What would you describe as your most memorable achievement in the cybersecurity industry?
The most memorable was watching Orion EFT 1 launch and land. It was a full circle moment for me. My team worked closely with the engineers who wrote the code for Orion and scanned a few million lines of code to ensure the software onboard Orion was secure. Orion launched from Cape Canaveral and landed in the Pacific Ocean and was retrieved by the USS Anchorage LPD-23. Having spent nine years serving on amphibious ships in the US, I knew that those sailors were as proud as I was that day. It was really a special moment.
What first made you think of a career in cybersecurity?
Cybersecurity wasn’t really a thing when I was starting out in my career, so my journey here has been somewhat organic.
I came into technology via the US Navy, in a rating called a Radioman (RM) – which is now legacy. A female recruiter, who was also a Radioman, inspired me to follow in her footsteps as she said that I reminded her of herself. From there, I transitioned into IT and began working on Naval Networks before entering the SOC in San Diego. Once there, I knew that cybersecurity was my calling and have been in the field ever since.
What do you think is the current hot cybersecurity talking point?
There are so many to choose from, but Customer Identity and Access Management (CIAM) is both important and exciting as we find ourselves at the intersection of convenience, security and privacy.
For any consumer-facing company, delivering a great user experience is critical. When trying to achieve a stellar UX, privacy and security no longer have to be considered acceptable collateral damage. In this space, innovation is fast, often making use of so many capabilities in one product – such as passwordless registration, integration of social profiles and progressive profiling for powerful insights – all of which greatly enhance the overall customer experience.
How do you deal with stress and unwind outside the office?
I do a couple of things. The first is setting boundaries for myself. I love my job and my work, it doesn’t feel like work, which is why I am diligent about ensuring that I log off and decompress by a certain time.
The Auth0 team has already nicknamed me the ‘Where’s Waldo’ of the group. I have wanderlust and I travel often. When I’m not in the office, I’m at the airport heading to my next adventure.
If you could go back and change one career decision, what would it be?
If you’d asked me before I turned 40, I would have had a long list of things I would have done differently. Now, I wouldn’t change a thing. Every decision, both good and challenging, led me to this moment. I recognise the value of each of my career decisions and understand that the role I have today as CISO is the culmination of all those decisions.
What do you currently identify as the major areas of investment in the cybersecurity industry?
Security is still too often seen as an afterthought by businesses. This leads to all sorts of challenges; companies are not implementing the right technologies in a secure manner to successfully fend against attacks. We should be investing in ‘as-a-Service.’ Understanding what your team does well and leveraging software, infrastructure, or identity as-a-Service is not only a good investment, it is a decision that will move business forward at the speed of innovation. We should look at the gaps in our organisations and find collaborative solutions and partnerships that allow our teams to get laser-focused on what we actually do well.
Are there any differences in the way cybersecurity challenges need to be tackled in the different regions?
Organisations should be taking a global approach to cybersecurity. We are all facing the same threats. They should remember to consider the little things when it comes to cybersecurity as they have a habit of adding up and leading to big costs.
Most attackers will usually start with trying to exploit the most common and easiest point of entry, so businesses must ensure they have an Identity and Access Management (IAM) system in place that leverages best practices (captcha, MFA, adaptive authentication) as this is a great first step in drastically minimising the more sophisticated compromises and data breaches.
Change management is as important as hardening and patching systems. System updates and configuration changes often require administrators to reset various configurations upon completion. Forgetting to do this can leave the doors open for attacks.
Permissions and access management are also important. Preventing lateral movement inside your organisational network can be critical in minimising damage. Ensuring that only authorised users have access is critical, which includes managing credentials of termed employees, using privileged accounts and leveraging technology to manage user access.
Lastly, you really need to have a Business Continuity plan in place. This needs to be a realistic and actionable plan – and must be tested. When doing so, it’s important to create a plan that makes sense for the industry that you’re in and understand exactly what your tolerance is for outages and downtime.
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months?
Two months into my role as CISO, Auth0 was acquired by Okta and together we are creating the future of digital identity. This is one of the most exciting times in my career and moving at the speed of innovation will be pivotal to that future.
What advice would you offer somebody aspiring to obtain a C-level position in the security industry?
One of my passions for the security industry is to see more women around the boardroom table and at an executive level. Our industry is still largely dominated by men, but one of the factors that really helped me get to where I am today was having a strong group of mentors and champions that I could turn to throughout critical points in my career. I would advise any female looking to obtain a C-level position to surround herself with a similar group of mentors and champions that they can lean on, and who will provide opportunities to grow and succeed.
Another one of my top tips is for people to really seize every opportunity possible to grow and learn. Your career journey is whatever you make it and progress can be achieved in many ways other than receiving a promotion.