9 minute read
Debra Baker
Debra Baker
Sr. Technical Program Manager
Advertisement
RedSeal, Inc.
A Profound Leader Ensuring the Security of Your Critical Resources
The web of cybersecurity has become widespread globally, but it still has its flaws, making it vulnerable to numerous threats. However, cybersecurity professionals are consistently upping the game and innovating new ways to eliminate these threats while also providing transparency across the services. One such professional we, at Insights Success, came across is Debra Baker, Sr. Technical Program Manager at
RedSeal.
Playing a Significant Role
In her role, Debra helps her clients use and adopt RedSeal products and services to improve their cybersecurity posture by providing cyber visibility, compliance, and risk management. In addition, she also manages product-related governance such as FIPS 140 and Common Criteria by coordinating with third-party vendors and engineering. She also is responsible for managing the SOC2 and FedRAMP certifications for RedSeal's Cloud Security Posture Management (CSPM) product Stratus. RedSeal Stratus enables organizations to understand and secure their cloud and hybrid cloud environments.
One of Debra's roles is to manage large-scale enterprisewide RedSeal deployments providing infrastructure visibility, awareness, and security of hybrid networks, including on-premises, cloud, and hybrid cloud. She is also the creator and leads a Cyber Protection Team at RedSeal that reviews the latest threats and vulnerabilities and writes threat solution briefs guiding how to use RedSeal to defend from the latest threats.
Those who run the world, Run RedSeal “
Tackling the Problems
One of the biggest challenges Debra faces is getting crossdepartment collaboration at customer sites, where she has to work with customer teams on integrating RedSeal into the customer's business processes. She states that to truly have a successful Risk Management program, the networking (on-premises and cloud), security, vulnerability management, and compliance teams must work together. One needs to have collaboration between technical teams and leadership to be cyber resilient.
Impactful Influence
Debra says, "Leaders need to be prepared to hear the good and the bad. Having a manager that says you can be yourself, with both the positive ideas you have and the complaints you have, is empowering. Giving this freedom of thought and inclusivity leads to innovation. Now you feel confident in sharing ideas that you may not have in a stifling environment." That said, she mentions that leaders named Ramesh Kaza at RedSeal, Ashit Vora at Cisco, and Kristina Rogers at Entrust have always supported, challenged, and allowed her to express her ideas.
Besides, the book series Primal Leadership by Daniel Goleman has opened Debra's eyes to the extent a manager–whether good or bad–can have on a person's career and even home life. In her opinion, this book is a handbook for what makes a manager good and bad. Primal Leadership makes it clear that "Leaders who spread bad moods are simply bad for business—and those who pass along good moods help drive a business's success.”
According to Debra, the book Find Your Why by Simon Sinek brings together work and passions relating to one's
job. Her "WHY" is that everyone deserves to have privacy while online. Knowing that she works in cybersecurity and helps companies secure their networks and data through good cyber hygiene, segmentation, and strong encryption keeps Debra passionate about her job.
Debra says, "It's great to work in a field where I am helping businesses secure their networks. Through the Crypto Done Right non-profit I founded in collaboration with Cisco and Johns Hopkins, I provide cryptographic guidance in easyto-understand language of what encryption algorithms and ciphers are recommended for non-cryptographers.”
She adds, "Never let a bad manager bring you down. Learning how not to let detractors negatively affect you is paramount as you navigate your career. There is always something better just around the corner. Take those situations and learn from them and move on."
Impact of Positive Work Culture
Debra is totally in for a positive work environment. In her opinion, everyone has to be authentic but with a positive slant. She is a glass-half-full kind of a person who tries to see the positive in every situation even when she gets bogged down. She ensures that each person has a chance to express themselves without retaliation and in a respectful way. Debra thinks that employees should be able to openly express their ideas even when they go against the status quo. There should not be a fear of retaliation. It's the "yes" culture that leads to conformity and stops innovation and new ideas. Management has to be open to hearing the good and the bad and not taking it personally, but instead taking that information and learning from it.
Offering to the Community
When Debra was asked to co-found the League of Women in Cybersecurity, she jumped at the chance to train women in Cybersecurity. It was great for her being able to give back and train other women from what she has learned in cybersecurity. One woman who was inspired by Debra, got her Master’s in Cybersecurity and got a job at AWS. It makes Debra happy when someone she helped along the way is so successful. League of Women also helped women navigate how to move into the cybersecurity field.
At RedSeal, the CEO, Bryan Barney, is all about promoting equal rights for all and respecting people of different backgrounds. One of his first initiatives was to set up a Diversity and Inclusion Council to ensure everyone at RedSeal is heard no matter what position, gender, race, or sexual orientation.
What Comes Next?
Debra's vision for RedSeal is to push forward the company to become cloud-centric. RedSeal Stratus is a Cloud Security Posture Management SaaS platform launched in August 2021. Many companies are moving their data centers to the cloud. In addition, RedSeal's advanced cybersecurity analysis capabilities and name recognition is known in the commercial space as well as it is in the Federal space. RedSeal is the best-kept secret securing well-known companies, as well as military and federal agencies.
Debra recently created a Common Criteria for Developers Learning Path for Infosec Institute. If you are responsible for an upcoming Common Criteria Evaluation, are a developer having to make software updates to ensure your product is Common Criteria compliant, or are a new employee at an evaluation lab, then this learning path is for you.
She is also writing a book titled a CISO’s Guide to Cyber Resilience. It’s a handbook for a CISO to know what steps to take to secure their company’s network and to recover from an attack.
Bequeathing Aspiring Entrepreneurs
Debra believes that every woman-owned business can apply for government contracts since women are minorities. She says, "There are great women-based networking opportunities at the Grace Hopper Conference, which is the largest women's conference in the world. Every company that you can think of is represented there.”
"For women moving into information technology, Cybersecurity, and programming, Grace Hopper is a great place to find a job. Also, the Women in Cybersecurity annual conference is not only a great place to find women to hire, but also network and advance in the cybersecurity field," concludes Debra.
A Trailblazer Focused on Securing Your Privacy and Data
Aleada's work assesses client compliance requirements, and it helps them align their compliance strategy with business goals. There's a lot of planning involved to build solid personalized privacy program and a significant amount of training that keeps it engaged with clients. Elena truly understands a client's business and can adapt company programs to meet their changing needs fast.
Influencing Expertise
Elena states that compliance is complicated. New regulations seem to pop up like mushrooms. Mismanagement could result in fines, ruined reputations, and worse. Another obstacle: Compliance requirements can get in the way of business progress. Also, what works for one client won't work for another client.
Elena adds that every client has a set of strengths and weaknesses and the only real way to create a solid data privacy program is to do a deep dive into their business. Who are their customers? What sort of systems are they using? Where are the threats coming from? Can their needs
Privacy and security at the speed of business. “
be addressed with new technology, new personnel, new procedures, or a combination of all three?
Aleada's biggest impact comes from what some might think is the smallest of things – it listens to its client's concerns. It audits their systems, processes, and teams before building a custom privacy and information security program that's perfect for their business.
Elena is convinced it is the company's personal approach and her team's experience that wins new business. Its reputation is outstanding and gets new business from client referrals. Elena says, "You cannot help a client build a strong privacy and security team without showing them you have one too, and Aleada does.”
Securing Client's Data Through Technology
Elena states that Aleada helps its clients with its core services by building privacy and information security into their products, services, overall compliance program, and company culture. It has been focusing on creating global privacy and data protection programs, including developing and implementing regulatory frameworks, risk/gap assessments, maturity models, long-term roadmaps, and data protection policies; designing and employing deidentification and Privacy by Design data handling processes. It also works with development and business teams to build cloud, web, and mobile consumer and business products across the globe.
Elena noticed that when faced with the need to set up something complex quickly or face liability risk, it is common for companies to turn to law firms to pick up the slack. A reasonable reaction often results in a patterned/checklist-driven approach in dealing with risk management instead of building and implementing its privacy and information security program; legal and compliance should come hand in hand. As a result, a growing premium is placed on privacy and information security operational and strategic expertise. This is what Aleada does.
It has become a necessary asset for any company, no matter the industry sector, its maturity, or target market, specifically for disruptive technologies in the future. Elena expresses that Aleada must focus on the intersection of technology, data stewardship, and compliance, as a privacy and information security firm to stay ahead of the industry and support business growth.
The Long Run
As long as Elena sees herself on a beach in the Maldives enjoying her waterfront home in her future, she wants to create fundamental changes by bringing more diversity to the ever-growing privacy and information security industry as a long goal.
Elena hopes to grow Aleada to help an increasing number of clients without losing the notion that listening is more important than speaking. The company's personalized approach to developing custom privacy and information security programs for its customers creates the most value for its clients and company, which gives Elena joy in everything she does.
Valuable Guidance
Elena advises budding women entrepreneurs to speak up, partner up, and know their value. She says, "Demand value be placed on the job at hand and not your gender. Be bold and ethical. Show competence and leadership. And this isn't just about the privacy and security sector; it's about life," concludes Elena.
