Your current role as CIO and CISO at Venafi means that you are working in the cyber security industry in a major way. Do you eat your dog food or do the staff already get the importance of information security?
Venafi takes security very seriously – and my team deeply understands the importance of information security, but with the ever changing threat landscape, there are always improvements to be made. In my position, I have a dual role to not only protect Venafi but also protect our employees and customers, and I take that role very seriously. As for eating our own dog food – yes we do. We are a Venafi customer!
We are seeing enterprises shift into a Digital world from analogue. How do you see the CIO and CISO role changing? Is this fast enough??
We now have massive amounts of data at our fingertips, and the IT industry is evolving faster than ever. Cyber security has transformed from what most viewed as an IT issue to a central business concern, and the CIO and CISO roles are shifting in response. If we’re to keep up the pace and adopt emerging technologies, security needs to be a priority and CIOs and CISOs need to work together to mitigate risk in organizations across industries and throughout government.
The pace of change is quickening. What do you do to stay up with digital developments?
With the rise of DevOps and explosion in mobility, the IT world is rapidly evolving, and it’s essential for CISOs and CIOs to continue to develop their craft. I am always meeting with my peers, industry experts, attending tradeshows and discussing hot button issues with my peers, customers and teams to stay up on the latest threats, trends and industry developments. I also have to rely on those that are smarter than me (aka – My IT/Security team) to keep me informed! J
Trust is a key concept in cyber security. How do you define trust and what’s your view on managing this asset?
In today’s world, trust cannot be blindly granted - period. Threats are constantly increasing in both frequency and sophistication and an innocent email can prove deadly to the everyday enterprise. Just like any other asset – you cannot protect what you don’t know you have. For an organization to effectively mitigate risk and improve security, managing trust is key. It’s essential that IT managers implement multi-factor authentication, manage access and revoke and grant privileges accordingly – not just UserID’s and Passwords, but elevated access like privileged access, as well as keys and certificates.
What’s your view on digital certificates and how these assets in the future would be stored on Blockchain Technology?
Digital certificates and cryptographic keys provide the foundation of trust on the internet. The average organization has over 24,000 keys and certs and most of them don’t know where they all are and how to protect them (unless they use Venafi). The reality is that you can’t surf the web safely today unless their keys and certificates are properly secured.
Storing certificate information on Blockchain Technology is just another way enterprises can take steps to thwart hackers. Since blockchain databases are distributed and encrypted, they are harder for hackers to attack and the security and privacy of data is successfully maintained. With encryption now being used by hackers to hide malware in plain sight, secure technologies like this will be important moving forward. Though it’s important that organizations recognize there is no “silver bullet” when it comes to security, securing keys and certificates is a good start.
When you are stuck with a difficult problem, where do you go for advice and guidance?
I’m lucky enough to work with a fantastic team of incredibly talented individuals, and I often look to them as a sounding board when I run into issues and need another perspective. Also, the CISO community is very close and I have an awesome rolodex of colleagues with whom I collaborate with regularly. If you can’t collaborate with the people you work with and fellow CISOs, how can you expect your company to succeed?
In your role as CIO and CISO – which of these two is the one that you enjoy the most? Why??
It’s hard to separate one from the other. I have 30 years of experience within IT. From managing helpdesks, desktop support, and Identity Management to Production Control and Capacity planning -- I have touched many sides of IT. If I combine that with the last 20 years focused primarily in security/compliance, it was natural for me to take on the role of both CISO and CIO. In the past, security did not necessarily lie within the purview of a CIO, but over the last several years our threat landscape has finally transformed cybersecurity into a C-suite conversation, so my roles tend to overlap and intermingle. It is all about business enablement – I love what I do every day – so instead of which one – I would rather just say “I LOVE MY JOB”.
What’s your view about attracting more female talent into Cyber Security. How can this be achieved?
This is a major issue - and one that is near and dear to my heart. We absolutely need to make the effort to attract more female talent to the cybersecurity field. However, generally speaking, we just simply need more qualified cybersecurity pros to fill the jobs -- both men and women! The National Cybersecurity Institute at Excelsior College estimates that nearly 2 million global cybersecurity professionals will be needed by 2017, and we cannot ignore half the population if we want to fill that talent shortage. Recent initiatives like Girls Who Code are a step in the right direction, but we need to implement similar programs to break the stereotype that women aren’t fit for STEM fields. To build a workforce, we need to build a talent pipeline and that starts with education. I encourage and challenge all security professionals to volunteer their time at local schools and universities to educate them as to what makes up this awesome field of Security!
What is the one most important attribute that you must see to select a new staff member to your team?
Actually I have two – and neither of them are technical! Passion and Fit. I will never hire someone without a passion and integrity for doing the right things right and for the right reason. In the tech and security industry, it’s easy to get lost in the noise, and I need my team to rise above the rest and strive for success for themselves, their team and their company. And in order for the success to be accomplished they must be a good fit with the rest of the team and always keep in mind that we are just a part of the much larger team.
Finally what’s the last thing that you do on a Friday evening as you leave the office? Why??
Considering I am usually at about 30,000 feet on most Friday afternoons, I consider my office time is while I am on an airplane! I usually make a check list of items (on a paper calendar…) what I need to do over the weekend and for the following week – then honestly? -- I just grab my bags and get home…with a big smile on my face! With being on the road 90% of the time, I really look forward to the opportunity to spend time with my husband, family and friends. Not to mention -- we just added a new puppy to the family, a Rotti named York who has just melted my heart!