Insights from NFL's CISO: Safeguarding the Super Bowl

2 min read
(April 22, 2024)
Insights from NFL's CISO: Safeguarding the Super Bowl

This article is available in audio format, click play above to listen to the article. 

In a recent conversation with Tomás Maldonado, the Chief Information Security Officer (CISO) for the National Football League (NFL), Dorene Rettas, Co-founder of Cyber Security Tribe, explored the intricacies of securing high-profile events like the NFL Super Bowl. Maldonado, with over 25 years in cybersecurity, shared valuable insights into the meticulous preparations and strategic approaches essential for ensuring the safety of millions of attendees and viewers. Maldonado discussed his preparations for the Super Bowl, emphasizing the importance of advanced planning and collaboration with partners and stakeholders. 

Navigating the Complexities of Super Bowl Security

The Super Bowl, designated as a SEAR 1 event by the Department of Homeland Security, demands meticulous planning akin to presidential inaugurations. Maldonado highlighted the multifaceted nature of securing such an event, emphasizing the need to address both cyber and physical threats. From the venue to surrounding areas including hotels, airports and other businesses which provide support leading up to and during the event, every aspect requires scrutiny to mitigate potential risks. Establishing robust partnerships with law enforcement agencies, CISA, the FBI, DOHS, cybersecurity experts, and supply chain vendors becomes paramount in orchestrating a seamless and secure experience for attendees. He noted the importance of building a communication path and threat intelligence model to share information. If something was to occur, they would be able to connect the dots and share that information quickly.  The goal is for the fans to have a happy experience and not have to worry about a cyber incident. 

Early Preparation: Key to Success 

Preparation for Super Bowl security begins well in advance, typically 12 to 18 months before the event, which includes numerous table tops and assessments, site visits, and testing, to identify and address vulnerabilities. By initiating preparations early, the security team aims to stay ahead of potential threats and ensure a smooth execution on game day.

Team Collaboration and Specialized Focus

Maldonado credited his team's expertise and collaboration for the NFL's security prowess. With dedicated teams overseeing different aspects of security operations, including architecture, governance, and risk management, a structured approach ensures comprehensive coverage. The Super Bowl security efforts employ a project-based model, with an assigned cybersecurity project leader, enabling focused attention on critical areas while minimizing disruptions to day-to-day operations.

Mobile Security Operation Center

Collaboration with technology vendors and constant communication during the Super Bowl is vital for swift response to any anomalies. A mobile security operation center is deployed at the stadium,  ready to address any emergent threats in real-time. By leveraging partnerships and advanced monitoring systems, the NFL remains vigilant against potential cyber incidents.

Geopolitical Considerations and Adaptive Strategies

Given the geopolitical tensions worldwide, Maldonado emphasized the need to anticipate and prepare for diverse threats. Continuous intelligence gathering allows the security team to assess risks and adapt strategies accordingly. While striving for a secure event, Maldonado acknowledged the dynamic nature of cybersecurity, emphasizing the importance of readiness and resilience.

Lessons Learned and Leadership Insights

Reflecting on his career, Maldonado underscored the significance of adapting security initiatives to align with organizational goals. Learning from early experiences, he emphasized the importance of listening to stakeholders and integrating security measures seamlessly into business objectives. His leadership philosophy prioritizes team empowerment and collaborative problem-solving, fostering a culture of continuous improvement and resilience.

Overall, Maldonado's expertise offers invaluable lessons for cybersecurity professionals, emphasizing proactive preparation, strategic collaboration, and adaptive leadership as cornerstones of effective security management. You can follow his InfoSec tip of the week in our weekly newsletter, so make sure you subscribe today