations Officer in the Marines, an unexpected sandstorm disrupted a planned operation relying on digital infrastructure. 

“People are looking at you because it could affect systems availability, it could affect the ability for combatant commands to execute on planned operations.” 

The challenge was to quickly restore system availability to avoid operational delays—his team had to think fast to resolve the problem, switching to lower-bandwidth radio systems to maintain communication. “It's just showing that level of flexibility and resilience during a time of crisis.”

Balancing security and innovation

One aspect you would think that cybersecurity professionals wouldn’t be able to hack is balancing security and innovation when companies are on the hunt for shiny new technologies—quite candidly he admitted: “Yeah, that’s the toughest job.” Balancing anything as a cybersecurity leader calls to consideration a multitude of different factors—finding that right balance. There are two areas leaders must consider when finding themselves in this position:

How much is the business willing to accept? (this is first and foremost a business decision, not the CISO)
When there is a misalignment, we need to start thinking about beginning those security risk-appetite conversations (by taking on the risk management role within the organisation, this becomes the key priority)

AI, cloud and the next big threats

Speaking of risk, Eric talked through some of his emerging technology pet peeves. 

“AI for me is a dichotomy. What I mean by that is that an exciting new technology could result in tremendous opportunities and growth for the business, I understand that from a technology perspective.” 

It’s not all sunshine and rainbows, as we all well know in the cybersecurity industry. Eric mentioned that “adversaries” are also taking a close look at AI behind enemy lines, assessing how they can take advantage of this tool to further enhance their attacks, targeting different organisations, nation states and government entities.

“Again, it’s just managing risk,” he said. It’s all in a day’s work for Eric, this also means ensuring that principles are established on the ethical and safe use of AI within the organisation. It means reminding people of the type of data they share within these models in order to continue leveraging the technology. 

As he likes to point out, before the AI buzz, moving to the cloud was all the rage back in the day: “It was just cloud, cloud, cloud.” 

Because of this shift to AI, what we don’t often hear about is the risks that are still associated with the cloud. “If we’re not managing risk in a diligent way, we find ourselves exposing sensitive data to adversaries.” One other risk in cloud environments we fail to acknowledge is identity management—as Eric notes, “identity is the new perimeter… well now that perimeter is disappearing, because we have data in cloud environments everywhere.” It forces cybersecurity leaders to face the facts and ask themselves:

• How do you enforce policy?
• How do you protect your data?
• How are you managing access?

“It’s really complicated from a CISO perspective.” 

It falls to the CISO to get their house in order, constantly monitoring and managing the cloud provider, performing their due diligence while securing the organisation’s infrastructure. Like most leaders, Eric finds comfort in being able to discuss risk management and operational strategies with other like-minded cybersecurity professionals at networking events and conferences. 

“They may have a different spin or interpretation to how they want to tackle it based on their organisation's risk appetite. And so really it's just sharing knowledge.”

Quick fire questions 🔥

Dream job growing up? Professional football and track athlete. 
What keeps you up at night? Blind spots.
What excites you about the next 12 months? Improving my organisation’s capabilities.
What do you do outside of work? I am an avid golfer.
Best career advice you’ve ever received? My mentor Colonel Adelman would often say to me, if you're going to bring me a problem, bring me a solution.

Leaders Profile: Check out our line-up of HotTopics Leaders Profile interviews.

HotTopics produces interviews with a diverse array of leaders, C-suite marketing and technology leaders. These take place in-person during our much-anticipated flagship event, The Studio, and virtually with leaders based all over the world. Learn more about what makes these leaders tick, and their experiences and expertise that have supported them in their careers so far.