obit He set up the DND’s first vulnerability response team. He guarded information at BMO and Bell. He raised awareness about “toxic data.” Portrait of a CISO whose successful career, peers say, ended much too soon
Robert Garigue, a veteran member of the IT industry who used his expertise in data security to develop technology strategies for some of Canada’s largest public sector organizations and corporate enterprises, died suddenly last week. He was 55.
In a career that spanned the worlds of financial services, telecommunications and the military, Garigue was an unusually high-profile IT executive who was eager to discuss the ways Canadians need to protect information and the dangers to which it can be exposed.
“You have to make the debate less technical and talk about privacy, regulatory compliance and show that security is there to catch you,” he told Computing Canada in 2003. “It’s a doctor’s role . . . you try to encourage a healthy lifestyle, but then sometimes it’s, ‘Go to the hospital.’”
Friends and colleagues described Garigue as a man of exceptional intelligence and humour, who was as good at articulating a vision as he was at bringing the best out of a team.
“He had what I would call constructive irreverence — he was always pushing the envelope in terms of the status quo,” said Jim Robbins, president of Electronic Warfare Associates-Canada in Ottawa. “He had an understanding of the impact of technology. He was one of the visionaries who could see what needed to be done as opposed to following the conventional path.”
Robbins said he first encountered Garigue when the latter was serving in the Canadian Forces, establishing the Network Vulnerability Assessment Team (NVAT). Occasionally referred to as information protection cops, NVAT’s members recommended patches, changes in configuration and procedures to system managers. It has since been renamed the Strategic Network Vulnerability Analysis Centre.
“To be able to share that vision with the senior leadership and establish that team — any time you’re breaking new ground within an organization that can be steeped in history, that’s a considerable achievement,” said John Weigelt, who also met Garigue during this period and later led IT strategy at Treasury Board Secretariat. “Even years afterwards, he was always keen to see what had become of his organization and provide advice and guidance.”
Garigue moved on to become assistant deputy minister in the Office of Information Technology for the Province of Manitoba, but his biggest project as CTO there was to organize the National Public Sector CIO Council sub-committee on Information Protection.
“The nickname for that group was the Tiramisu working group,” Robbins said, referring to a desert whose Italian name means “pick me up” but which he said Garigue translated as “pulling up by your bootstraps” to inspire the council. “It was a message to provinces – ‘Don’t wait for a handout from Ottawa, we have to do this on your own.”
Weigelt, who left the government to lead security strategy at Microsoft Canada, said the fluently bilingual Garigue had a flair for visual language and coining terms that were later adopted by others in the industry.
“He referred to ‘toxic data’ within an organization – if data is released inadvertently, that toxic data can really have a detrimental effect,” he said. “In another research paper, Garigue referred to computers as “epistemological exploration machines.”
Though he was most recently working as vice-president of information integrity and security at Bell Canada, Garigue spent much of his private sector career as CISO for the Bank of Montreal. There, he dealt with one of the most public IT security incidents in the bank’s history: a pair of recycled BMO servers that had client information that could have potentially been disclosed which turned up on eBay. BMO only learned of the servers after those who found them on eBay contacted the Toronto Star.
“Wherever he worked, he had genuine desire to improve how security was handled in Canada generally,” Weigelt said. Robbins agreed, noting that Garigue was appointed as a delegate for two G8 conference s on cyber-crime in Berlin and Toyko.
A graduate from the University of Montreal in Quantitative Analysis and Master of Science in Computer and Information Systems from the Claremont Graduate University in Los Angeles, Garigue also completed a Ph.D. in knowledge discovery at Carleton University. In addition to his other industry affiliations, he was also past chairman for the Canadian Bankers Association’s Financial Service Industry Computer Incident Response Team organization (CFI-CIRT).
Funeral services for Garigue, who passed away in Montreal on Jan. 10, have been arranged for 11:00 a.m. on Tuesday at Tubman Funeral Homes, 3440 Richmond Road, Nepean. An online guest book to offer tributes has been set up at Legacy.com.