Before you’re awake, Elias Oxendine IV has risen from his bed at 3:30 a.m., headed to the gym, gotten a full workout in, and sanded down the chip on his shoulder—the chip that has motivated him his entire military and professional career—just a little bit further.
The scrawny kid from the middle of Georgia, who at one point in his naval career was responsible for equipping fourteen aircraft carriers and amphibious ships with intelligent systems to sustain for up to six months at sea, is now a chief information security officer (CISO) at Yum! Brands, home to Pizza Hut, KFC, Taco Bell, and The Habit Burger Grill.
Oxendine grew up intimately familiar with having very little. His parents married and divorced early, and Oxendine lived with his mother who did her best to provide for her son. That was just part of the struggle.
“I think the best way to put it is that I’ve been racially challenged my entire life,” Oxendine says, frankly. “But I think I learned to process it to use it as a positive motivator in my journey. Like this job. I told my wife that I just had to take it. Quite honestly, as a Black man in cybersecurity, I felt that taking this role could also open the door for other minorities.”
The challenges Oxendine faced kept coming. He was repeatedly passed over for promotion in the Navy despite having been accepted to and later completing a much-sought-after naval intelligence master’s program, a spot at least a hundred-plus officers were seeking out. Oxendine is proud of his service and holds no ill will, despite those who may have intentionally held him back because of the color of his skin.
“Whether it was because I grew up small, or some of the challenges I’ve faced in my life, there’s always this little chip on my shoulder pushing me forward, seeing how far I can go,” Oxendine admits. “I’m not aggressive, but I have an edge. The gym keeps that in check, but I also think it’s very useful for the work that I do.”
Edge was something Oxendine was going to need in spades. He was lured to Yum! away from a role at Brown–Forman Corporation that he originally thought might be his home until retirement. But the chance to work for a Fortune 500 company and the scale of the organization was a challenge that Oxendine, and that little chip, couldn’t turn down.
Just over a year into Oxendine’s tenure at Yum! Brands, he got the chance to vie for his boss’s job. “Our CISO left the company. “I just remember thinking that I was supposed to have more time to get my feet under me before assuming the role,” he says, laughing. “Each of our brands operates as its own entity, and each brand has a US and international arm. And as you can imagine, there are some major complexities there. But when that opportunity strikes, you just gotta go for it.”
After an extensive search, Oxendine was offered the position, one he accepted not just for himself, but for the visibility it would bring to the space.
When the CISO talks about some of the complexities of the role, he’s underselling. A whopping 98 percent of Yum! Brands restaurants are franchises, a structure which places a premium on clear communication, consensus building, and a service mindset. To protect Yum! Brands and its franchisees, Oxendine must market and influence the use of security services and controls to maintain an adequate risk posture, either through his global technology risk management team’s services or via a third party.
This new approach to providing franchisees options among in-house or approved third-party security services has just gotten off the ground, but the response has been overwhelmingly positive thus far for a problem that seemed too complicated to tackle from the outset.
“I recently received a note from a brand president that thanked us for finding a cost-effective solution that allows franchisees to implement security controls in a smaller market,” Oxendine says. “I hope that demonstrates that we’re listening and working to be the best business partners we can be.”
These partners certainly have seen the best. “Elias is a strong cybersecurity leader whose upbringing and naval career has made him a humble, compassionate, yet driven and disciplined leader who will listen first and speak last,” says Vikram Rao, Deloitte’s managing director for cyber and strategic risk services. “He is the kind of leader who will remember your name and will treat you with respect regardless of who you are.”
Oxendine has only been in the CISO chair for a year but given his track record thus far, and the fact that he’s awake four hours before the sun comes up, it’s clear that he’s making big things happen in short order. That’s the Gospel of Ox: Making the best of the worst, and making the worst bring out the best in you.
Elias Oxendine IV is willing to pull out all the stops to bring company eyes to cyber literacy. Whether it’s a rap video or Oxendine literally dressed up as a fisherman “phishing” for system vulnerabilities (complete with the Jaws theme and an unsuspecting intern), the CISO is harnessing social media to get his message across.
“You’ve got to meet people where they’re at today,” Oxendine says. “They want fast and interesting content along with important information fast, so we’re going all out—whatever we have to do to get people to pay attention. I’ll use auto-tune if it will get you to pay attention.”