VOL 10 I ISSUE 05 I 2021
Innovativeness and Competence Strengthening the Security of Businesses
Paving the Way The Liberty in Security
Dr. Bhavani Thuraisingham The 10 Most Eminent Women Leaders in Security
Editor’s Desk I
En Route Towards a Secure Cyber Future
f you are asked, is it a fantastic time to live in? The answers and opinions may vary. Personally, it’s a yes for me. Needless to say, we are dealing with the horrors of the pandemic on a global scale; however, there is always a brighter side to look at. Humankind is at an absolute pinnacle of technological advancement in today’s world. Looking over the shoulder a few years back, the imagination and ideas that were a mere concept have now become a reality. Every unique device that had various purposes are now accessible to everyone through one smart device. Our lives have become easier with the inclusion of such smart devices, from shopping to communication, from hailing a ride to ordering food, from keeping up with the world to sharing valuable moments on social media; everything is at the palm of our hands. It is marvelous to see the transformative technological changes that have shaped human lives. However, we are always at risk of data breaches, privacy concerns, and several cyber threats on the flip side. Even though our lives have improved in technological aspects, are we secure from cyber-attacks, and how can we be sure about our data and privacy concerns moving ahead? We aren’t the only ones wondering about this issue; leaders in the digital security space understand these problems and have developed innovative solutions and strategies to prevent our data and pave a path for a secure future. Women leaders in the digital security space have worked hard to deal with this issue while dealing with the desperate lack of talent in the industry. The cybersecurity niche has talented women leaders launching various entrepreneurial ventures that offer data prevention and security from microenterprises to large organizations. Simultaneously, few of these women leaders are keen on educating the next generation of cybersecurity leaders with their profound knowledge.
Through these efforts, women leaders are changing the digital security landscape and contributing towards developing solutions to resolve the cybersecurity problems in every other industry like healthcare, automation, financial services, cybercrime, academics, and more. Thus, Insights Success commenced an expedition to seek leaders who have impacted the digital security industry with their adept understanding and expertise. In this edition of ‘The 10 Most Eminent Women Leaders in Security,’ we commemorate the women leaders who have created their successful sagas with their enthusiasm, courage, and unmatched efforts. Featured on the cover of this edition is Dr. Bhavani Thuraisingham. She serves as the Executive Director of the Cyber Security, Research and Education Institute, The University of Texas. Her work has resulted in 130+ journal articles, 300+ conference papers, 180+ keynote and featured addresses, seven US patents, fifteen books in data science and cybersecurity, and technology transfer of the research to commercial products and operational systems. Dive into more alike and inspiring stories of such inspiring leaders and spread the word about their contribution to making the world cyber secure. While flipping through the pages, make sure to scroll through the articles written by our in-house editorial team and CxO standpoints of some of the leading industry experts to have the know-how about the industry. Delve in!
Aditya Gaikar aditya.gaikar@insightssuccess.com
C O N T E N T S
COVER STORY
08
Dr. Bhavani Thuraisingham A Profound Educator and a Trailblazer in the Cyber Security Space
ARTICLES
32 40
Innovativeness and Competence Strengthening the Security of Businesses
Paving the Way The Liberty in security
22
28
44
Elena Elkina A Trailblazer Focused on Securing Your Privacy and Data
Lori Sussman A Fearless Veteran Educating Future Cybersecurity Experts
Debra Baker A Profound Leader Ensuring the Security of Your Critical Resources
36
Kavya Pearlman
48
Tanya Janca
A Cyber Guardian for Extended Reality
Helping Anyone and Everyone Create Secure Software
Editor-in-Chief Hitesh Dhamani Managing Editor Anish Miller
Executive Editor Aditya Gaikar
Assistant Editors Jenny Fernandes
Visualizer
Art & Design Director
Associate Designer
David King
Priyanka Rajage
Shubham Dali
Co-designer Kartik Balapurkar
Senior Sales Manager
Business Development Manager
Kshitij S
Peter Collins
Marketing Manager
Sales Executives
John Matthew
David, Martin, Sagar
Technical Head
Business Development Executives
Jacob Smile
Steve, Joe, Binay
Technical Specialist Aditya
Digital Marketing Manager Marry D'Souza
SME-SMO Executive Amol Wadekar
Research Analyst Frank Adams
Database Management Stella Andrew
Circulation Manager Robert Brown
Technology Consultant David Stokes
sales@insightssuccess.com October, 2021
Follow us on :
www.facebook.com/insightssuccess/
www.twitter.com/insightssuccess
We are also available on : Copyright © 2021 Insights Success, All rights reserved. The content and images used in this magazine should not be reproduced or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission from Insights Success. Reprint rights remain solely with Insights Success.
The
Most Eminent
WOMEN
Leaders in Security
Featured Person
Company Name
Brief
Aisling MacRunnels CMO
Synack synack.com
Synack, is the most trusted Crowdsourced Security Platform.
Bec Williams Cyber Security Advisor
Comunet comunet.com.au
Comunet was established in 1995 to provide professional IT consulting services and solutions to Australian businesses and organisations.
Dr. Bhavani Thuraisingham Executive Director of the Cyber Security, Research and Education Institute
The University of Texas at Dallas utdallas.edu
UT Dallas is a top public university located in one of the nation’s fastest-growing metropolitan regions.
Debra Baker Sr. Technical Program Manager
RedSeal, Inc. redseal.net
RedSeal through its cloud security solution and professional services helps government agencies and Global 2000 companies measurably reduce their cyber risk.
Elena Elkina Partner and Co-founder
Aleada Consulting aleada.co
Aleada is women and minority owned privacy and information security consulting firm in Silicon Valley.
Georgia Weidman Founder
Shevirah shevirah.com
Shevirah is a U.S. company founded in 2015 by cybersecurity expert Georgia Weidman.
Kavya Pearlman Founder and CEO
XR Safety Initiative xrsi.org
XR Safety Initiative (XRSI) is a 501(c)(3) worldwide not-forprofit charitable organization focused on promoting privacy, security, ethics in XR domain.
Laila Robak CEO
SigniFlow™ Americas signiflow.com
SigniFlow® is a digital signature workflow software.
Lori Sussman Assistant Professor
University of Southern Maine usm.maine.edu
University of Southern Maine is a public university with 8,000 undergraduate and graduate students taking courses online and at campuses in Portland.
Tanya Janca Founder and CEO
We Hack Purple wehackpurple.com
We Hack Purple is a Canadian company dedicated to helping anyone and everyone create secure software.
Cover Story
Dr. Bhavani
Thuraisingham A Profound Educator and a Trailblazer in the Cyber Security Space
“
Our rapid growth in size and stature is fueled by bright students, innovative programs, renowned faculty, dedicated staff, engaged alumni and research that matters.
“
m
Dr. Bhavani Thuraisingham
Executive Director of the Cyber Security Research and Education Institute The University of Texas at Dallas
hat makes a leader outstanding is the opportunity that they capitalize. It is the ability to take the chance while setting a foothold to face newer challenges and facing them head-on. These leaders are ever ready to make a significant shift at any given moment and prove themselves to be the best of the best. One such leader making waves in the cyber security space is Dr. Bhavani Thuraisingham, who has paved her exceptional career path by grabbing every opportunity before her.
W
Subsequently, she moved to the USA (New Mexico) during the Summer of 1980. She was offered a tenure track position at New Mexico Tech, but she chose a visiting faculty position instead because of her baby boy. During the summer of 1981, Dr. Bhavani moved to Minneapolis, and she landed a visiting faculty position at the University of Minnesota for two years. Subsequently, she joined Control Data Corporation as a senior software developer working in networks and distributed systems as an adjunct faculty at the University of Minnesota.
As the Executive Director of the Cyber Security Research and Education Institute at The University of Texas at Dallas, Dr. Bhavani’s work has resulted in 130+ journal articles, 300+ conference papers, 180+ keynote and featured addresses, seven US patents, fifteen books in data science and cybersecurity, and technology transfer of the research to commercial products and operational systems. We, at Insights Success, caught up with Dr. Bhavani to unveil her impactful journey and how she is leading by example. A Voyage to Become Proficient Leader
Dr. Bhavani enjoyed development and was an integral part of the team that developed CDCNET at Control Data, one of the early computer networks. After contributing to the first release of the product, she wanted to get into research, but it was not easy as she was limited to the Minneapolis/St. Paul area. Then, she got a lucky break. She became a US citizen in Fall 1985. Around that time, Honeywell had won a contract from the US Air Force to design and develop a highly secure database system, and Honeywell made her an offer. All three events had to occur for her to start her career in Cyber Security and Data Science. Since then, she has been very fortunate to have a very rewarding career.
Dr. Bhavani was born in Colombo, Sri Lanka, and is of Tamil origin. She completed her undergraduate degree at the University of Ceylon (now Sri Lanka) in Mathematics and Physics in 1975. She got married at the age of 20 and moved to England to start her graduate education. She received her Masters at the University of Bristol in Mathematical Logic and her PhD from the University of Wales in the UK in Theory of Computation.
After a career in the commercial industry, she moved to Boston, where she joined the MITRE Corporation, a federally funded research and development center (FFRDC). This is where she thrived with her technical work in research, development, and technology transfer in Data and Applications Security. She also led research programs for the government and was a consultant to several programs. Around this time, Washington called for her to be
“
We are ideally positioned to accomplish this goal as a global leader in innovative, high-quality science, business, and engineering education and research.
“
a program director at the National Science Foundation, which was a great experience. This was followed by a exceptional opportunity to build the Cyber Security Institute at UT Dallas from scratch as a tenured professor in October 2004. Challenges are part of life, and Dr. Bhavani has dealt with a few of them over her career. Initially, it was about excelling at work and at the same time being a good mother. She took up this challenge and tried her best by enlisting the support of close friends and colleagues who helped her. She was fortunate to have very supportive managers at Control Data, Honeywell, and MITRE with respect to professional challenges. She relied on this support from colleagues and supervisors to handle the challenges. More importantly, Dr. Bhavani persuaded every effort to get good mentorship. With the encouragement of her mentors and colleagues, she formed a strong support group of women researchers and professors, and they still help each other in their respective careers. Another challenge for Dr. Bhavani was moving from industry to academia. After a three-year stint as a program director with the government, she took the opportunity to work at UT Dallas. Her experience in the industry helped her tremendously at UT Dallas to work together as a team and build CSI. The challenges she faced over the years in her career and overcoming them by forming a strong support group have enabled her to thrive.
“
We must respond to new opportunities and challenges without limitations, explore new ways to engage our community, and further these goals, which will enrich life for us all.
“
Cover Story Ÿ
IEEE ComSoc Communications and Information Security 2019 Technical Recognition Award
Dr. Bhavani has also received the highly prestigious earned higher doctorate (only awarded in the UK and the British Commonwealth) Doctor of Engineering at the University of Bristol, UK, for her published research in Secure Data Management. Dr. Bhavani has been a strong proponent of Diversity, Equity, and Inclusion (DEI) since the late 1990s. She cochaired the Women in Cyber Security Conference (WiCyS) in 2016 and delivered the featured address at the 2018 Women in Data Science (WiDS) at Stanford University. She also delivered keynote addresses at Cyber-W 2017 and 2020 (Women in Cyber Security Research), 2019 Women in Communications Engineering (WICE), and 2018 Women in Services Computing. She serves as the Co-director of both the Women in Cyber Security and Women in Data Science Centers at UTD. She received the Career Communications Inc. 2001 Woman of Color Research Leadership Award and the 2021 IEEE Cyber Security Cloud Special Recognition Award for her work on DEI. Insights on Cyber Security and Computer Science
Awards and Accolades Over the years, Dr. Bhavani has been recognized for her contribution in various fields. She has received numerous prestigious awards and fellowships. Ÿ Fellow of the IEEE, the ACM, the AAAS, the NAI, and the British-based IMA (Institute of Mathematics and its Applications) Ÿ IEEE CS 1997 Technical Achievement Award Ÿ ACM SIGSAC 2010 Outstanding Contributions Award Ÿ IEEE ISI 2010 Research Leadership Award Ÿ 2013 IBM Faculty Award Ÿ IEEE CS Services Computing 2017 Research Innovation Award Ÿ ACM CODASPY 2017 Lasting Research Award Ÿ 2017 Dallas Business Journal Women in Technology Award Ÿ ACM SACMAT 10 Year Test of Time Awards for 2018 and 2019
Dr. Bhavani joined UT Dallas after a 24-year career in the commercial industry, federal lab, and the US government. With this vast and diverse experience, she brought a unique culture to cybersecurity at UT Dallas that took a multipronged approach: Solving customer-specific problems while also focusing on fundamental breakthrough research. Another unique skill she brought to UT Dallas was developing prototypes and demonstration systems. Dr. Bhavani started an international collaboration between the US, UK, and Italy to design and implement a cloudbased system securely sharing information. This was a significant contribution as both government organizations and commercial corporations need to share information securely. She also forged partnerships with commercial companies both in DFW and nationally to solve challenging problems together in cybersecurity. Finally, she motivated her team members to develop an entrepreneurial spirit by transferring their technologies to startups. Together as a team, they have graduated well over 100 PhD students who have gotten lucrative jobs in the industry, academia, and government. They have also graduated numerous masters and undergraduate students. The focus is not just on research and technology transfer
but also on an outstanding education program. UT Dallas became one of the early universities in Texas to receive the NSA/DHS certification in Cyber Defense Education back in 2004. It was among the first batch of universities to receive the NSA/DHS certification in Cyber Defense Research in 2008. Besides, it was the first university in Texas and the 14th in the nation to get the NSA certification in Cyber Operations in 2015. In addition, UT Dallas has also received substantial grants and contracts for its research and education efforts. It is also involved in extensive outreach in cybersecurity. It has hosted the annual TexSAW (Texas Security Awareness Week) annually since 2011 and hosts several cybersecurity workshops and competitions for students in Texas and neighboring states. As per Dr. Bhavani, one important piece of advice she offers to her team is that each person has unique strengths. It is a must to recognize this and bring out the best in each other.
Cover Story
The Swayed Circumstances
Sustaining Positive Work Culture
When asked about what influenced her, Dr. Bhavani said, "I am a voracious reader and like reading various books from literature such as Jane Austin, George Elliot, and Sir Walter Scott's novels. motivational books such as Willpower by Baumeister and Tierney as well as books about inspiring people like Nelson Mandela and Marie Curie.”
Over her 40 year career, Dr. Bhavani has held technical, management, and leadership positions and has learned a lot about developing a positive environment in the workplace. In her opinion, everyone must treat each other with respect and listen to the comments, feedback, and everybody's views in the division, department, college, company, or university.
At a very young age, Dr. Bhavani was fascinated by Marie Curie and read all about her. The person who has inspired her the most is Nelson Mandela. She was at Cape Town back in 1999 for a computer conference and visited Nelson Mandela's jail cell in Robben Island. That's when she decided to help those who are disadvantaged. Since then, she has worked tirelessly to support diverse groups of people, including women and disadvantaged minority communities, by giving motivational and technical talks.
UT Dallas has an extremely positive work environment. Its provost and multiple deans are female. Also, women are in leadership positions like department heads and institute directors. UT Dallas provides an environment where everyone can thrive. It has the results to show as it is the leading university in North Texas with respect to several programs and consistently among the top three public universities in Texas, especially in areas like Engineering, Computer Science, and Business.
UT Dallas' Cyber Security Institute also follows a similar approach. Dr. Bhavani has been one of the strongest champions for women and underrepresented minority communities. This has also contributed to the enormous success of the university.
newer technologies, but it is also important to be sensible about it.
Offering Unmatched Services Over the years, UT Dallas has developed numerous prototype implementations of key technologies that have been transferred to the US government and commercial products. For example, its work on Malware Analysis and Cloud-based Assured Information Sharing was incorporated in the STTR program called by the Department of Defense back in 2011, a huge win for UT Dallas, which meant that companies would work on commercializing its technologies. In addition, UT Dallas has also influenced programs sponsored by the US government in multiple areas, including Adversarial Machine Learning and Binary Code Analysis. Our multi-pronged approach – from concepts to research to design to implementation to technology transfer to productization - while still focusing on its strong education efforts is what separates UT Dallas from several other cybersecurity institutes. It focuses on all aspects of cybersecurity, from education to research to cyber operations, and works closely with federal labs and commercial companies. An Outlook on Technological Advancements In Dr. Bhavani's opinion, companies that do not adopt the new technologies in their products will be left behind. It is encouraging to see more and more companies adopting
She states that incorporating all the latest technologies into products and make them unusable could be disastrous. Therefore, before incorporating new technologies, companies must talk to their customers about the need. One must be wise about adopting the technologies. Another major challenge for the companies is incorporating new technologies, which means more cyber-attacks. Thus, when a company uses a particular technology, it is important to get cybersecurity specialists involved in the discussion. A company's business strategy must be closely intertwined with its cybersecurity strategy. A Productive Approach in Pandemic As the Executive Director of Cyber Security Institute, it was important for Dr. Bhavani to ensure students' safety while also getting a high-quality education. The classes have been online since March 2020, and she tries her best to communicate with the students often – much more than she did when she was teaching in-person classes. She has mentioned to the students that they could contact her anytime, followed by setting up frequent meetings on Zoom or Teams. While working from home, Dr. Bhavani has given over 20 keynote addresses on Zoom. Another opportunity she has had during the pandemic was to educate the public about cybersecurity challenges. She expresses that people rely too much on technology, yet many don't think about the vulnerabilities these technologies have. Thus, while the pandemic has been tough on everyone, it has also given some new opportunities.
“
As a dynamic, young university, our gleaming future outlined in the UTD Strategic Plan, will benet the region, state, nation and world.
“
Contribution to Community Throughout her career, public and community service have been of utmost importance for Dr. Bhavani. She served as an educator while working in the commercial industry. While working for Honeywell and starting her career in cybersecurity, she also taught at the University of Minnesota in Computer Science. She started giving motivational talks to diverse groups of people in cybersecurity and data science for the past several years, including the Society for Women Engineers, Women in Cyber Security, and Women in Data Science. She has also given talks at DFW public libraries on cyberattacks. Regarding digital innovation, the rapid growth of technology brings a new set of cybersecurity challenges. She opines that every gadget that has a microprocessor, from pacemakers to televisions, could be attacked. This gives numerous opportunities to carry out breakthrough research and develop products to detect and prevent cyberattacks. An Entrepreneurial Rundown Dr. Bhavani's vast experience also includes founding a company. She says, "The startup culture is very different and extremely challenging. To be successful, you must innovate. Without innovation, you cannot be an entrepreneur as a computer scientist.” In her advice to emerging entrepreneurs, she says that you can proceed in two directions. The first is to do excellent research, make a breakthrough and then develop a product from that research and commercialize it. This has worked for some, especially in the earlier years of computing like Google. The founders developed highly innovative search algorithms far superior to others at that time. They were also at the right place at the right time, and that is Silicon Valley in the late 1990s.
The other direction is to find a useful problem to be solved. A hypothetical example is a ransomware which is a major challenge in cybersecurity. If one can solve this almost unsolvable problem, imagine the demand. Dr. Bhavani added that she has learned from her experience, and she advises getting a very strong marketing person with much experience to talk to the VCs (Venture Capitalists). Often, she finds that technologists don't speak the same language as those excellent marketers. They get bogged down with the technical details. It is important to get them involved early on to give inputs to product development efforts and explain the work process to the VCs. A Progressive Preparation Moreover, Dr. Bhavani believes that it is important to have succession planning. She has helped hire a few assistant professors into the institute as soon as they graduate. These professors have become well known and have received many awards and accolades. Therefore, her immediate goal is to transition the institute and her leadership roles in cybersecurity and data science at UT Dallas to these highly successful professors. She would like to continue her work with diverse groups, especially women and disadvantaged minority communities, in cybersecurity and data science. Dr. Bhavani is very interested in establishing another startup together with one of her students. They are discussing applying for SBIR funds to develop further some of the breakthrough ideas this student has conceived. Another focus area for her is to be more involved with the UN initiative on AI for Good. Recently she gave a featured address on "Can AI Be Good in the Midst of Cyber Attacks and Privacy Violations" and focused on violence against children as an application area. Dr. Bhavani would like to focus on such initiatives for the public good in the upcoming future.
& & 20 The
Most
SUCCESSFUL
BUSINESSWOMEN to Watch, 2020
kimberly Khoury
Paving her Way in Sustainability Development
Debra Baker
Sr. Technical Program Manager RedSeal, Inc.
22 | October 2021
www.insightssuccess.com
The 10 Most Eminent Women Leaders in Security
Debra Baker A Profound Leader Ensuring the Security of Your Critical Resources
T
he web of cybersecurity has become widespread globally, but it still has its flaws, making it vulnerable to numerous threats. However, cybersecurity professionals are consistently upping the game and innovating new ways to eliminate these threats while also providing transparency across the services. One such professional we, at Insights Success, came across is Debra Baker, Sr. Technical Program Manager at RedSeal. Playing a Significant Role In her role, Debra helps her clients use and adopt RedSeal products and services to improve their cybersecurity posture by providing cyber visibility, compliance, and risk management. In addition, she also manages product-related governance such as FIPS 140 and Common Criteria by coordinating with third-party vendors and engineering. She also is responsible for managing the SOC2 and FedRAMP certifications for RedSeal's Cloud Security Posture Management (CSPM) product Stratus. RedSeal Stratus enables organizations to understand and secure their cloud and hybrid cloud environments. One of Debra's roles is to manage large-scale enterprisewide RedSeal deployments providing infrastructure visibility, awareness, and security of hybrid networks, including on-premises, cloud, and hybrid cloud. She is also
“
Those who run the world, Run RedSeal
“
www.insightssuccess.com
the creator and leads a Cyber Protection Team at RedSeal that reviews the latest threats and vulnerabilities and writes threat solution briefs guiding how to use RedSeal to defend from the latest threats. Tackling the Problems One of the biggest challenges Debra faces is getting crossdepartment collaboration at customer sites, where she has to work with customer teams on integrating RedSeal into the customer's business processes. She states that to truly have a successful Risk Management program, the networking (on-premises and cloud), security, vulnerability management, and compliance teams must work together. One needs to have collaboration between technical teams and leadership to be cyber resilient. Impactful Influence Debra says, "Leaders need to be prepared to hear the good and the bad. Having a manager that says you can be yourself, with both the positive ideas you have and the complaints you have, is empowering. Giving this freedom of thought and inclusivity leads to innovation. Now you feel confident in sharing ideas that you may not have in a stifling environment." That said, she mentions that leaders named Ramesh Kaza at RedSeal, Ashit Vora at Cisco, and Kristina Rogers at Entrust have always supported, challenged, and allowed her to express her ideas. Besides, the book series Primal Leadership by Daniel Goleman has opened Debra's eyes to the extent a manager–whether good or bad–can have on a person's career and even home life. In her opinion, this book is a handbook for what makes a manager good and bad. Primal Leadership makes it clear that "Leaders who spread bad moods are simply bad for business—and those who pass along good moods help drive a business's success.” According to Debra, the book Find Your Why by Simon
October 2021 | 23
Sinek brings together work and passions relating to one's job. Her "WHY" is that everyone deserves to have privacy while online. Knowing that she works in cybersecurity and helps companies secure their networks and data through good cyber hygiene, segmentation, and strong encryption keeps Debra passionate about her job. Debra says, "It's great to work in a field where I am helping businesses secure their networks. Through the Crypto Done Right non-profit I founded in collaboration with Cisco and Johns Hopkins, I provide cryptographic guidance in easyto-understand language of what encryption algorithms and ciphers are recommended for non-cryptographers.” She adds, "Never let a bad manager bring you down. Learning how not to let detractors negatively affect you is paramount as you navigate your career. There is always something better just around the corner. Take those situations and learn from them and move on." Impact of Positive Work Culture Debra is totally in for a positive work environment. In her opinion, everyone has to be authentic but with a positive slant. She is a glass-half-full kind of a person who tries to see the positive in every situation even when she gets bogged down. She ensures that each person has a chance to express themselves without retaliation and in a respectful way.
24 | October 2021
Debra thinks that employees should be able to openly express their ideas even when they go against the status quo. There should not be a fear of retaliation. It's the "yes" culture that leads to conformity and stops innovation and new ideas. Management has to be open to hearing the good and the bad and not taking it personally, but instead taking that information and learning from it. Offering to the Community When Debra was asked to co-found the League of Women in Cybersecurity, she jumped at the chance to train women in Cybersecurity. It was great for her being able to give back and train other women from what she has learned in cybersecurity. One woman who was inspired by Debra, got her Master’s in Cybersecurity and got a job at AWS. It makes Debra happy when someone she helped along the way is so successful. League of Women also helped women navigate how to move into the cybersecurity field. At RedSeal, the CEO, Bryan Barney, is all about promoting equal rights for all and respecting people of different backgrounds. One of his first initiatives was to set up a Diversity and Inclusion Council to ensure everyone at RedSeal is heard no matter what position, gender, race, or sexual orientation.
www.insightssuccess.com
What Comes Next?
Bequeathing Aspiring Entrepreneurs
Debra's vision for RedSeal is to push forward the company to become cloud-centric. RedSeal Stratus is a Cloud Security Posture Management SaaS platform launched in August 2021. Many companies are moving their data centers to the cloud. In addition, RedSeal's advanced cybersecurity analysis capabilities and name recognition is known in the commercial space as well as it is in the Federal space. RedSeal is the best-kept secret securing well-known companies, as well as military and federal agencies.
Debra believes that every woman-owned business can apply for government contracts since women are minorities. She says, "There are great women-based networking opportunities at the Grace Hopper Conference, which is the largest women's conference in the world. Every company that you can think of is represented there.”
Debra recently created a Common Criteria for Developers Learning Path for Infosec Institute. If you are responsible for an upcoming Common Criteria Evaluation, are a developer having to make software updates to ensure your product is Common Criteria compliant, or are a new employee at an evaluation lab, then this learning path is for you.
"For women moving into information technology, Cybersecurity, and programming, Grace Hopper is a great place to find a job. Also, the Women in Cybersecurity annual conference is not only a great place to find women to hire, but also network and advance in the cybersecurity field," concludes Debra.
She is also writing a book titled a CISO’s Guide to Cyber Resilience. It’s a handbook for a CISO to know what steps to take to secure their company’s network and to recover from an attack.
www.insightssuccess.com
October 2021 | 25
28 October 2021
A Trailblazer Focused on Securing Your Privacy and Data
www.insightssuccess.com
October 2021 | 29
Influencing Expertise Elena states that compliance is complicated. New regulations seem to pop up like mushrooms. Mismanagement could result in fines, ruined reputations, and worse. Another obstacle: Compliance requirements can get in the way of business progress. Also, what works for one client won't work for another client. Elena adds that every client has a set of strengths and weaknesses and the only real way to create a solid data privacy program is to do a deep dive into their business. Who are their customers? What sort of systems are they using? Where are the threats coming from? Can their needs
30 | October 2021
“
Privacy and security at the speed of business.
“
Aleada's work assesses client compliance requirements, and it helps them align their compliance strategy with business goals. There's a lot of planning involved to build solid personalized privacy program and a significant amount of training that keeps it engaged with clients. Elena truly understands a client's business and can adapt company programs to meet their changing needs fast.
www.insightssuccess.com
be addressed with new technology, new personnel, new procedures, or a combination of all three? Aleada's biggest impact comes from what some might think is the smallest of things – it listens to its client's concerns. It audits their systems, processes, and teams before building a custom privacy and information security program that's perfect for their business. Elena is convinced it is the company's personal approach and her team's experience that wins new business. Its reputation is outstanding and gets new business from client referrals. Elena says, "You cannot help a client build a strong privacy and security team without showing them you have one too, and Aleada does.” Securing Client's Data Through Technology Elena states that Aleada helps its clients with its core services by building privacy and information security into their products, services, overall compliance program, and company culture. It has been focusing on creating global privacy and data protection programs, including developing and implementing regulatory frameworks, risk/gap assessments, maturity models, long-term roadmaps, and data protection policies; designing and employing deidentification and Privacy by Design data handling processes. It also works with development and business teams to build cloud, web, and mobile consumer and business products across the globe. Elena noticed that when faced with the need to set up something complex quickly or face liability risk, it is common for companies to turn to law firms to pick up the slack. A reasonable reaction often results in a patterned/checklist-driven approach in dealing with risk management instead of building and implementing its privacy and information security program; legal and compliance should come hand in hand. As a result, a growing premium is placed on privacy and information security operational and strategic expertise. This is what Aleada does. It has become a necessary asset for any company, no matter the industry sector, its maturity, or target market, specifically for disruptive technologies in the future. Elena expresses that Aleada must focus on the intersection of technology, data stewardship, and compliance, as a privacy and information security firm to stay ahead of the industry and support business growth.
www.insightssuccess.com
The Long Run As long as Elena sees herself on a beach in the Maldives enjoying her waterfront home in her future, she wants to create fundamental changes by bringing more diversity to the ever-growing privacy and information security industry as a long goal. Elena hopes to grow Aleada to help an increasing number of clients without losing the notion that listening is more important than speaking. The company's personalized approach to developing custom privacy and information security programs for its customers creates the most value for its clients and company, which gives Elena joy in everything she does. Valuable Guidance Elena advises budding women entrepreneurs to speak up, partner up, and know their value. She says, "Demand value be placed on the job at hand and not your gender. Be bold and ethical. Show competence and leadership. And this isn't just about the privacy and security sector; it's about life," concludes Elena. October 2021 | 31
Innovativeness and Competence
Strengthening the
Security of Businesses W
hat sets great leaders different from the rest is their sheer ability to thrive even amidst great challenges. They are not afraid of challenges. In fact, they like to be part of solutions to the challenges. Great leaders are different from ordinary people. They don’t think like ordinary people. They have out-of-the-box thinking. They think innovatively and plan strategically to execute their ideas and work passionately to deliver glorious business results. They figure out the problems, and their aim is to deliver the best solutions and ensure their clients' problems are resolved. Great leaders become great because of their great attitude. Their exceptional attitude helps them be as clever as they can for delivering solutions that are of high quality and are more appreciated by the clients. That makes them the most eminent leaders in the industry. They earn credibility in the industry by their exceptional ability to deliver solutions to the challenges in a more profound way that meets the expectations of their clients in the industry. They lead with the glorious reputation they have earned, and they try their level best or beyond that to sustain their reputation. The cybersecurity industry has witnessed such contributions from various ingenious minds. And among those leaders, women leaders are playing the most profound role by delivering the best solutions to the businesses and the clients for ensuring the safety and utmost protection of their data. They strengthen the privacy and security of the most valuable data of their businesses and clients. They make sure that their solutions play an important role in preserving the safety of data. Data is the new buzzword today. The data used appropriately for delivering streamlined and organized solutions is beneficial to the clients and businesses. But ensuring the protection of this valuable asset called data is challenging for many businesses. The eminent women leaders in security make a point to deliver the
32 October 2021
technologically advanced solutions that play an essential role in ensuring the businesses' cyber security. They don’t make any excuses in leaving any room for the theft or exploitation of the valuable data of the businesses. They don’t leave any chance for hackers, stealers, and cybercriminals to access the data by delivering highly evolved security solutions to the important information of the organizations. Innovativeness is the most intrinsic quality of eminent women leaders in security. Innovativeness is literally in their genes, and they nurture that innovativeness much by constantly being creative and thinking beyond normal thinking. They know that to sustain their competency in the market, there is no other option for them other than being innovative and delivering something of value and credibility to the industry. Their approach is clear, and they come up with innovative ideas and implement them to improve the quality of the solutions to the ever increasing challenges in the security industry. Competence and presence of mind are the hallmarks of eminent women leaders in security. They are competent to deliver innovative solutions to address security challenges in the industry. Eminent leaders' competitive approach helps them avail edge over others in delivering the most accurate and timely solutions to the existing problems. Moreover, the presence of mind is essential to be successful in any field or any industry. The eminent leaders possess this quality of presence of mind in abundance, and this quality helps them come up with the most pragmatic solutions to the unforeseen challenges even at the spur of the moment. This is one of the best qualities of eminent leaders in the security industry. They adopt best practices to strengthen the security of the businesses. Innovativeness, Competence, and Presence of mind are vital attributes that help women leaders in security to be more eminent in the industry.
www.insightssuccess.com
October 2021 | 33
36 October 2021
www.insightssuccess.com
October 2021 | 37
.
38 October 2021
www.insightssuccess.com
October 2021 | 39
Paving the Way
40 October 2021
The Liberty in
Security oday, there are huge opportunities in the cybersecurity industry but a massive shortage of cybersecurity professionals. And diversity in the workforce can fill this space.
T
and of course to keep the clients and the company away from any compliance. They understand that it is not an easy task, as they have to be ready with the options for any such challenges.
The problem really is not the industry being occupied by more number of men; not having enough women is the real problem.
You cannot just raise your voice when things go wild; only better communication and understanding of the situation will get the job done. This is what women leaders exemplify. Sharing knowledge, attending seminars, interacting with industry experts clears their understanding of the complex and challenging fields like cybersecurity.
If we look at the figures, indeed, the number of women has grown from the past years, but there are still many opportunities to be seized in cybersecurity careers. Women have always proved their mettle in almost every industry. They have displayed what they can bring to the table. Be it building ground-breaking solutions or guiding budding women to make a career in the industry, women have contributed in every possible way to the development of the industry. The Real Deal Building a career in a field like cybersecurity needs not just knowledge but experience, and the constant focus to improve helps businesswomen go the distance. Adapting to new technologies is good, but it also means you are more prone to cyber-attacks. Today’s businesswomen realize the impact of technology and understand the extent of risks that technology brings along. They evaluate risks and provide solutions accordingly in a timely and cost-effective manner. Beyond that, the journey is full of challenges, like – promoting ethics, diversity, and integrity in the organization
www.insightssuccess.com
The Perfect Fit Women in cybersecurity have changed the dogma of the industry, be it cybersecurity, IT, healthcare, or any other field for that matter. Their proactive leadership and building secure applications keep them stay ahead of the emerging competitive market. The key to their success is the promotion of inclusivity and diversity in their team, making the cybersecurity field maledominated-free. Yes, it will be a reality soon; there will be no longer a need for the term ‘male-dominated’ if only everyone is given equal opportunity to lead, of course. The End Thought Businesswomen have remained true in their mission, helped other women entrepreneurs, gathered and shared everything they have. Ultimately, the quality which stands out in them is never giving up; they always think of alternatives for every problem. Building a global workforce of women not just in cybersecurity but in every industry should be our goal as a society. That is the only way we can shape the future of women in the industries, including cybersecurity.
October 2021 | 41
Lori Sussman
Assistant Professor University of Southern Maine
44 | October 2021
www.insightssuccess.com
The 10 Most Eminent Women Leaders in Security
Lori Sussman
A Fearless Veteran Educating Future Cybersecurity Experts
C
ybersecurity is one of the most critical issues that several organizations deal with today on a global scale. With the ever-growing expansion of digitalization of data, it becomes challenging to protect essential information. Numerous instances of data breaches, ransomware attacks are becoming dangerous threats and heading further into the future, and it will become more critical to build secure cyberspace. However, leaders in Cybersecurity are consistently improving existing technologies, and it is necessary to educate the upcoming generation to utilize their unique take on Cybersecurity. Lori Sussman, Assistant Professor in the Department of Technology at Cybersecurity at the University of Southern Maine, is one such leader who uses her years of expertise to educate and train future cybersecurity experts. Lori is a veteran who dedicated over two decades of life to the US Army. She now helps organizations build the leadership, technology, and security capability needed for this increasingly global and connected future. In 2015, Lori was named one of the CRN 2015 Women of the Channel Power 50 Solution Provider by The Channel Company's CRN Magazine for her exemplary record of success accelerating her clients' needs through technology solutions. A Unique Journey In a non-traditional path to academia, Lori's career started at West Point as part of the fourth class to allow women into its ranks. Even when dealing with some animosity about
www.insightssuccess.com
women being part of the Corps of Cadets, she learned to "cooperate and graduate." She proudly graduated as a second lieutenant in the Signal Corps, the Information Technology branch within the US Army. Lori served over 24 years of US Army service with distinction and retired at the rank of Colonel. It was her honor and good fortune to assume various leadership positions culminating in brigade command. She benefitted greatly from the mentorship and the sponsorship of enlightened senior officers and officials. During her service, Lori pursued and completed four master's degrees, which proved to be an essential factor as she moved from the public to the private sector after her retirement. She explored large corporations, small businesses and also ventured into entrepreneurship. As a result, she got to work for elite high technology companies such as Cisco, Hewlett Packard, and a local South Carolina Fortune 5000 company. Lori managed highly complex, diverse, and active organizations engaged in developing, acquiring, integrating, deploying, and sustaining state-ofthe-art business, technology, and security systems for clients in these roles. Lori felt her calling when she read about the need to move from success to significance in the book "Half Time." So she enrolled in the University of New England (UNE) doctoral program in transformative educational leadership. In 2018, the University of Southern Maine hired Lori as part-time faculty, and she became full-time faculty in 2019.
October 2021 | 45
“
Preparing students today for the world of tomorrow.
“
In three short years, she helped create a new program for a Master's in Cybersecurity, started a community service Cybersecurity Ambassador program, and started USM's Cyber Defense team called the Husky Hackers. Lori states that it has been an exceptional experience watching students thrive and grow. The Mission and Vision of USM The University of Southern Maine (USM) is a unique institution with a mission to provide students with a highquality, accessible, affordable education. It has comprehensive undergraduate, graduate, and professional programs designed to educate future leaders in the liberal arts and sciences, engineering and technology, health and social services, education, business, law, and public service. The faculty is committed to fostering a spirit of critical inquiry and civic participation. Both students and faculty enjoy a culture of academic freedom in an environment that advocates diversity in all aspects of campus life and academic work. USM supports sustainable development,
46 | October 2021
environmental stewardship, and community involvement, thus providing resources for the state, the nation, and the world. Leveraging Technology to Teach Consistent with the USM mission to be a center for discovery, scholarship, and creativity, Lori emphasizes projects, writing, problem-solving, active student learning, application of theory to practice, and measurable outcomebased learning when teaching technology or cybersecurity courses. She evaluates students using critical thinking papers, written case studies, class presentations, small group work, and applied projects in the university and community. Lori utilizes engaged learning techniques to ensure that all of her students can bring theory to practice by applying their knowledge, skills, and abilities in contexts beyond the traditional classroom and providing application opportunities in the community, the laboratory, and other venues. This engaged learning challenges students because
www.insightssuccess.com
it requires sustained and focused application, reflection, and collaboration. In addition, she uses real-world examples to focus on technology and cybersecurity activities to understand the issues better. Putting her students first, Lori creates programs that graduate students with skills, knowledge, and capabilities for the workforce. She strives to immerse students in the technology but with enough creative space to evolve, learn, and grow. When meeting with a student, Lori examines their values, personality, culture, likes/dislikes, strengths/challenges, skills, attitudes, and beliefs. These attributes inform how one can collaboratively navigate their academic career to land that technology job for which they aspire. She spends a great deal of time making sure that her students achieve the objectives of their college experience. They should have a purpose for their present and lifelong learning. Finally, Lori wants to help her students to appreciate the larger view of themselves, their university, and their community. Students must see a connection between their experiences at USM and the real world. Heading Into the Future Lori focuses on creating programs that increase diversity in the technology and cybersecurity workforce. She recently founded the USM Cybersecurity Awareness, Research, and Education Support (CARES) Center, intending to take advantage of being in the state's fastest-growing region. USM is a multi-campus university with nearly 20,000 students, making it one of the largest institutions in the University System of Maine. The CARES Center's goals are to create various educational pathways that provide access to underrepresented populations.
www.insightssuccess.com
The university is starting to shape programs that include opportunities related to experiential learning, internships, scholarships, curriculum and workshop development, outreach programs, and applied research. It has a collective goal of increasing the cyber talent and workforce capacity to meet Maine's and private industry cyber needs. A Note to Younger Ones In her advice to emerging women leaders in the security space, Lori says, "Be fearless. Believe in your intuition, and don't take no for an answer."
October 2021 | 47
Tanya Janca Founder and CEO
We Hack Purple 48 | October 2021
www.insightssuccess.com
The 10 Most Eminent Women Leaders in Security
Tanya Janca Helping Anyone and Everyone Create Secure Software
T
he cyber security industry has made progress with gender diversity in the past few years, but there is still a long way to go. But there have been few women leaders who are leading by example and encouraging other women to be a part of this fascinating industry.
Keeping the spotlight intact on such inspiring leaders from the cyber security industry, we at Insights Success set out on an endeavor to find the Most Eminent Women Leaders in Security. On that journey, we crossed paths with Tanya Janca, the author of ‘Alice and Bob Learn Application Security’ and the Founder and CEO of We Hack Purple. Tanya brings her 20 years of experience of coding and IT to the table. She has won countless awards and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). Alongside, she is an awardwinning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. With leaders like Tanya, the future of cyber security for women looks promising. Let’s find out more about Tanya and how she is contributing to the cyber security industry through We Hack Purple. Below are the highlights of the interview: Give us a brief overview of your position at We Hack Purple Academy, and your journey since inception.
www.insightssuccess.com
I am the founder of We Hack Purple. When I started this organization, I knew that I wanted to share knowledge with as many people as possible to move our industry towards a more secure future. We started as a subscription model, where I would produce regular amounts of content for our subscribers. Eventually, we realized that if I spent more time creating in-depth courses, rather than creating small amounts of content on a more regular basis, it would create more value for our customers and industry, so we stopped the subscription model. Throughout this time, I moved from being only a content creator to performing sales, learning about marketing, and especially about leadership, blossoming into the CEO I am today. As a business leader, what is your thought on the changes in the Information Technology & Services and Coaching industry after the pandemic? Information technology services and their uses have changed drastically during the pandemic. I believe that more people, than ever before, are now online and expecting the services they depend on to follow them there. Unfortunately, cybercriminals have also followed this trend, stepping up their game and taking advantage of people who are scared about the pandemic and playing on their emotions to make phishing attacks even more devastating. I feel that companies are taking security more seriously than before, but not seriously enough for me! We need to make products that are safe and secure for our users, and I believe it is our duty to protect our customers and their data.
October 2021 | 49
What is your thought on the necessity of a positive work culture? In what ways do you implement it at your organization? I believe that people work for money, but they excel for their boss and/or leadership team. I have had amazing managers, mediocre ones, and awful bosses whom I wish that I had never met. At We Hack Purple, we have a list of values that we always follow, and this has really helped all of us create a more positive work culture. We also have 360 reviews with all managers and employees, to ensure we hear everyone’s side of things. I try to ensure that everyone has their needs heard, and if possible, met. I also ask employees to tell me when there are problems because sometimes it just doesn't come up in any of these other situations, and I believe that my team is my most important resource. At WHP, our people are more valuable than any physical or digital asset, so we treat them that way. What is your opinion on the advancements of Higher Education to improve the offerings with newer technological developments, especially when it comes to building secured companies? I have a lot of negative feelings about universities and colleges and their slow change in regard to technology, especially cyber security. I have had many of them reach out and ask me to work for (approximately) minimum wage in order to make them thousands and thousands of dollars. They want cyber security professionals to create curriculum and teach it, for ‘adjunct professor’ rates, which is very, very low pay. Think “Walmart greeter” pay. Because I'm not a PhD, and I'm not part of their academic pyramid scheme, I'm not considered a ‘real’ professor (despite the fact that I have extensive industry experience, have written a book, and have founded my own Academy). The result of this academic system is that all of us with relevant and up-todate skills can make significantly more (exponentially more) by working within our field, rather than academia. I believe that current academic systems that I have seen within North America are currently failing their students. If a trades college were graduating students that did not know how to do their jobs safely and securely, and buildings were burning down, or bridges were falling down around the world, that would not be acceptable. But right now, universities and colleges worldwide are releasing
50 | October 2021
We are a safe and professional space for information security professionals to meet, network, discuss, and learn!
www.insightssuccess.com
software developers that are creating incredibly insecure applications, because they don't want to pay people to teach their courses unless they are part of their academic system. I believe the system is completely broken. Which is the best way to meet today’s and tomorrow's challenges with your company’s exceptional application and services for urgent needs coming our way? Investing in your staff, and upgrading your technologist skills, is an excellent investment for today and tomorrow. If you have a team of software developers that you are not keeping up-to-date on security trends and teaching them how to ensure the software they are creating is secure, you will be behind your competition. In what ways do you or your company contributed to the community? If given a chance, what change would you bring in creating a Community of Secured online learning? We Hack Purple contributes to the community in many ways. Not only have we created a free online community (community.wehackpurple.com), we also provide free content to the public, a diversity scholarship, and I am the founder of #cyberMentoringMonday (an informal mentor/mentee matching community effort that runs every Monday). How do you envision sustaining your company’s competency in a cutthroat and volatile world of Security? Where do you see yourself and the company in the next five years? We Hack Purple is planning to ensure we concentrate on teaching skills that are practical. Many security training companies focus on the glamorous, or obscure, or more “interesting”. We focus on making you completely awesome at your job, or the job you hope to have someday. We want to focus on real life examples, how to set direction, how to solve problems. We want to create students who you can hire directly into a job and know they will excel. Job-ready grads is not something that we believe will ever go out of style.
www.insightssuccess.com
October 2021 | 51