Cybersecurity & Networking

In this episode of Women in Cybersecurity, I was delighted to interview Helen Patton, an experienced CISO who literally wrote the book on Navigating the Cybersecurity Career Path and is currently CISO for the Cisco Security Business Group. I’m also a longtime follower of hers on twitter where she shares information and resources for security leaders. 

Like many of us, her path to cybersecurity wasn’t exactly direct or planned; she says, it was “a series of accidents and unexpected opportunities,” where she moved from IT support, to disaster recovery, to cybersecurity. As someone who is passionate about her role and helping others, she is generous in sharing information and advice for other CISOs, as well as bringing more people into our field and helping them thrive. 

Don’t miss her video below.

Helen described her background in the early ’90s with the rise of PCs, working for a consulting company installing accounting software for small businesses. She also held roles supporting infrastructure, ran a help desk and ran desktop support, network support, and basic data center support. The late ’90s came with computing worms and viruses, such as the ILOVEYOU virus, and Y2K issues. While running an infrastructure team for a software development company, she moved into creating disaster recovery (DR) and business continuity plans. Then, she moved back into consulting with JP Morgan doing DR and business continuity, and when there was an opportunity to take a job running the security team, she made the move into cybersecurity.

She said she was always a working adult, doing school part time and taking 15 years to get her undergrad degree in business administration. When she became CISO at Ohio State University (OSU), she had the opportunity to get her master’s degree in public policy, with a focus on technology policy as part of her employee benefits, and this has influenced her approach as a CISO.

As a CISO, I tend to lean more on governance risk and compliance functions more than, say, software development, although (I have a) background in tech. I geek out on security policy a lot, so I spend my hobby time keeping track of regulations, policy changes that are happening around the globe, so my education has been very influential in my career.

Helen spent 8 years at OSU, where she helped them build out their security team to support their cloud transformation. Her role included evaluating what they had and what they needed, building out the team and adding security functionality. She noted that a few years into the job, they had to get rid of some technologies she introduced years before because they had to evolve as things changed.

In higher ed, you play in many spaces, technologies, and you’re subject to regulations because we have hospitals, we’re regulated like a bank, we have PCI, so I got to play in a lot of areas.

In 2021, she joined Cisco as an advisory CISO. Moving to a security vendor gave her a new respect for how much technical expertise is needed to determine what goes into a security product. Her role at Cisco gives her the opportunity to have a global footprint, understanding industry trends across the globe and applying her experience, while helping customers.

Her advice

When you feel like you’re on top of a mountain of information, it’s easy to get overwhelmed. It’s important to
1) take time intentionally to learn something new, with self-based learning;
2) find mentors and a network as part of a security community to help you with learning or training, to have resources who can set your mind at ease that you don’t have to learn everything, or to have someone who can validate how you’re thinking; and 3) know when to say “no” to things so you can focus.

For CISOs: Be intentional about why security, why this industry, why this job, why this company, and why now, and be prepared to share it broadly—not only with your team, but with the community as a whole.

For customers: Take advantage of vendors, and partner with them to make sure you get the most out of their tools and see how you can network with their other customers.

Resources:

Helen says podcasts are a great way to learn and help you gain historical context and learn from past events. And you can listen while exercising or walking your dog—excellent for me since walking my dog is my favorite exercise! Her favorite podcasts include:

• Darknet Diaries
• Riskybiz
• Hackervalley Studios
• Cyberwire

Be sure to visit Enterprise Strategy Group’s Women in Cybersecurity page, where you can view past episodes and connect with us to hear more inspiring stories in future shows.

This episode of Women in Cybersecurity features Wendy Thomas, President and CEO of Secureworks, a leading cybersecurity company that helps its global customers build effective cybersecurity programs with innovative technology and professional services. With a mathematical background in economics and finance, she found that the field of cybersecurity provides a rewarding trifecta: the opportunity to work globally across cultures and geographies, intellectually stimulating work using innovative technology; and the ability to make a positive impact.

Her leadership includes diversity and inclusion initiatives to reflect the global markets Secureworks serves, and she is an advocate for childhood cyber literacy, starting as early as elementary schools.

Don’t miss her video below.

Wendy’s background and education was in economics and finance, with an early career in the commodities exchange business at the Chicago Board of Trade. She pointed out that she spent time in the trading pits, which are gone now thanks to disruptive technology moving into online trading. This swiftness with which technologies are replaced in the interest of speed and productivity has driven Wendy’s career to move to areas of innovation.

After she went to business school, Wendy saw a similar pattern at Bell South, where the business moved from land lines and telephone services into cellular and DSL technologies. She said the rapid pace of innovation, with the need to cannibalize and innovate, set her up well for cybersecurity.

“Cybersecurity requires the same, or even faster, pace of constant innovation to stay ahead of both the threat and the adversary,” she said.

Wendy originally joined SecureWorks to build out their finance and investor relations program to prep them for their IPO. She later became Chief Product Officer to align their product line with customer needs to invest in security to stay ahead of their adversaries.

“Cybersecurity is all about risk and return. If you think about a business trying protect assets, or individuals trying to protect their identities or their bank accounts, it’s all about how much are you willing to invest to reduce that risk and that exposure. We help customers make the right investments in security.”

Secureworks offers its Taegis XDR platform, along with managed services and vendor partnerships, to help customers build effective security strategies to keep their adversaries out.

“We take an open approach that’s vendor-inclusive. That starts with the customer…working together with existing security point products inside their infrastructure, bringing Teagis XDR to bring it all together in a world of security working together to keep customers safe and safely evolve over time,” she said.

As part of her dynamic leadership, Wendy promotes diversity and inclusivity at Secureworks with a number of initiatives and programs. In order to increase representation of women in their global workforce, she has set a goal to have women make up 50% of their global workforce and 40% of people leaders by 2030. In just the past year, they have gone from 26% to 34% women in their global workforce and have increased their amount of female people leaders from 20% to 24%. Be sure to listen to the podcast to learn about the efforts they are making to promote diversity and inclusivity among employees and suppliers, and check out their page on corporate responsibility.

Here is Wendy’s list of recommended resources:

Podcasts:

• WorkLife with Adam Grant
• MacroMusings with David Beckworth
• CIS (Center for Internet Security) Podcasts
• Smashing Security
• CyberWire Daily
• Cyber CEOs Decoded with Marc van Zadelhoff

Writers/Articles/Journals

• Tiernan Ray , The Technology Letter
• Women in Security Magazine
• James Rundle, Wall Street Journal
• Geoff White, BBC
• Jen Easterly, Director CISA

Be sure to check out Wendy’s video below.

Be sure to visit Enterprise Strategy Group’s Women in Cybersecurity page, where you can view past episodes and connect with us to hear more inspiring stories in future shows.

My colleague John Grady completed a new research report on Trends in Modern Application Protection. It covers how organizations are modernizing their application architectures and the challenges they are seeing in web application and API protection platforms. In this video, we discuss some of his findings on API security. Watch the video below to learn about:

• The growth of APIs
• Challenges and methods to secure them
• API incidents that organizations have experienced and their impacts
• Methods of remediating API coding errors and their effectiveness
• What to look for in an API protection platform

Watch the video below, and be sure to check out the new research: Trends in Modern Application Protection.