This month we featured Chad Gross to discuss his journey from Staff Consultant to Associate Director of Services and International Operations, how he helped A-LIGN’s international expansion and what data privacy and compliance mean to him.
Where are you from? How did you start your journey at A-LIGN?
I currently reside in Nashville, Tennessee. I was working for EY when A-LIGN recruited me in 2015, and I’ve been here about five and a half years now.
What do you do in your current role, and what has changed the most during your tenure at A-LIGN?
When I first started at A-LIGN, I was recruited as a Staff Consultant to primarily serve on engagements within the SOC practice. Shortly after joining, I was promoted to Senior Consultant and was able to help contribute to the growth and expansion of the firm’s practice. After serving in the Senior Consultant role for two years, I entered a managerial position in the SOC practice and helped build the firm’s Privacy Practice. I attribute much of my success at the firm to a concerted effort to say “yes” to unique opportunities or projects that weren’t necessarily our typical projects, which enabled me to expand my knowledge base and participate in many other service lines.
In early 2017, Petar Besalev, Senior Vice President of Cybersecurity and Privacy Services, came to me about the General Data Protection Regulation (GDPR). At the time, I had no idea what it was, but he said we had a project kicking off for it and wanted me to run it. I spent my time over the next couple of months getting up to speed on the terminology and learning how Privacy legislation can affect organizations. Based on that research and an unbelievable amount of guidance from Petar, I was able to help build a new practice for the firm. Along with that, we had a lot of executive support that helped push the initiative to establish ourselves with a unique position in the market as both a cybersecurity and privacy firm.
What trends and changes are you seeing in the privacy landscape, and how has COVID affected them?
We’re seeing new regulations, laws or guidance come out almost every day that’s either state–specific or national legislation from various countries that are enhancing their existing privacy laws to protect consumer data. I love it because most people don’t necessarily understand what’s happening with their data once they give it to an organization. The biggest piece of advice that I’ve ever learned from working in this space is that if the service is free to you, you are the product that is being sold. It’s a mind shift to understand that if you’re using Facebook or Google or whatever else is out there, your information is being sold to third parties. With the big push to have enhanced privacy legislation, we’re able to provide more transparency for individuals to make more informed decisions as to what is happening with their data.
To shift gears into what’s happening with COVID these days, it’s thinking about privacy or information security controls at home. Because people aren’t going to the office, you’re not able to rely on those same physical and logical controls that may exist at the corporate office. When considering teleworking risks, there are a number of concerns for an organization’s Chief Technology Officer or Chief Information Security Officer. For example, how are users now authenticating to corporate resources? Are those connections from the home environment secure? What are we doing from a mobile device management standpoint to make sure that our machines are still managed securely? There are a lot of risks that must be managed proactively in this new landscape. Additionally, contact tracing with COVID requires giving up a lot of privacy in general because information about your location and where you’ve been can be shared. I see individuals’ right to privacy being more infringed upon until there are either national mandates that restrict the government’s or private organizations’ ability to perform those functions without consent.
You helped A-LIGN’s international expansion by opening the Sofia, Bulgaria office. What has that journey been like for you, and how has it pivoted your career?
I vividly remember sitting at CLIMB 2019 in Denver during one of the breakout sessions with Steve Simmons and Petar Besalev when they asked me if I wanted to go to Bulgaria to help build that office. I immediately jumped on the opportunity and had about three months of planning to get my life in order prior to moving to Europe full-time!
I was fortunate as much of the groundwork was in already progress and I was serving as the eyes on the ground for the team in Tampa. I was very fortunate to be in that position and to have a great opportunity to help establish the team in Sofia through recruiting, on-boarding and do my best to help instill the A-LIGN culture in the Sofia office.
What attracted you to A-LIGN?
Before I joined, I was at a firm with 190,000 employees and felt like I was a cog in a wheel of the corporate machine. When I joined A-LIGN, the firm had less than 40 employees and I had a very direct connection with the executive team. It was a very easy decision at the time to make the switch. I’ve seen a lot of personal and professional growth and opportunity at A-LIGN since joining.
What is your biggest motivation to wake up and go to work each day?
I’m in a unique position where every day is a little bit different as my responsibilities include assessing the feasibility of new services, helping expand our international presence, overseeing the Privacy Practice, and working on one-off engagements. I’m in a position where I get to help make more strategic decisions about the partners and clients that we work with. I think that’s a unique role, and I love my position in the firm right now!
How has A-LIGN helped you with your career development?
I recognize that I have grown both personally and professionally since joining the firm, and a lot of that is because of our leadership programs. When you move from executing the work to managing a team, the transition can be challenging. There are times where you may not know the person that you’re working with very well, or they may work slightly differently than your preferred style, but that is still okay. Getting to that level of understanding of how to work with people, having their back when you’re going to a client meeting and taking accountability for projects have all been major aspects of my career development at A-LIGN.
If you could describe A-LIGN in one word, what would that be?
The approach we take to serving our clients requires an intense focus on how we perform currently as well as the continued focus on how we can improve the quality of our service offerings from the top of the organization to the bottom.
What is something most people don’t know about you?
I’ve played guitar since I was six years old and it was one of the main reasons why I moved to Nashville to pursue a career in music.!
What do you like to do outside of work?
I’m very much into hiking and exploring. I’ve done a couple of different mountain climbs, including Mount Kilimanjaro and Mount Kenya a couple of times. At some point in time, I’d like to knock out the seven summits.
Why do you think privacy and compliance important?
I think data privacy and security are essential and are not mutually exclusive of each other. You can’t have privacy without inherent security. You’ve got to understand where your data is, who has access to it and what’s being done with it. I think it’s a scary world that people can be naive to and they don’t realize what’s out there and how organizations can extrapolate their data to make informed decisions about them. People always joke that they get on their computer and then they suddenly get advertisements for something on their Facebook page that they talked about in passing. That’s not by accident. That’s by design. I think the influx of legislation to protect consumers in the data privacy space is huge because there’s more data, and it’s only going to get worse until we have national legislation to protect that.
Have questions about Chad Gross or joining the A-LIGN team? Contact us at [email protected] for more information!