Think holistically and lead globally, with Global CISO, Dr. Rebecca Wynn
Our international audience was treated to some great stories and fresh insights on information security leadership with Dr. Rebecca Wynn on Wednesday, Oct. 27. What a treat! Considering how much she prizes top-level teamwork and communication in her teams, Dr. Wynn was the perfect person to join us in the Sandbox. Because (dad joke alert): you always want people who know how to play nice in the sandbox.
Her expertise on transformative leadership and holistic information security design were by turns inspirational and insightful. Our industry focuses so much on technical perimeters and data breaches that we can forget the people part of the information security equation. She did a wonderful job of reminding us to be resilient as individuals—and as leaders--in order to build resilience for our teams and organizations!
Please feel free to watch and share the webinar.
A true polymath who followed her heart from mathlete, former chemistry major, athlete, musician... to world class CISO
"No matter where you are in your career, no matter whether you’re changing careers, I think it’s really important to follow your heart. Generally in your lifetime you work about 90,000 hours. Life is just too short not to be doing what you love. Different things come in seasons so it’s OK if your’e going to switch jobs to different professions or switch jobs to a different area. Follow your heart because life is too short not to be doing what you want."
The outsider's advantage: holistic and balanced
"The top CISOs and CIOs who I hang out with—maybe we’re drawn to one another—but we all have non-traditional backgrounds. I started out as a chem major and I thought I was going to be a veterinarian... But I find it interesting that in (infosec) job descriptions today they say you need to have a technology degree or a liberal arts degree, and those are two different parts of the brain. But they are trying to get people who are more holistic in their thinking and more balanced. I think that’s the key to being a good CISO. Can I relate to as many people as possible, and can I try to understand their perspective as much as possible? ...
We have to relate to technology staff. We have to relate to finance, to HR. We need to relate very well to sales and marketing and operations. There are so many different areas that we need to get onto their wavelength very quickly, and having those diverse backgorunds assists you in that."
The importance of communicating as people
"Even if you come from a straight technical background, the more you can expose yourself to talking to different people on different levels, in different industries, the better you are going to do in your career in this industry, regardless of where you want to end up."
On the infamous email at the center of the Equifax breach that went to 486 people
"There were 486 different people on that email thread who thought someone else was going to handle that problem... But the one person who really knew that environment and that vulnerability that was going to be hit, was the one person who was left off of that email. That’s a classic case where you say, 'Wait, me as a professional, who am I sending emails to and what am I trying to send it for? Is it just so I can get out of the hot seat?' That’s not solving a problem in my professional opinion. Is it just so I can spray and pray and hope it’s going to be okay? To me that’s not being a good professional in any of our areas."
Learn to communicate from epic communication failures
I tell people, you better be careful about picking on Equifax because you better watch out how many fingers are pointing back at yourself. When I go through some of those bigger cases of breaches, I go back and (after extensive analysis realize the root cause) was really siloing… And If your company has a similar attack or breach as something that happened before, people will say, 'Why didn’t you learn those lessons?' Eight months after Equifax, Capital One had a similar breach and one of the things that came out was, 'did they learn nothing from that Equifax breach?' Don’t always look at people for the breaches themselves but look at where communications were broken and where it was broken and is your group doing the same thing and is your group doing the right things to make sure that communication breakdown doesn’t happen.
The bad guys just have to win once. We have to win all of the time. The question is can we learn those lessons from past mistakes and sure up our defenses?"
How to choose the best situation to enter as an infosec leader
"Make sure that when you’re in an interview, interview them to make sure you get a sense of the company culture, and if you get 8 different answers from eight different people, then that’s a red flag…
For me I want to make sure that a company has a strong culture based on core values. I like being affirmative. I like training people up. I like to treat people with respect. I like to be treated with respect...
"What are the rules of behavior? What are the rules of engagement? How are we going to treat each other? What is acceptable? As a female I’ve been in situations where I’ve been bullied before and I’ve gone to HR and they’ve said, well, that’s a guy, and I’m like ‘What? That doesn’t resonate with me. That behavior whether someone’s a guy, girl, tall, short, skinny, fat or whatever, it’s inappropriate in the workplace. And if it’s inappropriate for person X it’s inappropriate for person Y.'
How to advance your career in cybersecurity
"I tell people: If you want to secure your job in cybersecurity, work on those other (non-technical) areas, like communication. Unfortunately, we’re so obsessed with technical skills that we forgot about the communication skills."
The CISO walks into the boardroom
"The boardrooms I’ve gone into where I’ve been most successful are where I’ve had the right people preview the presentation before I present it... (Once there), I have short time I need to communicate: What are the top 3 things you need to know, and what do you need from us to do that."
Resiliency is personal
"Remember your own resiliency. Make sure that if you are not in accompany that is allowing you to do the work you need to do you are not being resilient to yourself and to your team. If you’re not taking care of your health, if you’re not exercising, if you’re not eating properly, if you’re not getting rest, if you’re not taking time to recharge; you’re not being resilient.
Remember to do that. I’ve been on a team where 24/7 has actually been 24/7 and you can lose yourself working so much."
Dr. Rebecca Wynn
Executive, Global CISO, Privacy & Risk Officer - author, keynote speaker, consultant
Named a Top 100 Women in Technology 2021 - IBM; Top Inspirational Women in Technology 2021; Business Role Model of the Year 2018; Cybersecurity Professional of the Year 2017 - Cybersecurity Excellence Awards; podcast host; author
Read more expert interviews
- Barak Engel: From Virtual CISO To The Security Hippie
- Dan Lohrmann CISO Sandbox video and key takeaways
- Interview: Virtual CISO, Barak Engel, Part II
- Webinar With Garrett Cook and Michael Barone From G2
- Mastering the Management of Cybersecurity Risk, with David X Martin
- CISO: From Business Blocker Nerd To Rockstar Enabler
- Key Takeaways: The Security Leader's Communication Playbook
- Women in Cybersecurity: It’s time to get more diverse
- Webinar with Kevin DeLange, CISO at IGT
- Ten key learnings from the webinar with IGT CISO Kevin DeLange
- Prof. Shoemaker: Integrating Cybersecurity & The C-Suite
- Prof. Dr. Andreas Heinemann: The Corporate Phishing Threat
- Subscribe to All Things Human Risk to get a monthly round up of our latest content
- Request a demo for a customized walkthrough of Hoxhunt