Christopher Callahan – Weichert Companies

In the half a century since it was founded, Weichert expanded from one New Jersey office to include 18 integrated real estate companies with more than 500 real estate offices across the nation.

Its technology also grew, with Weichert moving 80 percent of its data and services to the cloud by 2019.

“It did, however, need some enhancements on seemingly basic procedures, such as how to name user accounts, asset names, and documents. No one had taken charge of and standardized this,” says Christopher Callahan, who was hired in 2019 to help build the company’s information and cyber security department.

Christopher Callahan | Chief Information Security Officer | Weichert Companies | Photo Credit: Mark Westin

As the company’s first chief information security officer, Callahan started by establishing naming protocols and policies. He then covered everything from cyber security to third-party risk management, which included culling vendors to those that helped the business expand.

“It all comes down to establishing policies and procedures, and that was really my overarching goal and mission at Weichert,” he says. “I established a foundation of compliance across the company within two months—a process that can take much longer, but my three decades of experiences isn’t for naught.”

Through Callahan’s efforts, Weichert now has written information security policies and procedures. It’s also implementing new security tools, such as Carbon Black, a cloud-based software that detects and stops malicious behaviors and files; and KnowBe4, which promotes security awareness through training, including simulated phishing attacks.

What’s in a name—or template?

While this emphasis on cybersecurity has been essential, Callahan says an unintended effect was certain processes falling by the wayside. Such was the case with the company’s naming conventions.

Often overlooked, naming conventions don’t just apply to documents but to virtual or physical network-based assets, like a Windows server in the U.S. or a Linux server in Canada and even system code. Using standardized naming conventions—instead of characters from popular movie or book franchises, Callahan interjects—can create easier, smoother system integrations or policy configurations, for example.

“Many miss an opportunity to properly architect naming conventions, which enable process automation that not only saves time but also contributes to cyber security strength,” he says.

In addition to establishing clear naming conventions, Callahan also created templates. As he explains, Weichert Companies uses documents for a variety of tasks, from policies and procedures to risk assessments.

“I had templates in my personal library that I had created throughout my career, so I just adapted these for Weichert’s needs instead of wasting precious time starting from scratch,” he explains.

He even developed specific headers (like “Records Management Policy”) and footers that include the word “confidential” for each template, so that these documents and the information they contained could be easily referenced and audited. He estimates this has saved at least a couple hours of work per document.

Photo Credit: Mark Westin

“While I was establishing these basics, I was constantly also considering the protection of the information that would go into these templates,” Callahan says. “The digital threat to data is ongoing and changing daily—sometimes by the hour or even minute.”

He also implemented The National Institute of Standards and Technology’s Cyber Security Framework and, using NIST’s guidelines, developed company-wide policies. Through that program, employees learned, for example, not to click on attachments and links from unknown senders.

To further strengthen the company’s cyber security, he also integrated a platform made by Devo to log and analyze cyber threats and attacks.

“I also set up a zero-trust strategy—we don’t trust anyone with our data—and ensured we had vendors that could help us protect our network and endpoints (laptops and other mobile devices),” he says. “That’s why I brought on vendors like Palo Alto—protecting internal network with firewalls—and CipherTechs, to monitor our security events at all hours.”

Digital hindsight and foresight

Well before the general public had heard of COVID-19, Callahan had dealt with the early 2000s fallout from SARS. So, in 2015, when he was the pharmaceutical manufacturer Novartis’ director of global IT risk and compliance and cyber security operation, he developed contingency plans for such global, wide-spread events.

“Although I wish we had started talking about more detailed contingency plans in late 2018 and early 2019 across the industry, I’m still glad that at Weichert, we jumped into action in January 2020,” he says.

Since Weichert has offices in Shanghai, Singapore and Hong Kong, Callahan started reaching out to those offices while also contacting the company’s supply chain vendors. His efforts meant that by March 2020, when companies and individuals were rushing to respond to quarantine measures, Weichert was already working remotely.

“We’d had a lot of alignment and future plan discussion meetings until March 16,” he says. “We also followed the World Health Organization’s guidelines.”

Growing up, Callahan wanted to become a biochemical engineer until he took a computer class his senior year of high school—and was hooked.

After receiving his associates degree in business computing from County College of Morris, he became a system analyst at Hilton Hotels. While there, he also attended The Chubb Institute for computer programming courses and eventually information technology courses at University of Massachusetts Lowell.

Over the next few decades, he worked in industries ranging from finance and software to pharmaceuticals and life science. In between helping companies either build or strengthen their IT departments, he obtained two certifications in March 2007: Certified Information Systems Security Professional from ISC2 and Global Information Assurance Certification from the SANS Institute.

“Every position I’ve held has one common thread and one main focus for me: Project to others the importance of being prepared, of cyber hygiene and help smooth any obstacles to the business with technology solutions,” he says.

View this feature in the Summer II 2022 Edition here.