What would you consider your most memorable achievement in the cybersecurity industry?
In the security field, people are often excited about our ‘war stories’, but when I’m asked what my greatest achievements are, I’m referring to the people. I had many young engineers on my teams who were eager to learn and innovate, and then grew into CISOs, start-up founders, technical leaders, etc. through coaching, mentoring and experience. Watching them grow and succeed in their careers and helping them develop their talents are my greatest accomplishments.
What first made you think of a career in cybersecurity?
There are two things that have motivated and influenced every job I have taken: a good reason to join an organization, that it would have a positive impact on society; and an economies of scale impact that brings real change to larger populations.
I got my first taste while working in a network of 12 Native American tribes with a broad mandate to help their communities and reservations bridge their digital divide. Some of these tribes didn’t have access to a basic internet connection because they didn’t have the infrastructure. My work as CIO for these tribes has focused on building the technology infrastructure and services, as well as fostering digital literacy – educating youth so they are ready to enter the tech workforce.
Next, as a security manager at Salesforce, I was drawn to what cloud computing could do for humanity by democratizing cloud services. Most companies could not maintain or afford a secure and scalable infrastructure. Salesforce would leverage cloud computing to help companies achieve with technology what they could not alone, and on a global scale and level of security unfathomable by most companies in the world. Delivering security for the cloud was a value proposition for economies of scale that I absolutely loved.
What leadership philosophy do you follow in your current position?
Traditional security practices tend to isolate security and focus it solely on technology or solely on compliance – my management style is different. I build security teams that are also people-centric.
Those who work on my teams receive professional development training so they can influence and interact with non-technical audiences to make them more secure. You can have the smartest safety engineers in the world, but if you can’t influence a company to make safer decisions, safer outcomes won’t be achieved.
What do you think is the current talking point in cybersecurity?
That depends on which community we’re talking to. In Europe, for example, the hot topic of conversation is that modern companies adopting cloud and enterprise SaaS are effectively leveraging the security benefits that modern software offers.
At the same time, one of the worst talking points I hear in Europe is mistrust of cloud technology, which unfortunately is more common in biotechnology. Many biotechs are still clinging to a security strategy from the late 1990’s, using on-premises technology and essentially using firewalls as the first and only line of defense. Maintaining an on-prem strategy often puts you at greater risk because you have 100% security responsibility and resources. Most companies that distrust cloud computing are actually less secure than the cloud providers they distrust.
How do you deal with stress and relax outside of the office?
I read a lot of books. When I read with my daughter, I don’t think about work.
I have also developed a wine making hobby. Some safety experts and I make award-winning Pinot Noir.
If you could go back and change one career decision, what would it be?
Every step I’ve taken in my career has helped shape me today, so I wouldn’t have changed anything on that front. What I would have done differently is to understand more quickly – that safety, technical knowledge and leadership can really be used to create significant positive change.
What do you think are the top investment areas in the cybersecurity industry right now?
Overcoming the cybersecurity engineer skills gap should be the number one priority. Safety engineer roles are tough to fill – as a safety engineer you need to create new solutions, understand safety issues and design solutions to them. They don’t buy off-the-shelf software that often because there is no off-the-shelf software that can solve all problems.
At Benchling, for example, every security officer is an engineer. Safety engineers are in high demand in almost every industry. In biotechnology, most companies have safety analysts. That offers added value. But there’s a delta between what they do and what a safety engineer is capable of.
Are there differences in the way cybersecurity challenges need to be addressed in different regions?
In Europe and in the biotech industry, we are seeing hesitation in moving from on-prem to cloud. Part of this is due to a reluctance to invest in and swap out the workforce, skills and technology needed for the transition. Part of this is also due to a myth-creating narrative that questions the security of the cloud.
Aside from taking a data-driven approach to security decisions, the most important lens I can offer to change cloud computing security attitudes is that of economies of scale. Companies adopting cloud and enterprise SaaS benefit from the security economies of scale that modern software companies offer. Enterprise SaaS companies are responsible for security and have security capacities and teams beyond what most companies can afford.
What changes have you seen in your professional role over the last year and how do you see this development over the next 12 months?
This is my first role focused on security and IT for biotechnology. So I really needed to understand the biotech customer dilemma, including how they think about R&D use cases and workflows, how IT enables R&D, their pain points and their needs.
Biotech organizations generate revenue based on intellectual property, and if compromised, large revenues are lost. These organizations are also heavily regulated due to the potential human impacts of their products, and compliance can affect or hamper the organization’s ability to compete. Both factors mean that for a cloud-based platform like Benchling, maintaining industry-leading security, privacy, and compliance standards is paramount for biotech customers.
What advice would you give to someone aspiring to a C-level position in the security industry?
Their goal is to reduce security risk across the board. One of the best ways to do this is to make security really and deeply embedded in your organization. Not only do you need to understand your company’s business; but also to have a seat at the table when it comes to making this business successful.
Click below to share this article