Jadee Hanson: Cybersecurity is a team effort. [CISO] [Career Notes]

A

You're listening to the Cyberwire Network, powered by N2K.

B

Did you know Active Directory is targeted in 9 out of 10 cyber attacks? Once attackers get in, they can take control of your entire network. That's why Semperis created Purple Night, the free security assessment tool that scans your Active directory for hundreds of vulnerabilities and shows you how to fix them. Join thousands of IT pros using Purple Night to stay ahead of threats. Download it now@sempras.com purple-night that's sempras.com Purple Knight.

A

Hello, my name is J.D. hansen. I am a CIO and CISO at code 42. Right around high school I started to kind of realize I was really interested in technology. I ended up working for free for the technology coordinator at my high school just because I was really interested in learning more. And he took time to kind of teach me everything he knew. We used to buy computer parts from different places to save some money and then we would assemble the computer parts for our school labs. That sparked kind of an interest at a really early age. Obviously didn't know exactly what I wanted to be professionally at that time, but definitely knew I wanted to do something with technology. I went to college at the University of North Dakota. I ended up thinking maybe I wanted to be a software developer and took a number of classes thinking my major would be computer science. I then switched to computer information systems. Just a bit of a tangential degree, but had a little bit more of the business focus to it and ended up graduating from there after packing everything in in three years when I was in college, I was probably, you know, two women to, you know, 30 in some classes. So very, very small representation, certainly even smaller represent representation in the software development side. When I switched to be more of that computer information systems where you had a bit more of the business side, that's where we saw a few more women in some of my classes. Certainly not a degree that has a high degree of women getting it at the time. Anyways, I got out of school. I was initially offered my first cybersecurity job at Microsoft. I did accept it, but at the same time I accepted it. I got engaged and made kind of that personal decision to live in the same city as where my fiance at the time was living. And so I was back on the job hunt. I ended up turning down the Microsoft job and I joined Deloitte in their enterprise risk services organization. And this was very much kind of the entry to everything, computer controls as well as cybersecurity. So I Like to joke, when I first started at Deloitte, I was doing pen test work for companies and when nobody in the world really even understood what a pen test was, now lots of people understand what it is and it's more of a common term, but at the time it was not very wide known. I joined Target at the very kind of early stages of them building out their cybersecurity program. Got to spend a good chunk of time in each of the functions that are part of the security program. Ended up going through the very large scale. Target Breach stayed on for a bit longer. Code 42, such a fun place to join. I joined in 2016. They were at that time got a round of funding to build out their security products. So really excited to be part of a company building software to support the security teams that I've been part of for so many years. At Target Corp, I spent some time in insider risk and that was a function that I led. And so to come to code 42 and be part of their journey in building out their insider risk solution was really appealing to me. That's one of the things that I help with here at code 42. So in addition to my CIO job and my CISO job, I also get to spend a fair amount of time with the product management team sharing insights and knowledge of what worked from an insider risk perspective. You know, at coforay too, I mean, I'm so proud of the work that we're doing in this space. We had, you know, over 3,000 people join the insider risk summit. We believe that in security, you the only way to win this is to win together. It is absolutely a team sport. And there is so much happening in the insider risk space given our increase in collaboration software that we use every day. More and more people just moving jobs and taking data with them when they leave. It's this portion of security that sometimes is overlooked in an organization that we feel really strongly about, that companies need to kind of shine a light there and basically just be aware of what's going on within their organization. The utopia for me and my team is to get to a spot where the team is just firing on all cylinders and being really proactive about what's coming and what's changing. My job is to make sure I'm there, make sure I'm removing roadblocks, make sure I'm supporting them in a way where we get the funding that we need for the things that we need to deliver, but ultimately get out of their way so they can do the brilliant job. That they do every day. My current boss is an incredible mentor for me, and he's one of the reasons I'm actually at code 42. He's just an amazing leader and somebody that I've watched and have taken so many great learnings from in my everyday. I try really hard to do things that might scare me every day. I have a background image on my desktop and it says, be brave enough to suck at something new. And so I try really hard to take on something new or drive a differing opinion or a different idea. I don't know that I have any sort of, like, specific tactic in that regard, other than just taking a minute and thinking about it and asking opinions throughout the company for kind of what we should do next. You know, in a lot of cases, young women might be a little bit more apprehensive for joining a career in cybersecurity or a career in technology. If they don't see people at certain levels that look like them or that act like them, they might think, hey, this isn't for me. And my advice would be like, if you're interested in it, it's for you. If you're having fun doing it, it's for you. Get involved and then stay curious throughout your journey. I've heard from too many young adults that have convinced themselves that this isn't the space for them. I truly believe it's because they don't have a mentor that looks like them or acts like them in this space. And I guess I would tell lots of young women, you can love fashion and you can love cybersecurity, and that is 100% okay. I hope that the team doesn't even see me, just sees what the team has done collectively. I don't think that there's really any one leader that has come in and that leader did it. It's always the team overall that has contributed. I hope that people look back to say, wow, like, what a great team was built. And gosh, the team delivered so much during that time. I guess I would say that I wouldn't really expect anyone to remember specifically what JD did, but what the team did foreign.

B

Hey, everybody. Dave here. I've talked about Delete me before and I'm still using it because it still works. It's been a few months now, and I'm just as impressed today as I was when I signed up. Deleteme keeps finding and removing my personal information from data broker sites, and they keep me updated with detailed reports so I know exactly what's been taken down. I'M genuinely relieved. Knowing my privacy isn't something I have to worry about every day. The Deleteme team handles everything. It's the set it and forget it piece of mind. And it's not just for individuals. Deleteme also offers solutions for businesses, helping companies protect their employees personal information and reduce exposure to social engineering and phishing threats. And right now, our listeners get a special deal. 20% off your delete me plan. Just go to JoinDeleteMe.com N2K and use promo code N2K at checkout. That's JoinDeleteMe.com N2k code N2K.