Over the past decade, the increasing regularity of high-profile data breaches has shifted cybersecurity tactics from firewalls, multi-layered access, and password protection to an attitude of “it’s not if, but when”. However, it’s only recently that the industry has started adapting its strategies to suit this new perspective.
Reimagining Cybersecurity
“We used to think about security like a castle: build high walls, make sure no one gets in. But attackers do get in. And once they’re in, they can move around freely. So now we’re thinking differently: limit movement within the walls, segment systems, contain exposure. Don’t let one breach compromise the whole operation,” says Alex Green, Chief Information Security Officer (CISO) at Delta Dental Plans Association. “It’s about minimising damage, not pretending you can eliminate risk entirely.”
Green’s pragmatism is emblematic of a new breed of cybersecurity leaders. They are not only taking a more resilience-focused posture to security but taking an entirely fresh approach to the cybersecurity team’s role within the larger organisation as well. “Cybersecurity isn’t about locking everything down,” says Green. “It’s about managing risk in a way that allows the business to operate, adapt, and grow. We’re here to support that mission, not get in the way of it.”
The Delta Dental Plans Association Model
Delta Dental Plans Association is the not-for-profit national association of the 39 independent Delta Dental companies. Through the nation’s largest network of dentists, Delta Dental offers dental coverage in all 50 states, Washington, D.C., Puerto Rico, and other U.S. territories.
“Think of it like professional football,” Green explains. “We represent the league, but each team, the member companies, runs its own operation. You can’t apply a one-size-fits-all solution,” he notes. “Instead, we focus on raising the collective cybersecurity posture across member companies.”
Green divides his responsibilities into two main areas: managing internal security for the Association itself and supporting coordination and alignment across the member companies.
Enabling Cybersecurity Through Usability
For Green, good cybersecurity is invisible. His philosophy is that the most secure path should also be the easiest for users to follow.
“People will always choose the path of least resistance. Our job is to make sure that path is the secure one. If we do that well, we don’t just reduce risk; we improve the user experience.”
A recent example is the organisation’s shift to password-less authentication. “Passwords are fundamentally insecure, they’re phishable, guessable, and a hassle to manage,” says Green. “We rolled out a password-less strategy, where authentication is based on device trust, behavioural signals, and cryptographic verification, among various other factors.”
