As you’re probably aware, the job titles and accompanying responsibilities that fall into the information security spectrum run the gamut. From threat analysts and network engineers to penetration testers and chief information security officers. While there may be "magic" quadrants that define each role and the unique functions that fall into them, Infosec Insider decided to reach out to these subject matter experts themselves to get a better sense of how their professionals journeys have evolved to get them in their seat today.
As the Chief Executive Officer at Dtex Systems, a Silicon Valley-based data security firm, Christy Wyatt’s career didn’t follow the prototypical information security path. Because of her leadership positions at Citigroup, Motorola, Apple, and most recently Good Technology, Infosec Insider wanted to get a better sense of the successful trajectory of her career, what her thoughts are on the security industry today, and her many achievements in an industry that’s primarily male-dominant. Here’s what she had to say.
Infosec Insider: You’re a security executive. How did you get to where you are today?
CW: Security has always been an important part of companies I’ve worked for. As I’ve watched the cybersecurity landscape evolve, my interest and passion in technologies mitigating cybercrime has increased. We are seeing the most vulnerable among us targeted. There is no safe zone anymore, and the way we used to protect employees and data is no longer effective. Everything about the traditional enterprise landscape is in flux. Taking on these threats requires that we take everything we’ve learned about innovation, agility, and resilience and focus it on solving new challenges.
I’ve always been passionate about technology; I think it can change the world. I also understand that in order to grow as a leader, you have to be a good follower. I’ve always looked for people who can teach me something new and push me beyond my comfort zone. It’s this worldview that has led me to where I am today.
As the CEO of an organization in the security industry, how does your role differ from CEOs in different industries?
CW: Other than that most of us are more paranoid, there probably are not a lot of differences between me, as a security CEO, and the average enterprise CEO. As a security CEO, I’m acutely aware of numerous cyber threats that a CEO of a healthcare company may not be.
What I’ve found is that no role is not a security role anymore. Security is too often siloed, but security responsibilities and education should be integrated across all departments and roles – from the CEO to sales and marketing to engineering – to encourage a stronger organization.
Now that every organization feels the effects of the evolving threat landscape, CEOs in the broader enterprise need to adapt, drawing on the knowledge from the security industry to better educate and defend themselves and their companies. We’re already seeing this on some level, with many organizations aggressively building out security teams.
What are the biggest challenges you face as it relates to your role?
CW: As the CEO of a fast-growing company, the challenges are many. There are the obvious: finding great talent, having your product easily understood, and the ability to match customer demand.
My core job is focus. Too many businesses fail because they lose focus on what matters most to their customers. It means protecting the team and our customers from distractions that would prevent us from delivering. There is an abundance of good ideas – but good ideas without execution and delivery are worth very little. I care a lot about execution and spend a lot of time in details.
I believe that high-performing teams need to share information consistently. Outside of team meetings, everyone makes 100 decisions a day, so it is important to me that my leaders have the same data I do when making decisions. It keeps us aligned and focused on what matters.
What does your typical day look like from the moment you arrive at the office?
CW: My day starts long before I hit the office. I am on social media and email usually around 5:30 a.m. – monitoring for any new threats and incidents that have emerged overnight. Because the security industry is fairly efficient at sharing risk information, we are able to mobilize quickly when we see something relevant to our customers.
I spend as much time as I can with customers. When I’m in the office, you’ll often find me in one of the in-depth weekly sessions on product development, customer deployments, pipeline, marketing or our weekly leadership meeting. Because Dtex is growing quickly, I spend a significant amount of time on recruiting and developing the team. In order to grow, you need to be hiring the best, encouraging and rewarding excellence and quickly addressing any mistakes.
As a woman in an industry that’s primarily male-dominant, what needs to happen in order for more women to join the industry?
CW: You can only mirror what you see. If young women entering the security workforce do not see other successful women, they will look elsewhere. This is not about quotas or rations, but about being vocal about the success stories we already have. We have many successful women in cybersecurity, and it’s important that young women see these success stories besides their male peers.
It is a common mistake to think that only women can encourage other women; many of my mentors were men. Male or female – hearing that someone you respect believes in your capabilities and wants to invest in you is powerful. If you want more women to succeed in your organization, make a point of looking for them. Be vocal when they succeed and encourage them to push harder when you feel they need to. Anyone with an interest can play a role in diversity.
Based on your conversations with security managers, what’s their single biggest challenge and what do you think they can do about it?
CW: Before I decided to join Dtex as CEO, I was acutely aware of how frequently data breaches and other security and compliance incidents are tied to human error and malicious intent. In fact, the FBI and other leading law enforcement agencies frequently report that negligent and malicious insiders are one of the biggest threats organizations face today. Visibility is the critical issue they all face in being able to understand what insiders are doing. It is why I thought the Dtex solution could be game changing.
When I meet with customers in both the public and private sectors, a common theme also emerges around access to talent. I think this shortage provides a great opportunity for managed security providers and for solution providers like Dtex to make very powerful tools more accessible to a range of skillsets.
How would you grade the security industry today and why?
CW: The issue with grading in a traditional sense is that it assumes a moment in time and a static set of criteria. In our industry, there is very little not in motion. The platforms, users, threats and tools available are changing at an astronomical rate. Agility and resiliency are today’s critical KPI’s.
Our customers are increasingly focused on these axis. Large banks that would typically take more than a year to assess new technologies are now doing rapid, live deployments as proofs of concept (POCs). The assumption that solutions have five-year lifespans has been cut to 18-24 months. Large federal agencies that previously only engaged with large global entities through two-year-long contracting processes are engaging with emerging technology providers like Dtex to leverage the ecosystem’s innovation. These powerful trends make me optimistic that as an industry we can build an innovation and delivery model that keeps pace with the other side.
This is part 1 of Infosec Insider's "Day in the Life..." series.