Marty Ray – Fossil Group

The skill sets of music and technology can so complement. So says Marty Ray who’s well-versed at both. Late jazz saxophonist John Coltrane and ill-fated guitar god Stevie Ray Vaughan remain inspirations. Neither virtuoso ever had to look at sheet music, Ray reminds. Artistic passion just flowed through them.

An accomplished guitarist in his own right before family needs led him to a reliable livelihood in technology around 20 years ago, Ray can relate to those musical idols. Critical thinking and improvisation apply to his role since 2015 as chief information security officer at fashion designer and wristwatch manufacturer Fossil Group.

Marty Ray | Chief Information Security Officer | Fossil Group

“Not a hard move for me going from music to technology,” the gregarious Ray tells Toggle in June from Fossil Group’s headquarters in Richardson, Texas. “The hardest part for me was moving out of technology and into the business world.”

With Fossil Group having operations in the Americas, Asia-Pacific and Europe, he faces intense global pressure to ensure cybersecurity and compliance with privacy laws. He’s never surprised to hear of another company hacked or held up for ransomware for lack of protective platforms.

“As I’ve told our board, this is not abnormal,” Ray says about recent security breaches that have victimized Colonial Pipeline and so many other entities. “There are so many companies being breached that you come to expect it.”

And counter it.

Learning under fire

Ray likes to say his cybersecurity education was akin to “basic training during battle” during the late 2000s as the security manager for another Texas firm, Heartland Payments Systems, that was hacked.

Stolen data included the digital information encoded on the magnetic stripes of 100 million credit and debit cards—at the time, the largest breach ever. The young culprit, American computer hacker Albert Gonzalez, soon earned further notoriety on the CNBC series “American Greed” and was sentenced to 20 years in federal prison.

Upon coming to Fossil Group over six years ago, following an 18-month stint working internationally at GameStop, Ray’s skills were tested early when his new employer acquired another business. Back then, Fossil had limited cloud presence versus the company that they were acquiring, and for Ray, the transition entailed learning Amazon Web Services and hiring security specialists globally who, even today, are scarce—and expensive.

“Not nearly as many people go into info-security as they do into programming,” says Ray, who soon was promoted to chief information security officer and entrusted with 30 assistants. “I had been in networks and systems, but as my previous companies grew, I got into firewalls and security tools. I’m certainly glad I made that move.”

As is the Fossil Group executive team, especially with the need for cybersecurity even more essential with so much of the staff working remotely. Noting how malware has becoming increasingly sophisticated, he’s integrated technology for flagging suspicious emails, capturing nearly 50,000 in a phishing mailbox in just three months.

He’s taught employees on such simple steps as not sharing passwords and not tossing potentially sensitive materials into an office trashcan. While he won’t go into too much depth about the technologies deployed, Ray and the IT department can detect internet abnormalities and they’ve worked with business units to ensure their data exchanges put nothing at risk.

“Cybersecurity is not about just a single tool or technology,” he explains. “It’s people, process and technology, and understanding the complete environment.”

Cloud covered

While most of the staffers still work remotely, Ray makes weekly trips to the office, fine-tuning such projects as the digital migration of data centers to cloud-based technology.  He’s working to move the security program toward what’s known as a Zero Trust Security Framework, requiring verification from all prospective users. Such a system also ensures compliance with cybersecurity and regulations worldwide.

And it’s all part of the fun of being a CISO, a role much more in demand than that of musician. But, as Ray reminds, the discipline to always improve goes into either endeavor.

Music being his first love, Ray majored in jazz studies and music theory at the University of North Texas and he played and taught guitar during his early working years. Marriage and family had him mulling a more practical livelihood.

Technology having some appeal, he took courses at Southern Methodist University from 1999 to 2000 and commenced with his new career as a network administrator at GeoAcess. In succession, Reddy Ice Corp., Heartland Payment Systems and GameStop followed, and the skills he accumulated prepped him for Fossil Group as it was expanding its global business.

“While the compliance program was well defined, we didn’t have a dedicated security team when I arrived. That was our focus,” the 58-year-old Ray says. “But we’re now in good shape.”

With over two decades of tech savvy, he’s able to bring cybersecurity into the company’s products. He’s had a hand in securing the company products that merge the traditional wristwatch with Android technology, a hybrid that until recently was mostly offered by just the luxury brands.

Seems only right that Ray would help break that tradition.

“I’m about as non-traditional as a CISO as you’ll meet,” he says with a good-natured laugh. “I was teaching guitar into my late 30s and went to Stevie Ray Vaughan’s funeral even though I never met him.”

View this feature in the Fall I 2021 Edition here.