Connect with us

Interviews

Women in Security: A Whole of Society Approach is Critical

Published

on

Erin Joe, the Senior Vice President of Strategy and Alliances at Mandiant, is of the opinion that we need to demonstrate our commitment by utilising each of our unique and shared capabilities, authorities, and relationships toward a more secure society

Tell us about yourself and your current job role.
I’m a Senior Vice President of Strategy and Alliances at Mandiant. I was an attorney for three years before serving as an FBI Agent and leader for 25 years.

The SVP of Strategy and Alliances role:

  • Develops a strategic plan to support business development
  • Develops strategic partnerships to improve go to market and delivery to customers
  • Serves as a Trusted Advisor and Executive Sponsor for Global Government and Commercial client relationships

Tell us about your journey into the security industry. Was the security industry your first choice?
In my journey, I’ve reinvented myself many times. I gravitate toward new challenges and like to take on hard problems. My liberal arts background gave me exposure to a wide variety of disciplines in not only the humanities but also the sciences. Between that and law school, I developed critical thinking, problem-solving, interpersonal, and communication skills that serve as a foundation for everything I’ve undertaken.

After three years as an attorney, I joined the FBI as a Special Agent. During my 25 years promoting up through the ranks, ultimately to Senior Executive Service in the FBI, I continually learned about and worked in new areas covering every program in the FBI: Criminal, Counterterrorism, Counterintelligence, Intelligence, Internal Investigations, Security, and Cyber. The FBI has both law enforcement and a national security mission with corresponding legal authorities.

As such, the FBI’s mission to protect the nation and its people is a security mission. Furthermore, I’ve worked closely with global governments and global security industry personnel to prevent and respond to threats as well as manage some of the largest crises on the planet. Whether it was responding to the physical threats during and following 9/11, countering nation-state economic and intelligence threats, or working to prevent and respond to cyberattacks from around the world, I’ve been engaged in the security mission with security personnel across every sector of business and government.

There are many great companies and leaders who are working to improve security. I joined Mandiant because I found the company to be highly professional and capable of solving and responding to the most challenging cyber security threats the world faces with the same mission focus and integrity I had in the FBI.

During your tenure in the security industry, have you experienced major changes the industry has gone through?
Security concerns have shifted from focusing on securing finite physical space from physical actors with physical limitations to securing both physical spaces as well as cyberspace from cyber actors and botnets with infinite reach and capabilities who could be located in and acting from anywhere in the world.

Evil actors no longer have to put themselves into danger or at risk by physically getting to or being at the target location for an attack. This shifted the risk calculation for people who want to harm others. Cyber threat actors have a disproportionate advantage, reach, and access compared to physical threat actors, which increases the attack surface that must be protected, increases the impact threat actors can have, and decreases the likelihood of harm or repercussions in the threat actors’ risk calculation.

The most positive change I see is thought leaders and security professionals working together to solve the problems recognizing we need a holistic approach. Policy and lawmakers are seeking input from industry as well as across government. Government and private industries are sharing information as well as identifying and taking actions toward solutions.

These approaches include network defense and recovery actions as well as diplomatic, law enforcement, and intelligence operations worldwide. The industry is improving its holistic approach by looking at ways to integrate and partner with one another to offer more comprehensive security solutions, which is one reason I was attracted to join the Mandiant team.

Are there any challenges you face on a day-to-day basis working in this industry?
The complexity of our information technology and operating technology environments coupled with the rapidly advancing and increasingly available tools and techniques of the threat actors make it challenging for organizations to protect themselves. Companies understand the need to fix it, but the solutions can often be as complex as the problems. Mandiant looked at the most common cyber security problems and obstacles and set out to solve those.

Some common problems are: One, Security Operation Centers are overwhelmed with alerts without adequate methods to prioritize; Two, security professionals are challenged to identify technical assets operating in their environment to be able to react quickly to direct threats and vulnerabilities; and Three, IT/OT environments have products and services that do not integrate well with other products and services that are supposed to fix security problems.

Given the constantly changing threats and technical landscape, security professionals really need to know: How is a threat coming at me now? Am I vulnerable to it? Am I about to be compromised? Have I been compromised? Then, they need to be able to react most effectively and efficiently. Mandiant is building a Software as a Solution (SaaS) platform which will address the problems of scalability and will lay over whatever customers have in their IT or OT environments.

Developing a technology agnostic solution will mean customers no longer have to change their environment to detect, prevent, and respond to threats. They can interface with our integrated intelligence, validation, and defense solutions through a SaaS platform providing agility and effectiveness previously unavailable. This integrated and automated approach provides real-time assessments, prioritizes and responds rapidly, and makes security more manageable. This type of problem-solving will be one critical way forward in the future.

What sort of future do you foresee for the security industry as a whole?
A whole of society approach is critical. Corporate and government leaders will need an ongoing commitment to working together to solve security challenges. The security problems we face are too vast and complex for any one government or industry to solve. We live in an interconnected and interdependent world.

We need to demonstrate our commitment by utilizing each of our unique and shared capabilities, authorities, and relationships toward a more secure society. This takes voice and action. We have talked about public/private partnerships for years. We have seen the economic impact of breaches. This plays out not only in the cost to victims but also through the risk it poses to economic and national security to nations experiencing such attacks.

One of the most significant examples Mandiant recently lived out was upon discovering and responding to threats to Solar Winds. This threat put millions of systems across industry and government at risk and illustrated the potential impact our adversaries could have. In this example, companies that are publicly traded were faced with decisions about which actions were in the best interest of shareholders and society.

These are tough decisions. Mandiant made the decision to come forward with the discovery which ended up being one of the most pervasive supply chain cyber attacks in history. Coming forward served as a catalyst for sharing intelligence and technical capabilities across numerous global companies and governments to stop the threat.

From there, these partners used their capabilities and authorities to defend against the immediate attack as well as look at ways to continue to ensure against future attacks. This involved Mandiant and others testifying to Congress and sharing its perspective, challenges, and knowledge across government to inform lawmakers and agencies. There is more to do, but this example highlights the need to work together in ways that are meaningful to our future.

What more needs to be done to welcome more and more women into the security industry?
Welcome is the keyword. I’m glad you used it. Welcoming anyone anywhere makes all the difference in the world. If you receive a written invitation to a party, aren’t you more likely to go if the host or a friend says, “I would really like you to join,” or “Let’s go together,” or “I’d like to introduce you to some people who will be there”? When people welcomed me, I began to love this industry and wanted to stay in it. If you want anyone to join or stay in your industry or organization, welcome them.

At a fundamental level, people need to feel safe, valued, accepted, and cared for. When you let people know that you want them, they feel accepted. When you engage people in problem-solving, change management, thought leadership, and organizational missions, they feel valued. When you meet their needs by offering the right balance of flexibility with structure, they feel safe. When you solicit, consider, and implement diverse ideas, people feel included.

When you reach out to people and invest in them giving them the skills they need to progress, you demonstrate your care for them. If you want to attract and keep talented people, meet them where they are and take them where you want them to be. If you are an organization or a leader known to do those things, people will come to you. Be connected to your own why. Why do you want more women? I would not have been attracted to an organization trying to meet a gender quota.

I was attracted to join the organizations I have throughout my career because they wanted to bring in my skills and experiences; because I complemented what they had and/ or they needed more of what I have to offer. Organizations need people with a wide variety of experiences. I have been a wife, career woman, and working mom with multiple children. I grew up with a single mom in an underserved, underprivileged part of the country. I’ve worked in demanding career fields.

While I earned a living in government, I could not afford extra help or support. My family and I juggled and sacrificed. I know what it takes to be successful in high-pressure work environments while simultaneously managing and overcoming the feelings of being an overwhelmed and sleep-deprived parent. There are many women out there who relate to some or all of these experiences. Those women are dedicated and capable, but they need to see others like them making it work.

That is one of many reasons why you need some people like them in your industry. Workplaces have many experts in their vertical business lines. While I gained expertise in business areas, I noticed I brought a somewhat unusual integrative, holistic approach to problem-solving. As a person, I’m mission-focused and action-oriented. Yet, I know the only way to succeed in the mission is through people.

Plus, I love and care about people. So, I’m dedicated to personnel development as well as internal and external collaboration. When organizations say, “We need some people who look at the world and problem solving the way you do. We need some people like you in leadership roles to share that point of view so we can better meet those challenges and to serve as role models and mentors to others,” which motivates me to join.

Interviews

Women in Security: The Way to the Top is Certainly Harder for Women

Published

on

Maya Horowitz, VP Research at Check Point Software Technologies, says that organisations should carry out women mentoring programs

Tell us about yourself and your current job role.
I’m the VP of Research in Check Point Software Technologies. Check Point Research (cp<r>) is in charge of analyzing the cyber threat landscape, making sure our customers are protected from the state of the art of cyber-attacks, as well as identifying new malware, campaigns and vulnerabilities and publishing them for the benefit of the entire security community.

Tell us about your journey into the security industry. Was the security industry your first choice?
I got into the cyber industry through my 10-year-service in the Israeli Defense Forces. It wasn’t my first choice, which is why my studies were unrelated to cyber or high-tech at all; I studied psychology and business management, and my thesis was related to cancer research. After completing my master’s degree, I joined Check Point Software based on my background from IDF, and I’ve been here for the last 7 years.

During your tenure in the security industry have you experienced major changes the industry has gone through?
The most overwhelming change in the cybersecurity industry is the growing number of start-up companies and point solutions. It’s almost as if every new cyber-attack is grounds for a new company, which means that to be protected against all attacks – organizations allegedly need to work with an infinite number of security providers. Check Point Software, aims at providing a more holistic solution, and I believe this is the future of the industry – moving back to consolidation, to avoid having to chaise numerous products.

Are there any challenges you face on a day-to-day basis working in this industry?
As a woman in the industry, and especially as a senior manager, I often find myself to be the only woman in the room, which can get a bit lonely. On the other hand, it also means that I am different, and this can actually mean that my voice is different and it’s easier to be heard and remembered.

I also think that while there is no glass ceiling, the way to the top is certainly harder for women. As men’s behavior is more the manager stereotype (based on decades of male leadership), we have to work against the stereotype and prove that we are worthy managers, usually to our male managers who appreciate the stereotype.

And interestingly, the stereotype doesn’t only apply to the managers, but also to the candidates. Too often I find myself trying to convince a female employee or mentee that she is more than capable of a managerial or professional promotion. I consistently see insecurities and exaggerated perfectionism in super-qualified women, and I wish we would take these leaps of faith in ourselves as easily as men do.

What sort of future do you foresee for the security industry as a whole?
The cybersecurity industry will keep doing the cat and mouse game with the hackers – with new attack tricks, new protections will emerge, and vice versa. Like in a physical war, this will keep happening until a real tie-breaker is invented – the nuclear power of technology which will be a game-changer. What will it be? Quantum computing? New implementation for blockchain? Time will tell.

What more needs to be done to welcome more and more women into the security industry?
From a very young age, essentially from the moment we are born, girls are less exposed to technology – while our brothers get to play in robots, we would typically get a barbie doll for the present. We are later less keen to join the “boyish” majors in schools like computers, physics, and mathematics, and the same later in university.

And so, unfortunately, by the time we get to the age where we start our career, it can be too late to divert our path to technology. I was lucky enough to be “forced” into technology as part of my military service, which made me understand that this is where I belong, but I could have easily missed this opportunity otherwise.

In other words, the burden of welcoming women into the security/technology industry actually falls on parents, as well as kindergarten and elementary school teachers, to not limit girls’ toys, hobbies, and perspectives. Still, the industry can do at least a few things to encourage women to join – while I don’t believe in affirmative action, managers should proactively seek to employ amazing women as part of their organizations, and give equal chance.

Some examples are emphasis on using gender-neutral phrasing in job descriptions, advertising in women tech forums, and even making sure the candidate is exposed to female peers/managers in the hiring process. And eventually, to avoid drop-outs of women who look around and don’t see their likes, it is also important for organizations to carry out women mentoring programs.

Continue Reading

GITEX

Video: Unifying Data Protection and Cybersecurity – Acronis @ GITEX Global 2021

Published

on

Maréva Koulamallah, the Head of Marketing and Communication for MEA at Acronis, speaks about her company’s participation at GITEX Global 2021:

If you liked the video, please like, share, and comment below.

More information: https://www.acronis.com/

For more videos, please subscribe to our channel. Also, hit the bell icon to join our Notification Squad!

Continue Reading

GITEX

Video: Nothing But Cyber Series – Attaining Unified Asset Visibility

Published

on

In the sixth episode of “Nothing But Cyber”, Paul Devies, the RVP for EMEA at Armis, speaks about how companies can attain unified asset visibility:

If you liked the video, please like, share, and comment below.

More information: https://cyberknight.tech/ | https://www.armis.com/

For more videos, please subscribe to our channel. Also, hit the bell icon to join our Notification Squad!

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.