Jadee Hanson: Cybersecurity is a team effort. [CISO] [Career Notes] - CyberWire Daily

Summary

CyberWire Daily Summary: "Jadee Hanson: Cybersecurity is a Team Effort"

Release Date: June 22, 2025
Host/Author: N2K Networks
Speaker: J.D. Hanson, CIO and CISO at Code42

Introduction and Early Interests in Technology

In this episode of CyberWire Daily, J.D. Hanson shares her inspiring journey into the field of cybersecurity, emphasizing the importance of teamwork and mentorship.

Hanson recounts her early fascination with technology during high school, where she volunteered to assist the technology coordinator. “[...] we used to buy computer parts from different places to save some money and then we would assemble the computer parts for our school labs. That sparked kind of an interest at a really early age” ([00:52]).

Educational Background and Career Beginnings

She pursued higher education at the University of North Dakota, initially considering a major in computer science before switching to computer information systems to incorporate more business-focused studies. Hanson highlights the challenges of being one of the few women in her classes, noting the lack of representation in both her undergraduate program and the software development field.

Upon graduation, Hanson faced a significant career decision. Although she accepted her first cybersecurity job offer from Microsoft, personal circumstances led her to decline and join Deloitte instead. At Deloitte’s Enterprise Risk Services, she began her career in computer controls and cybersecurity, working on penetration testing at a time when the concept was not widely understood. “[...] when nobody in the world really even understood what a pen test was, now lots of people understand what it is and it’s more of a common term” ([01:30]).

Advancing in the Cybersecurity Field

Hanson subsequently joined Target during the nascent stages of their cybersecurity program. Her tenure at Target included a focus on insider risk, where she led initiatives to safeguard the organization from internal threats. The experience of navigating the Target data breach further solidified her expertise in large-scale cybersecurity operations.

In 2016, she transitioned to Code42, attracted by the company’s mission to develop security products that support the very teams she had been part of. At Code42, Hanson plays a dual role as CIO and CISO, actively collaborating with the product management team to enhance their insider risk solutions. “[...] to come to Code42 and be part of their journey in building out their insider risk solution was really appealing to me” ([03:20]).

Teamwork and Insider Risk Management

Hanson underscores the collaborative nature of cybersecurity, describing it as a “team sport.” She highlights the growing complexity of insider risk due to the rise of collaboration software and the increasing mobility of the workforce. “We believe that in security, the only way to win this is to win together. It is absolutely a team sport” ([05:45]).

She discusses the importance of proactive measures and creating an environment where her team can excel without unnecessary obstacles. Hanson’s leadership philosophy revolves around empowering her team, removing roadblocks, and ensuring they have the necessary resources to perform effectively. “My job is to make sure I’m there, make sure I’m removing roadblocks, make sure I’m supporting them in a way where we get the funding that we need for the things that we need to deliver, but ultimately get out of their way so they can do the brilliant job” ([06:30]).

Leadership and Personal Development

Hanson attributes much of her success to her mentor at Code42, praising his leadership and the invaluable lessons she has learned from him. She emphasizes the importance of stepping out of one’s comfort zone to foster growth and innovation. “I try really hard to do things that might scare me every day. I have a background image on my desktop and it says, be brave enough to suck at something new” ([07:15]).

Her approach to leadership involves encouraging diverse opinions and fostering an inclusive environment where all team members feel valued and empowered to contribute their best ideas.

Encouraging Women in Cybersecurity

A significant portion of the discussion is dedicated to encouraging young women to pursue careers in cybersecurity. Hanson addresses the barriers of representation and visibility, advocating for more mentors and role models who can inspire and support aspiring female professionals. “If you’re interested in it, it’s for you. If you’re having fun doing it, it’s for you” ([08:00]).

She believes that the lack of visible mentors who share similar backgrounds or interests can deter young women from entering the field. Her advice centers on persistence, curiosity, and embracing one’s unique interests alongside a career in technology. “You can love fashion and you can love cybersecurity, and that is 100% okay” ([08:45]).

Team Success and Legacy

Concluding her narrative, Hanson reflects on the collective achievements of her teams rather than individual accolades. She emphasizes that the true measure of success lies in the strength and effectiveness of the team as a whole. “I would say that I wouldn’t really expect anyone to remember specifically what JD did, but what the team did” ([09:10]).

Key Takeaways

Early Passion and Mentorship: Hanson’s journey underscores the importance of early interests and the impact of mentorship in shaping a career.
Diversity and Representation: Highlighting the challenges of being a woman in a male-dominated field, Hanson advocates for increased representation and support for young women.
Team-Oriented Leadership: Effective cybersecurity requires collaboration, proactive management, and empowering teams to achieve collective goals.
Continuous Growth: Embracing new challenges and stepping out of comfort zones are crucial for personal and professional development in the dynamic field of cybersecurity.

Notable Quotes

“We believe that in security, the only way to win this is to win together. It is absolutely a team sport.” ([05:45])
“Be brave enough to suck at something new.” ([07:15])
“If you’re interested in it, it’s for you. If you’re having fun doing it, it’s for you.” ([08:00])
“I wouldn’t really expect anyone to remember specifically what JD did, but what the team did.” ([09:10])

This episode provides valuable insights into the career path of a successful cybersecurity leader, the significance of teamwork in the industry, and the ongoing efforts to foster diversity and inclusion within the field.

Transcript

A (0:02)

You're listening to the Cyberwire Network, powered by N2K.

B (0:11)

Did you know Active Directory is targeted in 9 out of 10 cyber attacks? Once attackers get in, they can take control of your entire network. That's why Semperis created Purple Night, the free security assessment tool that scans your Active directory for hundreds of vulnerabilities and shows you how to fix them. Join thousands of IT pros using Purple Night to stay ahead of threats. Download it now@sempras.com purple-night that's sempras.com Purple Knight.

A (0:52)

Hello, my name is J.D. hansen. I am a CIO and CISO at code 42. Right around high school I started to kind of realize I was really interested in technology. I ended up working for free for the technology coordinator at my high school just because I was really interested in learning more. And he took time to kind of teach me everything he knew. We used to buy computer parts from different places to save some money and then we would assemble the computer parts for our school labs. That sparked kind of an interest at a really early age. Obviously didn't know exactly what I wanted to be professionally at that time, but definitely knew I wanted to do something with technology. I went to college at the University of North Dakota. I ended up thinking maybe I wanted to be a software developer and took a number of classes thinking my major would be computer science. I then switched to computer information systems. Just a bit of a tangential degree, but had a little bit more of the business focus to it and ended up graduating from there after packing everything in in three years when I was in college, I was probably, you know, two women to, you know, 30 in some classes. So very, very small representation, certainly even smaller represent representation in the software development side. When I switched to be more of that computer information systems where you had a bit more of the business side, that's where we saw a few more women in some of my classes. Certainly not a degree that has a high degree of women getting it at the time. Anyways, I got out of school. I was initially offered my first cybersecurity job at Microsoft. I did accept it, but at the same time I accepted it. I got engaged and made kind of that personal decision to live in the same city as where my fiance at the time was living. And so I was back on the job hunt. I ended up turning down the Microsoft job and I joined Deloitte in their enterprise risk services organization. And this was very much kind of the entry to everything, computer controls as well as cybersecurity. So I Like to joke, when I first started at Deloitte, I was doing pen test work for companies and when nobody in the world really even understood what a pen test was, now lots of people understand what it is and it's more of a common term, but at the time it was not very wide known. I joined Target at the very kind of early stages of them building out their cybersecurity program. Got to spend a good chunk of time in each of the functions that are part of the security program. Ended up going through the very large scale. Target Breach stayed on for a bit longer. Code 42, such a fun place to join. I joined in 2016. They were at that time got a round of funding to build out their security products. So really excited to be part of a company building software to support the security teams that I've been part of for so many years. At Target Corp, I spent some time in insider risk and that was a function that I led. And so to come to code 42 and be part of their journey in building out their insider risk solution was really appealing to me. That's one of the things that I help with here at code 42. So in addition to my CIO job and my CISO job, I also get to spend a fair amount of time with the product management team sharing insights and knowledge of what worked from an insider risk perspective. You know, at coforay too, I mean, I'm so proud of the work that we're doing in this space. We had, you know, over 3,000 people join the insider risk summit. We believe that in security, you the only way to win this is to win together. It is absolutely a team sport. And there is so much happening in the insider risk space given our increase in collaboration software that we use every day. More and more people just moving jobs and taking data with them when they leave. It's this portion of security that sometimes is overlooked in an organization that we feel really strongly about, that companies need to kind of shine a light there and basically just be aware of what's going on within their organization. The utopia for me and my team is to get to a spot where the team is just firing on all cylinders and being really proactive about what's coming and what's changing. My job is to make sure I'm there, make sure I'm removing roadblocks, make sure I'm supporting them in a way where we get the funding that we need for the things that we need to deliver, but ultimately get out of their way so they can do the brilliant job. That they do every day. My current boss is an incredible mentor for me, and he's one of the reasons I'm actually at code 42. He's just an amazing leader and somebody that I've watched and have taken so many great learnings from in my everyday. I try really hard to do things that might scare me every day. I have a background image on my desktop and it says, be brave enough to suck at something new. And so I try really hard to take on something new or drive a differing opinion or a different idea. I don't know that I have any sort of, like, specific tactic in that regard, other than just taking a minute and thinking about it and asking opinions throughout the company for kind of what we should do next. You know, in a lot of cases, young women might be a little bit more apprehensive for joining a career in cybersecurity or a career in technology. If they don't see people at certain levels that look like them or that act like them, they might think, hey, this isn't for me. And my advice would be like, if you're interested in it, it's for you. If you're having fun doing it, it's for you. Get involved and then stay curious throughout your journey. I've heard from too many young adults that have convinced themselves that this isn't the space for them. I truly believe it's because they don't have a mentor that looks like them or acts like them in this space. And I guess I would tell lots of young women, you can love fashion and you can love cybersecurity, and that is 100% okay. I hope that the team doesn't even see me, just sees what the team has done collectively. I don't think that there's really any one leader that has come in and that leader did it. It's always the team overall that has contributed. I hope that people look back to say, wow, like, what a great team was built. And gosh, the team delivered so much during that time. I guess I would say that I wouldn't really expect anyone to remember specifically what JD did, but what the team did foreign.