In this week’s episode of The Future of Security Operations podcast, I'm joined by George Griesler. George has been working in cybersecurity since 1997, when he assumed the role of Senior Network administrator at the United States Golf Association (USGA), eventually advancing to Director of Information Security. He currently serves as the Senior Director of Cybersecurity at the National Football League (NFL), where he works to secure events like the Super Bowl, which in 2024 was the most-watched telecast ever.
George and I discuss:
What security operations looked like in 1997
Protecting the secrets of regulation golf equipment at the USGA
The shift in security and privacy needs at live sports events
Securing scents, flavors, and other chemical formulations at IFF
Preparing for Super Bowl LXXVIII in the wake of the MGM Resorts cyber attack
The Super Bowl threat profile, from scoreboard hacking to stadium credentials
Collaborating with cybersecurity experts from CISA, the FBI, Caesars Palace, and the MGM Grand.
Aligning security operations with physical security
The reality of working on high-pressure events
The benefits of knowledge sharing with other teams working on live sports events
The importance of relationship building across internal security teams:
The potential of automation, orchestration, and AI in incident response
The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world’s most important workflows.
Where to find George Griesler:
Where to find Thomas Kinsella:
Resources mentioned:
A Cyberattack Shuts Down MGM Resorts In Las Vegas And Other Cities
The 1,000-ton screen bringing Super Bowl LVI to the lucky fans inside the stadium
In this episode:
[01:50] What infrastructure management and incident response looked like in 1997
[03:30] His projects at the United States Golf Association (USGA), including securing a golf handicap information network
[06:05] Witnessing the digital transformation of live sports events
[08:40] Securing flavors, scents and other chemical formulations at IFF
[13:20] Building a threat model for large OT environments
[15:30] Increasing security awareness and culture across the organization
[17:45] Moving to the NFL
[21:20] How George's team prepare for the Super Bowl
[24:10] Partnering with cybersecurity experts at CISA, the FBI, and local partners in Las Vegas like Caesars Palace and the MGM Grand.
[27:00] The Super Bowl's threat profile, from scoreboard hacking to stadium credentials to online identities of individual players
[29:20] Inside the NFL's Super Bowl command centre
[30:40] Ensuring the team is supported to handle high-pressure events
[32:55] Knowledge sharing with security teams on other live sports events, from The Olympics to the World Cup
[37:00] Reducing risk through collaboration across the security team
[38:35] AI as a defender tool and attacker tool
[41:50] The future of the SOC
[43:15] Connect with George
TL:DL? Read George's take on…
Securing OT environments:
"Governance of who has access to what, when, and where, under which conditions, and how much access can they have, how it is governed, and how is it logged, and what are the checks and balances, is very important. That's number one. Number two is bleed through. So having an air gap-type segmentation between your OT and your IT environments, where your OT, if it needs to communicate only with IT, can pull instruction sets."
Building a culture of security:
"I want to make sure that [employees across the organization] not only have the fundamental thought process to say, 'Hey, wait a minute. This seems odd...' but understand from an operational perspective, 'Who do I tell?' I don't want them just to categorically delete it because it may have come to 10 other people in my organization. I want to make it easy for them to self score and send to us and say, 'I think we have a problem.'"
"Security awareness training, regardless of your vertical, is paramount, is fundamentally critical to your success. Many people say that the human is the weakest link, and without sounding impolite, they are."
Securing the Super Bowl:
"It's about having defense in depth. It's about having lines of perimeter. It's about having inspection. It's about having controls. And then if things do happen, it's about having incident response. How do I respond and recover immediately from that, so that the game continues to be played?"
Working with a cyber intelligence group for the Super Bowl:
"The Las Vegas Metro fusion department, CISA, FBI, additional partners in the area, MGM, Caesars, every one of these groups has cyber-focused individuals. You have somebody who's based in intelligence, knows the environment. And some groups were very much engaged with the incident that had occurred with Caesars and MGM months earlier."
"Our goal is is to keep the excitement on the field. We we never want to have an interruption in play, or or anything that would disrupt the flow of the game. So it's a lot of preparation. 16, 18 months in advance, you're preparing, even from a cyber side. It's partnerships. It's vendors. It's design... You're looking at that landscape. You always look to say, 'What could happen?'"
Identifying risk:
"The group was looking at the information security and the threat and the attack surface that was Las Vegas, and the games proper. And then you look at what type of threat actors are happening around this area. That's the micro level, where you're trying to get ahead of who might attack this? And then you look at what are my controls here? What are my controls for the broadcast being disrupted? What are my controls for the scoreboard being disrupted? What are my controls for the lights going out? And you do those tabletop exercises with these cross-sectional groups."
Knowledge sharing:
"We reach out to other sports organizations, other three-letter sports organizations, and have collaboration with those groups under the very premise that we do very similar things. We have high-profile organizations. We have owners that are wealthy. We have athletes that are well known and wealthy. We have brands that are very, very important to us. We put on games. We put on big events that travel from place to place."
"When you have common business drivers, you have common challenges, you also have common opportunities to align and sort of work through... The good guys need to share information because the bad guys do."
The importance of relationship building across your security teams:
"It's about collaboration, because you can't be the subject matter expert (SME) for for everything. I don't know if you've seen some of the some of the stadium boards, but if you look at the Infinity Screen... I'm not the technical SME on the Infinity Screen, but I align with the group who run the Infinity Screen and say, 'Please show me your controls. How do you get in the room? How do you control this? Who's this? How often do you change your passwords? Is it Internet accessible?'"
Working on a high-pressure event:
"In cyber operations, you're always on. You sleep with your phone by the bed. You have alerts and alarms. And you have automated systems that can trigger and ping you and call you in the middle of the night. That's just table stakes. Operations for for my team, for the analyst, can be a grind... I won't lie. It's a lot of long hours as you get into that Super Bowl week. You're on call for for quite a long period of time, and you're always looking for what may occur. You're just in a hyper-vigilant state. That's just sort of how it is, and then afterwards, you relax so a little bit."
Listen to more episodes of the Future of Security Operations podcast.