Alyssa Miller: We have to elevate others. [BISO] [Career Notes] - CyberWire Daily

Summary5 min read

CyberWire Daily: Episode Summary Title: Alyssa Miller: We Have to Elevate Others [BISO] [Career Notes]
Host/Author: N2K Networks
Release Date: March 30, 2025

Introduction

In this episode of CyberWire Daily, host N2K Networks interviews Alyssa Miller, the Business Information Security Officer (BISO) at S&P Global Ratings. Alyssa shares her inspiring career journey, insights into effective leadership within cybersecurity, and emphasizes the critical importance of diversity in the infosec community. Her candid discussion offers valuable lessons for both seasoned professionals and those aspiring to enter the field.

Alyssa Miller’s Career Journey

Alyssa begins by reflecting on her unconventional path to cybersecurity. Initially, she pursued a pre-med major but found herself struggling with college-level chemistry after three semesters. “[01:05] I was what can I change my major to?” Alyssa recalls, highlighting her early academic challenges. Her interest in computers led her to discover computer science, a field she had been passionate about since hacking computers at age 12 and programming even longer.

Deciding to pivot, Alyssa switched her major to Management Information Systems (MIS) to blend technical skills with business acumen. “[01:30] I changed schools and major to get into more of an MIS degree to bring in more like the business side of it.”

During her studies, Alyssa secured her first full-time tech job with a large financial services company as a programmer for their electronic payment systems—a role she held for 15 years. After nine years, she transitioned to the company’s penetration testing team, marking her entry into the cybersecurity domain. “[02:15] When I'm 19, full of piss and vinegar, it's kind of a weird culture shock moving into that world.”

By age 31, Alyssa was leading the vulnerability management and security testing programs for a Fortune 200 financial services firm, overseeing a team of 35 and managing security through a major merger that expanded the company to 35,000 employees.

Transition to Consulting and New Opportunities

Seeking broader experiences beyond financial services, Alyssa ventured into consulting with a reseller. However, she faced setbacks, including being passed over for a promotion despite strong endorsements. “[03:00] Things where I didn't feel like I got treated fairly, that really kind of crushed my self-confidence.”

This experience led her to an individual contributor role as an application security consultant, where she thrived in public speaking and international travel. However, the emergence of COVID-19 opened new doors, leading Alyssa to her current position as BISO at S&P Global Ratings through her professional network. “[05:40] It was an opportunity to do something really amazing.”

Leadership Philosophy: Inspiring and Elevating Others

Alyssa’s leadership style centers on inspiration and empowerment. She references an article she authored on LinkedIn titled, “Bosses Demand Leaders Inspire,” encapsulating her approach. “[06:15] I want to hire people who are intelligent, who have potential to grow and to be amazing and wonderful.”

She believes in providing a clear vision and direction while granting her team the autonomy to drive initiatives and challenge her when necessary. “[06:45] I view myself as the one that's there to give them a vision, give them some direction with some objectives, and leave it to them to really drive us forward.”

Alyssa emphasizes the importance of elevating others, invoking the proverb, “a rising tide raises all ships.” “[07:10] I'm a big proponent that we have to elevate others.” She strives to create an environment where team members can excel, which in turn enhances the overall effectiveness of the security programs she leads.

The Importance of Diversity in Infosecurity

A significant portion of Alyssa’s discussion focuses on diversity within the infosec community. Drawing from her hacker-background roots, she notes the positive impacts of inclusive efforts. “[07:50] The reality is there are so many people in this community now who are just committed to really trying to elevate others and really help improve the welcome nature and the diversity, quite honestly, of this space.”

Alyssa argues that diversity of thought is essential for effective problem-solving in information security. She points out the limitations of homogenous teams, stating, “[08:20] We can't deny that the culture you come from shapes your experiences in a very real way.”

To foster genuine diversity, Alyssa advocates for representation beyond mere demographic checks. “[08:45] Diversity of thought does not come from having 20 white male cisheteros in a room. They can't speak to the experience of a black woman or a Hispanic man or a transgender woman.”

She underscores the necessity of understanding and valuing different perspectives to address security challenges effectively. “[09:10] We need to be able to understand their motivations, speak to their motivations, and show them how we bring value to what it is that's most important to them.”

Conclusion

Alyssa Miller’s journey from an aspiring pre-med student to a leader in cybersecurity exemplifies resilience, adaptability, and the power of embracing one’s passions. Her leadership philosophy, centered on inspiring and elevating team members, coupled with her advocacy for diversity, highlights crucial elements for success in the ever-evolving field of information security. Alyssa’s insights offer a roadmap for professionals aiming to foster inclusive, innovative, and effective security environments.

Notable Quotes:

“[01:05] I was what can I change my major to?”
“[02:15] When I'm 19, full of piss and vinegar, it's kind of a weird culture shock moving into that world.”
“[03:00] Things where I didn't feel like I got treated fairly, that really kind of crushed my self-confidence.”
“[05:40] It was an opportunity to do something really amazing.”
“[06:15] I want to hire people who are intelligent, who have potential to grow and to be amazing and wonderful.”
“[07:10] I'm a big proponent that we have to elevate others.”
“[08:45] Diversity of thought does not come from having 20 white male cisheteros in a room.”

This comprehensive summary encapsulates Alyssa Miller’s career trajectory, leadership insights, and her unwavering commitment to diversity in cybersecurity, offering listeners valuable perspectives on building effective and inclusive security teams.

Loading summary

Transcript3 lines

[00:02]
A
You're listening to the Cyberwire Network powered by N2K. Is your AppSec program actually reducing risk? Developers and AppSec teams drown in critical alerts, yet 95% of fixes don't reduce real risk. Why? Traditional tools use generic prioritization and lack the ability to filter real threats from noise. High impact threats slip through and surface in production, costing 10 times more to fix. AUX Security helps you focus on the 5% of issues that truly matter before they reach the cloud. Find out what risks deserve your attention in 2025. Download the Application Security Benchmark from AUX.
[01:06]
B
Alyssa Miller, Business Information Security Officer for S P Global Ratings I mean they go back to when I was really young. But I laugh because this was definitely not the career I saw myself landing in. I mean, there was a time I wanted to be an astronaut, a fighter pilot, be a lawyer. Ultimately I enrolled in university initially in a Pre MEd major. Three semesters of college level chemistry later and I was what can I change my major to? A year and a half into this and that's when I stumbled across computer science. I had been hacking computers Since I was 12 and programming even longer than that. I changed schools and major to get into more of an MIS degree to bring in more like the business side of it. I was still in college when I got my first full time tech job. I'm in the middle of a degree program in computer science. I knew how to program already. Companies were desperate for programmers, so I actually landed with a large financial services company as a programmer on their electronic payment systems. That was really my start. I worked for that original company for 15 years. After 9 years I got asked to join their penetration testing team, which is how I finally actually landed in security. When you're, you know, 19, full of piss and vinegar, it's, it's kind of a weird culture shock moving into that world, you know, I mean, I had been hacking computers Since I was 12 but never realized that that could be a career. I dropped into that role and honestly accelerated pretty fast. You know, by the time I was 31, I was leading the entire vulnerability management program and security testing program for, you know, a Fortune 200 financial services company. I mean we had 35 at that point. We'd gone through a merger, we had 35,000 employees. After 15 years, I'd kind of seen enough of financial services. I wanted to know what the rest of the world was doing. So I got into consulting and so I joined a reseller and had some challenges, honestly from a career perspective. Specifically I got passed over For a promotion, a promotion that the incumbent who was leaving had recommended me for to multiple levels of the org. Things where I didn't feel like I got treated fairly, that really kind of crushed my self confidence. And so I kind of took a step back, got into an individual contributor role as an application security consultant, which was great. My goal was I was going to focus on the public speaking side that I was really enjoying. I was going to travel internationally a whole lot more. And then three months after I joined the organization, this little thing called Covid popped up. This role where I'm at now, this business information security officer role at S and P came up just through my network that I have developed on social media. It was an opportunity to do something really amazing. To take over security leadership for an entire division of S and P. And to be able to jump into that role was a pretty exciting change. My leadership style actually can be summed up in an article I wrote on LinkedIn. And the title of it is Bosses Demand Leaders Inspire. And I learned this from my very first salary job. And that's really my goal. I want to hire people who are intelligent, who have potential to grow and to be amazing and wonderful. I want to help them be amazing and wonderful because the more amazing and wonderful they are, the better I can do my job. I view myself as the one that's there to give them a vision, give them some direction with some objectives, and leave it to them to really drive us forward and challenge me when they think that direction isn't the right way to go, or they think, you know, we should accomplish it in a different way. You work for the company, you work with me. I'm a big proponent that we have to elevate others. The cliche of the rising tide raising all ships. It's true. My focus has always been on the security community, right? I mean, I'm a child of hacker culture. I'm hearing that from people in the community that the efforts that I and others are making are having an impact on them. The reality is there are so many people in this community now who are just committed to really trying to elevate others and really help improve the welcome nature and the diversity, quite honestly, of this space. I say this a lot. Infosecurity is about problem solving, it's not about technology. And to improve problem solving, you need those diverse perspectives. You can talk diversity of thought all day long, but diversity of thought does not come from having 20 white male cisheteros in a room. They can't speak to the experience of a black woman or a Hispanic man or a transgender woman. We can't deny that the culture you come from shapes your experiences in a very real way. We need those varying perspectives, and you will not get that. When everyone in the room looks the same, it can be hard to navigate. How do I go in there and have a conversation in their language and approach things their way without, you know, necessarily compromising my ideals and, you know, how do I stay true to myself? We need to be able to understand their motivations, speak to their motivations, and show them how we bring value to what it is that's most important to them, because that's how we're going to get, you know, security to be a higher priority and to be addressed the way that we all know it needs to be done. Foreign.
[08:35]
A
And now a brief message from our sponsor, Dropzone AI. Is your SOC drowning in alerts with legitimate threats? Sitting in queues for hours or even days? The latest SANS SOC survey report reveals alert fatigue and limited Automation are SOC team's greatest barriers. DropZone AI, recognized by Gartner as a cool vendor, directly addresses these challenges through autonomous recursive reasoning investigations, quickly eliminating false positives, enriching context, and enabling analysts to prioritize real incidents faster. Take control of your alerts and investigations with Dropzone AI.