“In general, the zero-trust security model offers major advantages for protecting assets; however, it does have challenges that companies will need to overcome.”
Hi, Kimberly. Welcome to our Interview Series. You have a diverse experience in the Information Security management industry. Please tell us about your memorable milestones and how these changed your career path?
“Serving in the Army Signal Corps I learned early on to appreciate the critical importance of secure information and communications systems to the success of operations and the safety of personnel. So when I decided to transition to the private sector, I committed to a career in IT; and when the first opportunity arose to work in cybersecurity, I seized it with both hands.”
What inspired you to start at Guardsquare?
“I’m passionate about cybersecurity, and since apps help run the world nowadays, I found Guardsquare really compelling. Guardsquare is the leader in mobile application security. But it was more than Guardsquare’s products that caught my attention. It was also the people. They’re talented and dedicated. They’re an amazing team.”
As a CIO, what are the fundamental challenges you try to solve for your business teams?
“Positioning people, processes, and technology to scale. This is a major challenge, especially when we consider how important it is for business systems to align from a data perspective. Achieving this often requires breaking down silos and working more holistically across teams. This can mean anything from relatively straightforward reorganization or tweaking procedures to revamping complex processes or promoting broad cultural change in organizations.”
“Another business challenge is determining what data sources should be integrated and how. In today’s world, you can integrate almost anything from a technology perspective, but that doesn’t necessarily mean that you should. The CIO is critical in leading the conversation around business requirements and expected outcomes, including promoting streamlined processes and accurate and efficient reporting capabilities.”
What is the biggest pain point for CIO and CISOs today?
“Governance, risk, and compliance (GRC) is a real pain point. Integrating these areas helps companies align technology with business goals, manage risks, and meet industry and government regulations. This reduces uncertainty internally and for customers, but it isn’t easy to achieve. It often requires changes in a company’s culture. Governance, for example, is partly based on company policies that define the responsibilities of employees, and enforcing these policies requires a lot of documentation and buy-in from the board, executives and other managers. But most people are focused on building a product or executing a sale, and it can take time to promote and develop a security mindset.”
We are witnessing a rampant adoption of AI and automation for information security initiatives. What is your opinion about AI and Automation role in CIO’s workflow?
“Automating routine tasks is commonplace across IT and security teams today, because it gives teams an efficient path to predictable and repeatable processes, improving consistency and helping to eliminate errors. However, automation must be managed to ensure expected outcomes. There are also security considerations, since automation often relies on 3rd-party APIs and middleware, so oversight is key. Depending on the industry and the products and services supported, there can be a place for AI; however, like automation there are security and privacy concerns. Finally, erroneous or misleading assumptions that usually originate from our own cognitive biases are often incorporated in the training data for machine learning processes, producing systematically prejudiced results. Despite the challenges, AI will continue to broaden its footprint as the space evolves.”
You are among the top-ranking CIOs in the industry. What message do you have for female professionals in the security domain?
“Know your stuff, commit to continuous learning – including from coworkers – support your team, and be yourself. I would never deny that women face special challenges in IT, some of which arise from others’ fears or preconceptions, and some just from our relative lack of role models.
“My advice is, don’t worry about it, everybody doesn’t have to love you – they just have to respect your work. Speak from your expertise and with conviction. Be as kind as you can be without obscuring your message, and when occasionally the circumstances require passion, don’t censor yourself for fear of offending. If you know your stuff and you consistently show that you care about developing your team and about your company’s success, that will shine through. Your work and your dedication will win the day.”
Read More: CIO Influence Interview with Andrew Hollister, Chief Information Security Officer at LogRhythm
Could you tell us about the future of threat detection technologies and how IT companies could leverage Guardsquare for protecting their assets and resources?
“Threat detection and response is critical to business operations and will continue to evolve. Many products are expensive and sometimes overly complex; companies don’t always have the financial resources or the people to manage them. This is shifting now though, with a greater availability of products that smaller teams can manage. Protecting the traditional network edge with legacy firewalls that have intrusion detection and prevention capabilities is no longer sufficient. This is partially due to the fact that most modern companies have decentralized data sources – on-premises, data center, and cloud. Infrastructure must be both robust and flexible as devices proliferate and process huge amounts of data that originate beyond the traditional company network.”
“Guardsquare’s suite of products can help app development teams secure their mobile applications by identifying vulnerabilities during the development process, applying multiple layers of protection to mitigate efforts to tamper or reverse engineer the applications, and monitoring them for threats once they are being used. In today’s world this is crucial, since there is literally an app for just about everything. Companies have an o********* to protect their intellectual property and their customers’ data.”
Human-led vulnerabilities continue to plague large enterprises. In the remote setting, what should organizations do to reduce risks?
“People remain the weakest link from a security perspective, so instilling good security hygiene practices is crucial for all employees, not just those in a remote setting. In fact, a 2022 report from Verizon indicated that human error accounted for 82% of data breaches. Therefore, keeping data security at the forefront of employees’ minds is fundamental to a strong cybersecurity culture. As a CIO, educating employees about social engineering is a top priority – and that means moving away from the traditional approach of awareness training one or two times a year and to a more frequent cadence of micro-trainings that are relevant and timely.”
Your take on the zero trust policy and the imminent challenges for CIOs in achieving the objectives with zero trust:
“In general, the zero-trust security model offers major advantages for protecting assets; however, it does have challenges that companies will need to overcome. For instance, zero-trust isn’t just about buying a piece of equipment or technology – it’s also about policy and people. There is also the challenge of ensuring that productivity is not hindered. Another big concern for me when exploring zero-trust solutions is the fact that vendors in this space face the same security risks that other companies do – user credentials can still be compromised and accounts with elevated privileges are very attractive. Third-party due diligence is also key because zero-trust technologies that connect users with applications are not only targets for attack but also points of failure.”
Read More: CIO Influence Interview with Logan Welley, Vice President of Alliances at Fivetran
Thank you, Kimberly ! That was fun and we hope to see you back on cioinfluence.com soon.
[To participate in our interview series, please write to us at sghosh@martechseries.com]
Kimberly leads the information technology and security team at Guardsquare. Prior to joining Guardsquare, Kimberly held leadership roles in technology and security at several technology companies, including SmartBear, Formlabs, and Catapult.