Dawn Beyer senior fellow, Lockheed MartinDawn Beyer didn’t know it when she left her Florida home at age 17 some 30 years ago to go into the Air Force, but she was about to embark on a long career in the military, intelligence and cyber.
Over a 24-year career in the Air Force, Beyer says the
military helped pay for four degrees, culminating with a doctorate in
information systems from Nova Southeastern University.Beyer says her first job in security was as a terminal area
security officer where there might be an office of 10 people and only one or
two desktop computers available to the staff. She says the job mostly entailed
running checklist items, but gave her a background in IT security that the
military put to work for more than two decades.“I had experience in IT security, and was also trained to
handle sensitive information, which fit in well with my work in IT,” Beyer
says.Then in 1998 there was a security event with an advanced
persistent threat (APT) involving a nation-state that heightened Beyer’s
interest and awareness in security. From that point, Beyer recognized how
important the field was becoming and how important it was to national defense.When asked about being a woman in a male-dominated field, she says for most of her career, she would go into a meeting thinking about the points she wanted to make in a meeting – and never noticed that the room was all men.“Some of my best supervisors were men. They would always
support my goals and would let me work on the type of projects I was interested
in,” she says.Then in the past year Beyer was in a meeting with one of her
leaders and was asked how many women participated in a recent cyber event. She
said that there was only one.“From that point on I made it more of a goal to help women
work through the challenges of working in a male-dominated field,” Beyer says.
“In many ways it’s not about a women’s technical capabilities, they are often
brilliant. The best thing we can do is encourage women to take risks in their
careers and build up their confidence.”Beyer says Lockheed Martin works closely with local high
schools, community colleges and universities to attract women into the IT and
cybersecurity fields. She tries to expose interested candidates to the broad
number of opportunities in cybersecurity. Beyer says many people assume
cybersecurity personnel work mainly on incident response, but there are many
jobs in the field, including analysts in a security intelligence center, threat
research, forensics, embedded security, privacy and risk analysis and
management.“People are often limited about what they know about the field,” Beyer says. “But once I point out all the possibilities, they often say they didn’t realize cybersecurity was so broad.” – Steve ZurierJadee Hanson CISO, vice president of information systems, Code42Jadee Hanson’s cybersecurity bonafides are clearly
recognizable – CISO at Code42, Target’s senior director of information security
– but it’s the numerous activities in which Hanson is involved that push her to
Power Player status.In her role at Code42, Hanson serves as a mentor and
advocate for women, but that is only the tip of the iceberg. She often
participates in speaking with local security groups on the issue of boosting
the role of women in security and discusses the issue in outlets like
WeAreTheCity. This organization was started in 2008 as a centralized site that
houses a multitude of career development resources helping women gain new
skills, grow their networks and ultimately progress in their careers, including
cybersecurity.“Jadee is not only committed to putting the protection of
our customers’ data first, but is also an advocate for women in technology and
drawing on diverse viewpoints to solve business challenges,” says Joe Payne,
Code42’s president and CEO.Hanson was behind having Code42 work with the Girl Scouts.
In the past year Code42 has hosted two events with the Girl Scouts at which
more than 150 girls earned STEM and Cybersecurity badges.“We have to start encouraging participation at the next
generation of workers. One of the ways we do this at Code42 is through a partnership
with Girl Scouts. We house Girl Scouts
here to get their STEM Badge or Cybersecurity Badge. In fact, we’re the first
company within the River Valley region of Girl Scouts to host the Cybersecurity
Badge. They’re not all going to choose a career in cybersecurity, but the thing
that we’re trying to do is make sure that the younger generation knows and
believes that if they do want to choose this career path, there’s a place for
them,” Hanson said in a GRA Quantum article.“The active role Jadee takes in developing her team,
supporting professional networks and championing educational events with
children is paving the way for women to make a bigger impact on the security
industry in the future,” Code42 said about her actions.In addition to numerous extracurricular efforts to boost the
number of women in security, Hanson has also worked tirelessly internally to
improve her Code42 team. This includes crafting a vision statement for the
security department with a philosophy that the team should be a collaborative
service organization that enables innovation rather than a mysterious, feared
entity – one that says yes instead of no.Hanson’s efforts to help others also extends outside the tech field. She is the founder of Building Without Borders, a non-profit started in 2015 with the mission to serve those in poverty-stricken locations around the world through housing services. Since April 2015 it has built 42 homes in the poorest areas of the Dominican Republic. – Doug OlenickPriscilla Moriuchi director of strategic threat development, Recorded FutureAsia is home to some of the world’s most sophisticated
state-sponsored hacking groups, but just because they share a continent doesn’t
mean they operate by the same playbook.That’s what makes Priscilla Moriuchi’s expertise so
valuable: she has that unique combination of government background,
cybersecurity knowledge, and geo-political experience that allows her to
develop a keen understanding of foreign cyber operations.As director of strategic threat development at cybersecurity
company Recorded Future, Moriuchi serves as a preeminent expert on Asian cyber
activity, with in-depth knowledge of China and North Korea. Moriuchi joined
Recorded Future in April 2017 after spending 12 years at the U.S. National
Security Agency (NSA), most recently as its enduring threat manager, leading
the agency’s East Asia cyber threats office. Among her responsibilities at the
time was assessing whether China was adhering to its 2015 agreement to refrain
from stealing intellectual property and trade secrets from U.S. corporate
firms.Earlier this year, Moriuchi authored a paper released during
the annual RSA show revealing how China exploits social media platforms to sway
the opinions of Westerners and portray China in a more sympathetic light.
According to the report, Chinese state-run news agencies use social media to
spread biased, English-language content that favors China’s stance on global
issues such as the ongoing trade war with America.As part of Recorded Future’s Insikt Group research team,
Moriuchi has also recently investigated how China and Russia manage their
respective national vulnerability databases. The team found that China is on
average much faster than the U.S. at reporting the latest confirmed product
vulnerabilities in its National Vulnerability Database (CCNVD). However,
Recorded Future also accused China of manipulating CCNVD records to cover up
evidence that the Ministry of State Security withheld public disclosure of
certain vulnerabilities while it evaluated the viability of exploiting them in
offensive cyber operations.Meanwhile, research into Russia’s vulnerability database,
the BDU, found it to be far less comprehensive than its American counterpart,
omitting many critical bugs while focusing heavily on flaws that appear to be
specifically relevant to Russian state information systems.Moriuchi also collaborated on research into the digital
behavior of North Korea’s most senior leadership. The investigation revealed
that the country’s ruling elite are technologically savvy and use the internet
to circumvent international sanctions, as well as generate revenue through
means such as cryptocurrency theft.Moriuchi has become a prominent voice in the cyber industry, speaking out on the need to recruit more women as skilled talent, while openly acknowledging the challenges these women can face when entering the field. – Bradley BarthEve Maler vice president of innovation and emerging technology, ForgeRock A strategist and innovator in the digital identity, security
and privacy space, Eve Maler has been assigned quite a few of her own “digital
identities” over an accomplished 34-year career.For starters, she earned the nickname “XMLgrrl” for her work
as a co-creator of Extensible Markup Language (XML), which debuted in the late
1990s. She was later called “SAML Lady” for her role in the invention of the
Security Assertion Markup Language standard for exchanging authentication and
authorization data between parties.And she has referred to herself as “chief UMAnitarian” for
founding and leading the User Managed Access Work Group that’s been developing
UMA, an OAuth-based access management protocol standard. The group operates
under the auspices of the non-profit Kantara Initiative, whose website
describes the group’s mission as developing “specs that let an individual
control the authorization of data sharing and service access made between
online services on the individual’s behalf, and to facilitate interoperable
implementations of the specs.”Currently vice president of innovation and emerging
technology at identity and access management provider ForgeRock, Maler drives
advances in privacy and consent that enable user-controlled and compliant data
sharing across web, mobile, and Internet of Things contexts.She also directs the company’s engagement in
interoperability standards such as Health Relationship Trust (HEART), which is
a set of profiles that gives health care patients the power to specify how,
when, and with whom their clinical data is shared. In fact, Maler co-founded
and co-chairs the OpenID Foundation’s Health Relationship Trust Work Group.Additionally, she serves as a trusted advisor to public and
private forums specializing in key initiatives such as open banking, which
requires strong authentication protocols.Prior to ForgeRock, Maler was a principal analyst at
Forrester Research, where she consulted with clients on such topics as emerging
identity and security solutions, consumer-facing identity, distributed
authorization, privacy enhancement and API security. Before that, she was named
distinguished engineer of identity services at PayPal, which followed a long
stint with Sun Microsystems, where she served as technology director and XML
standards architect. Other key stops along her journey included Arbortext and
Digital Equipment Corporation.“Even is an extremely bright and quick technologist with
deep insight into standards and politics surrounding them,” said Gerald
Beuchelt, CISO at LogMein, in a recommendation posted on Maler’s LinkedIn page.“I consider her to be one of the leading figures in user-centric identity, having contributed to many internet standards, adds John Bradley, senior architect at Yubico, in another recommendation. – Bradley BarthLisa Monaco partner, O’MelvenyTwo years ago at the Council on Foreign Relations, Lisa
Monaco, then counterterrorism advisor to President Obama, called out
compromised data integrity as a serious threat going forward and stressed that
the U.S. was open to using every tool in its arsenal to battle nation-state
cyberinterference, noting the country just need to be nimbler and quicker on
the draw.Well-known for her work with the White House and as the
assistant attorney general for mational security in the Justice Department,
Monaco regularly drew praise for making cybersecurity a priority, including her
leadership in the U.S.’s response to a number of security risks, cyber and
otherwise, both domestically and internationally.As the chair for the Homeland Security Principals Committee,
she helped develop and coordinate policy and response to cyber threats, terror
attacks and other crises. Her latest gig as a partner with O’Melveny, heading
the Data Security and Privacy group with partner Steve Bunnell, leverages her
15 years of experience at Justice and stint in the Obama administration to
guide clients through security-related sensitive governance, legal, regulatory
and policy concerns.A Distinguished Senior Fellow at the Reiss Center on Law and
Security at New York University Law School and at NYU’s Center on
Cybersecurity, Monaco also serves as co-chair for the Aspen Institute’s
Cybersecurity Group, a public-private forum that includes industry leaders,
former government officials, Capitol Hill leaders, and members of academia and
journalism aimed at bringing cybersecurity to the forefront and putting action
to words.She is a member of the Council on Foreign Relations, a
senior fellow at Harvard’s Belfer Center on Science and International Affairs
and a senior national security analyst at CNN.After graduating Harvard and the University of Chicago Law
School, Monaco clerked for Judge Jane R. Roth on the United States Court of
Appeals for the Third Circuit.Her dedication to public service has garnered her a number of awards, including the Justice Department’s highest hone – the Attorney General’s Award for Exceptional Service – as well as the Edmund J. Randolph Award, which recognizes outstanding contributions to the department. – Teri RobinsonMalini Rao vice president, information security, Deutsche BankWith more than 18 years in cybersecurity, Malini Rao has extensive experience and expertise working globally for Fortune 500 clients in various areas of cybersecurity such as application security, cloud security, DevSecOps, security operations, governance, risk and compliance management, cyber risk management, IOT security and identity and access management.Malini has managed large multimillion dollar projects and large teams globally. She has rich experience working in various industry verticals like financial services, retail, consumer goods, energy as well as for oil and gas industry clients globally. She has worked as a program manager, CISO and a global practice head in the various roles she has taken on over the years. – Teri Robinson Lisa J. Sotto managing partner, New York office, Hunton Andrews Kurth LLPIn the 20 years since Lisa Sotto started building what
eventually became the storied privacy and cybersecurity practice at Hunton
Andrews Kurth, she’s helped prominent clients like Hudson’s Bay Company and
Yahoo! navigate thorny privacy issues as they try to recover from massive
breaches.Sotto’s influence has been felt on boards around the country
and across industry sectors that she advised on information governance issues
surrounding privacy and safeguarding data. She’s worked side by side with
organizations to develop and enhance formal privacy programs compliant with an
array of legal and regulatory requirements worldwide, encompassing technologies
such as facial recognition, wearables, retail tracking and geolocation as they
emerge.Sotto spent the better part of 2018 preparing more than 50
U.S.-based multinational clients like PepsiCo, Tiffany & Co., The Western
Union Company and Proctor & Gamble to meet GDPR requirements, which took
effect in May 2018. Her more recent work included helping organizations like
Verisk and Rite Aid comply with the California Consumer Privacy Act of 2018 by
its January 1, 2020 deadline. In 2017, she was tapped by the U.S. Department of Commerce
to aid in its first joint review with the European Commission (EC) of the
EU-U.S. Privacy Shield framework for data protection compliance. Sotto brought
her voluminous expertise to bear during testimony before the EC, various U.S.
regulatory agencies and several EU Data Protection Agencies (DPAs).For the Judicial Reform and Government Accountability
Project funded by USAID, Sotto advised the Serbian government on the legalities
of global data protection and has been invited by other governments in China,
Thailand and Myanmar to inform them on global privacy and data security law.
She is currently working on Democratic presidential candidate Kirsten
Gillibrand’s lawyers’ committee and has briefed candidate Pete Buttigieg on
privacy and security issues.For the past 13 years she has been a member of the U.S.
Department of Homeland Security’s Data Privacy and Integrity Advisory
Committee, where she is now the chairman. Sotto has worked closely with the
U.S. Chamber of Commerce on its global data breach notification laws report –
she and FTCD Chairman Noah Phillips presented the report in Brussels last
October.She is also editor and lead author of the best-selling Privacy and Cybersecurity Law Deskbook, a treatise to guide those tasked with managing privacy and cybersecurity law issues. The book includes a roadmap for compliance with global data protection laws as well as state breach notification requirements. - Teri Robinson
There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]
It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]
