Building a Business Aligned, Risk Prioritized Cybersecurity Strategy

Importance of defining a forward looking strategy, aligned to business and risk based priorities, and leveraging your operating model to support

Gary Harbison
Global Chief Information Security Officer
Johnson & Johnson

Gary Harbison is the Chief Information Security Officer (CISO) at J&J, a role he has been in since he started at the company in October 2022. Gary is responsible for leading the Information Security and Risk Management (ISRM) organization which protects J&J’s critical data and information. He drives global security strategy and cybersecurity transformation of J&J’s products and services while also managing enterprise technological risks.

Gary has 27 years of overall technology experience, with 25 years in Information Security and Risk Management at multiple Fortune 500 companies. Gary also has public sector experience from the U.S. Department of Defense. His technical background includes security architecture and threat intelligence roles along with various leadership roles focused on building high-performing teams that partner with key stakeholders to enable crucial business objectives.

Prior to J&J, Gary was the CISO for Bayer, a leading global life sciences company. In that role, Gary was responsible for leading all aspects of the Cybersecurity Risk Management function (CSRM) with global ownership of information security strategy, IT risk management & compliance, security education & awareness, cyber defense, as well as governance of IT security controls.

Gary contributes to the greater information security community by serving on advisory boards for multiple cybersecurity companies and he helps engineer industry innovation through mentoring cybersecurity startups and advising venture capital investors and startup accelerators. He is also involved in the education sector and advises multiple universities about their Computer Science & Cybersecurity programs and serves as an Adjunct Professor in the Master of Science in Cybersecurity Engineering program at Washington University in St. Louis. Gary received his Bachelor of Business Administration (BBA) degree from Webster University in St. Louis.

Gary resides in the St. Louis area with his wife and three children. In his spare time, Gary enjoys playing sports, fishing, and spending time outdoors. He is also very active in his community and coaches youth sports teams.