John Sapp’s innate curiosity set him on the path to a career in technology.
“Growing up, I always liked to know how things worked,” Sapp explains. “That translated into my mother sending me to a vocational high school, where I learned to write software. I started out working as a programmer, computer operator, and network technician, and I continued to learn and teach myself things along the way.”
Eventually, Sapp discovered his now specialty: information security. Today, as vice president of information security and chief information security officer at Texas Mutual Insurance Company, he applies his expertise to identify and protect against potential cyberthreats to the workers’ compensation insurance provider. Furthermore, he seeks to empower his team within the organization—as well as the next generation of information security professionals out in the community.
“John is one of the great cybersecurity leaders in our industry. He places a heavy emphasis on building a culture based on trust and transparency, and that applies to his internal teams and extends out to his partner community,” says Natalie Foss, strategic account manager of CyberOne. “We are honored that John continues to partner with CyberOne on his security initiatives.”
Before coming on board at Texas Mutual, Sapp held roles in consulting, financial services, and biotech. He began to explore information security while at a Fortune 10 pharmaceutical company, as the internet was skyrocketing in popularity. “I started to learn and understand how to apply security principles to software and other things that I had worked on in the past,” he says. “My previous experience really helped me better understand information security.”
Sapp went on to join Texas Mutual as senior manager for security engineering amid the COVID-19 pandemic. Since stepping into his current role in September of 2021, he has developed a daily routine that involves staying abreast of an ever-evolving threat landscape. “To understand what the current security risk is to the company, we first have to understand what the current threats are and what the current industry trends are,” he confirms.
In addition to following the latest technology and security news, Sapp maintains regular touchpoints with his team and with leaders throughout the organization to track progress toward achieving both company-wide and more granular strategic goals.
“We have an enterprise objective of improving our security posture that speaks to the level of top-down support we get around information security,” he says. “It is one of those topics that our CEO and our board are very interested in because they want to make sure that we are doing the right things for the right reasons.”
One challenge in protecting the company and its customers has been the shift to a remote and subsequently hybrid workforce during COVID. “We had a number-one initiative of providing secure access to the corporate network and internal software applications, so that our employees and contingent workers could get access to be able to do their job securely from whatever location they were working from,” says Sapp.
To that end, his team established a secure access service edge through the combined implementation of a secure web gateway, cloud access security broker, and cloud data loss prevention capability.
Sapp and his team have also focused on addressing the threat of malware, including ransomware. “We moved to a next-generation endpoint protection solution, to be able to protect against both known and unknown malware, and we enhanced it so that we would have twenty-four by seven by three-sixty-five monitoring, detection, and response capability,” he says. “Regardless of whether we have somebody on call, we have a managed service that provides us with that monitoring.”
Sapp highlights the importance of understanding Texas Mutual’s external attack surface as well. That means searching for vulnerabilities in the interest of resolving them before a cyberattack can occur. On the software front, Sapp turns to Veracode, an application security provider he has trusted since 2007.
“They’ve been a partner of mine at four different organizations because they are, point-blank, the leader in the space when it comes to static and dynamic analysis,” he says. “They give us the capability to scan the software applications that we develop in-house and identify any weaknesses or security flaws that could by exploited by an attacker.”
As a leader, Sapp strives to empower his internal team by communicating his investment in their professional development and unique viewpoints. “Empowerment is probably the single most important component to me from a leadership standpoint because when a team feels like they have the ability to own something, you end up with a much better result from the services and products that you’re delivering to an organization,” he says.
Sapp adopts a similar mindset in the context of supporting the future of information security. He has a strong commitment to education, whether it’s teaching auditors how to translate their skills to the realm of cybersecurity or increasing awareness of technology careers among local high school and college students. In either case, he starts with what someone already knows and builds on that knowledge when explaining information security concepts to them.
In Sapp’s eyes, there is another benefit to sharing his information security expertise beyond securing the field’s pipeline. “Cybersecurity—how it works and how you can utilize it to protect yourself—is a necessary life skill, and I want to do everything that I can to give back to the younger generation, who don’t really know what they’re going to be growing up into,” he says.
In addition to offering children and teenagers the tools to protect themselves against cyberthreats, Sapp shares the same types of information with seniors at assisted living facilities and with community members of all ages through church groups and other organizations.
By meeting people where they are, Sapp is making a tangible difference in how his community thinks about information security. “It shows that you care about them,” he says of his efforts to give back. “That’s part of Texas Mutual as a whole. We are all about community—going out into the community and finding different ways to help people.”