Erin Joe, the Senior Vice President of Strategy and Alliances at Mandiant, is of the opinion that we need to demonstrate our commitment by utilising each of our unique and shared capabilities, authorities, and relationships toward a more secure society

Tell us about yourself and your current job role.
I’m a Senior Vice President of Strategy and Alliances at Mandiant. I was an attorney for three years before serving as an FBI Agent and leader for 25 years.

The SVP of Strategy and Alliances role:

• Develops a strategic plan to support business development
• Develops strategic partnerships to improve go to market and delivery to customers
• Serves as a Trusted Advisor and Executive Sponsor for Global Government and Commercial client relationships

Tell us about your journey into the security industry. Was the security industry your first choice?
In my journey, I’ve reinvented myself many times. I gravitate toward new challenges and like to take on hard problems. My liberal arts background gave me exposure to a wide variety of disciplines in not only the humanities but also the sciences. Between that and law school, I developed critical thinking, problem-solving, interpersonal, and communication skills that serve as a foundation for everything I’ve undertaken.

After three years as an attorney, I joined the FBI as a Special Agent. During my 25 years promoting up through the ranks, ultimately to Senior Executive Service in the FBI, I continually learned about and worked in new areas covering every program in the FBI: Criminal, Counterterrorism, Counterintelligence, Intelligence, Internal Investigations, Security, and Cyber. The FBI has both law enforcement and a national security mission with corresponding legal authorities.

As such, the FBI’s mission to protect the nation and its people is a security mission. Furthermore, I’ve worked closely with global governments and global security industry personnel to prevent and respond to threats as well as manage some of the largest crises on the planet. Whether it was responding to the physical threats during and following 9/11, countering nation-state economic and intelligence threats, or working to prevent and respond to cyberattacks from around the world, I’ve been engaged in the security mission with security personnel across every sector of business and government.

There are many great companies and leaders who are working to improve security. I joined Mandiant because I found the company to be highly professional and capable of solving and responding to the most challenging cyber security threats the world faces with the same mission focus and integrity I had in the FBI.

During your tenure in the security industry, have you experienced major changes the industry has gone through?
Security concerns have shifted from focusing on securing finite physical space from physical actors with physical limitations to securing both physical spaces as well as cyberspace from cyber actors and botnets with infinite reach and capabilities who could be located in and acting from anywhere in the world.

Evil actors no longer have to put themselves into danger or at risk by physically getting to or being at the target location for an attack. This shifted the risk calculation for people who want to harm others. Cyber threat actors have a disproportionate advantage, reach, and access compared to physical threat actors, which increases the attack surface that must be protected, increases the impact threat actors can have, and decreases the likelihood of harm or repercussions in the threat actors’ risk calculation.

The most positive change I see is thought leaders and security professionals working together to solve the problems recognizing we need a holistic approach. Policy and lawmakers are seeking input from industry as well as across government. Government and private industries are sharing information as well as identifying and taking actions toward solutions.

These approaches include network defense and recovery actions as well as diplomatic, law enforcement, and intelligence operations worldwide. The industry is improving its holistic approach by looking at ways to integrate and partner with one another to offer more comprehensive security solutions, which is one reason I was attracted to join the Mandiant team.

Are there any challenges you face on a day-to-day basis working in this industry?
The complexity of our information technology and operating technology environments coupled with the rapidly advancing and increasingly available tools and techniques of the threat actors make it challenging for organizations to protect themselves. Companies understand the need to fix it, but the solutions can often be as complex as the problems. Mandiant looked at the most common cyber security problems and obstacles and set out to solve those.

Some common problems are: One, Security Operation Centers are overwhelmed with alerts without adequate methods to prioritize; Two, security professionals are challenged to identify technical assets operating in their environment to be able to react quickly to direct threats and vulnerabilities; and Three, IT/OT environments have products and services that do not integrate well with other products and services that are supposed to fix security problems.

Given the constantly changing threats and technical landscape, security professionals really need to know: How is a threat coming at me now? Am I vulnerable to it? Am I about to be compromised? Have I been compromised? Then, they need to be able to react most effectively and efficiently. Mandiant is building a Software as a Solution (SaaS) platform which will address the problems of scalability and will lay over whatever customers have in their IT or OT environments.

Developing a technology agnostic solution will mean customers no longer have to change their environment to detect, prevent, and respond to threats. They can interface with our integrated intelligence, validation, and defense solutions through a SaaS platform providing agility and effectiveness previously unavailable. This integrated and automated approach provides real-time assessments, prioritizes and responds rapidly, and makes security more manageable. This type of problem-solving will be one critical way forward in the future.

What sort of future do you foresee for the security industry as a whole?
A whole of society approach is critical. Corporate and government leaders will need an ongoing commitment to working together to solve security challenges. The security problems we face are too vast and complex for any one government or industry to solve. We live in an interconnected and interdependent world.

We need to demonstrate our commitment by utilizing each of our unique and shared capabilities, authorities, and relationships toward a more secure society. This takes voice and action. We have talked about public/private partnerships for years. We have seen the economic impact of breaches. This plays out not only in the cost to victims but also through the risk it poses to economic and national security to nations experiencing such attacks.

One of the most significant examples Mandiant recently lived out was upon discovering and responding to threats to Solar Winds. This threat put millions of systems across industry and government at risk and illustrated the potential impact our adversaries could have. In this example, companies that are publicly traded were faced with decisions about which actions were in the best interest of shareholders and society.

These are tough decisions. Mandiant made the decision to come forward with the discovery which ended up being one of the most pervasive supply chain cyber attacks in history. Coming forward served as a catalyst for sharing intelligence and technical capabilities across numerous global companies and governments to stop the threat.

From there, these partners used their capabilities and authorities to defend against the immediate attack as well as look at ways to continue to ensure against future attacks. This involved Mandiant and others testifying to Congress and sharing its perspective, challenges, and knowledge across government to inform lawmakers and agencies. There is more to do, but this example highlights the need to work together in ways that are meaningful to our future.

What more needs to be done to welcome more and more women into the security industry?
Welcome is the keyword. I’m glad you used it. Welcoming anyone anywhere makes all the difference in the world. If you receive a written invitation to a party, aren’t you more likely to go if the host or a friend says, “I would really like you to join,” or “Let’s go together,” or “I’d like to introduce you to some people who will be there”? When people welcomed me, I began to love this industry and wanted to stay in it. If you want anyone to join or stay in your industry or organization, welcome them.

At a fundamental level, people need to feel safe, valued, accepted, and cared for. When you let people know that you want them, they feel accepted. When you engage people in problem-solving, change management, thought leadership, and organizational missions, they feel valued. When you meet their needs by offering the right balance of flexibility with structure, they feel safe. When you solicit, consider, and implement diverse ideas, people feel included.

When you reach out to people and invest in them giving them the skills they need to progress, you demonstrate your care for them. If you want to attract and keep talented people, meet them where they are and take them where you want them to be. If you are an organization or a leader known to do those things, people will come to you. Be connected to your own why. Why do you want more women? I would not have been attracted to an organization trying to meet a gender quota.

I was attracted to join the organizations I have throughout my career because they wanted to bring in my skills and experiences; because I complemented what they had and/ or they needed more of what I have to offer. Organizations need people with a wide variety of experiences. I have been a wife, career woman, and working mom with multiple children. I grew up with a single mom in an underserved, underprivileged part of the country. I’ve worked in demanding career fields.

While I earned a living in government, I could not afford extra help or support. My family and I juggled and sacrificed. I know what it takes to be successful in high-pressure work environments while simultaneously managing and overcoming the feelings of being an overwhelmed and sleep-deprived parent. There are many women out there who relate to some or all of these experiences. Those women are dedicated and capable, but they need to see others like them making it work.

That is one of many reasons why you need some people like them in your industry. Workplaces have many experts in their vertical business lines. While I gained expertise in business areas, I noticed I brought a somewhat unusual integrative, holistic approach to problem-solving. As a person, I’m mission-focused and action-oriented. Yet, I know the only way to succeed in the mission is through people.

Plus, I love and care about people. So, I’m dedicated to personnel development as well as internal and external collaboration. When organizations say, “We need some people who look at the world and problem solving the way you do. We need some people like you in leadership roles to share that point of view so we can better meet those challenges and to serve as role models and mentors to others,” which motivates me to join.