Author Archive: Wendy Poland

Boldly Leading the Possibilities in Cybersecurity, Risk, and Privacy

During the last week in October, five members of the Adobe Security team and I attended the Executive Women’s Forum (EWF) National Conference as first-time attendees.  Over 400 were in attendance at the fourteenth annual conference.  It was the first time three separate tracks were offered, which focused on the primary topic of “Balancing Risk and Opportunity, by Transforming Cybersecurity, Risk, and Privacy beyond the Enterprise.”

The Executive Women’s Forum has emerged as a leading member organization using education, leadership development and trusted relationships to attract, develop and advance women in the Information Security, IT Risk Management, Privacy, Governance, Compliance and Risk Assurance industries.  Additionally, EWF membership offers virtual access to peers and thought leadership globally, networking opportunities both locally and at industry conferences, advancement education and opportunities via EWF’s leadership program, plus their peer and mentoring program.  EWF also provides learning interaction at their national conference, regional meetings and webinar series.

At this year’s national EWF conference, several of the presentations and sessions stood out, namely:

  • Several keynote speakers wowed the crowd with their personal stories of industry challenges, personal hardships and their rise through the ranks. Speakers of interest included:
    • Susan Keating (President and Chief Executive Officer at National Foundation for Credit Counseling). Keating recounted her personal story of managing through what was in 2001 the largest banking fraud in US history and lessons learned from the experience.  Her message and advice focused in on being resilient, prioritizing prevention and recovery preparation activities, remembering communication is imperative and one needs to be tireless in connecting at all points (employees, customers, partners, etc.), that bullying and intimidating behavior is not to be tolerated, and that it’s important to keep a culture healthy by always remembering the human component – if you’re not staying connected to people you could miss something.
    • Meg McCarthy (Executive Vice President of Operations and Technology at Aetna). Interviewed by Joyce Brocaglia, McCarthy spoke of her career journey to the executive suite, the challenges she faced along the way, and what it takes to thrive as a leader at the top.  Among her advice, three pieces stuck out: Talk the talk – get communication coaching, get into executive strategy meetings, and identify and study role models.  Saying yes – be careful declining – McCarthy always took opportunities offered to her.  The proof is in the pudding – build a track record, visualize your goals, and always look the part.
    • Valerie Plame (Former Operations Officer at US Central Intelligence Agency). Plame told her story as an undercover operations officer for the CIA, who served her country by gathering intel on weapons of mass destruction.  When her husband Joe Wilson spoke out about the falsities that were levied publically to justify the Iraq War, the administration retaliated by revealing Plame’s position in the CIA, ruining her career and reputation, and exposing her to domestic and foreign enemies.  She encouraged all to hold people, government and organizations accountable for their words and actions.
    • Nina Burleigh (Author and National Correspondent at Newsweek Magazine). Burleigh explained how the issue of women’s equality is a challenge everyone wants to address and is approaching a tipping point.  She foresees 2017 being the year of women, and topics, especially in the US, about female political representation, family and maternal leave and women’s health care will be at the forefront.
  • Additionally, there were several breakout talks that bear mention:
    • The pre-conference workshop on Conversational Intelligence facilitated by Linda Dolceamore of EWF focused on the chemical reactions in our brains in response to different types of communication. The workshop taught us what to do in order to activate the prefrontal cortex for high-level thinking, as well as evaluate whether our conversations are transactional, positional, or transformational.  Proper application of this information should enable a person to build better relationships, which will then evoke higher levels of trust and collaboration.
    • A panel session where five C-level executives talked about what they see next and what keeps them up at night. Takeaways included:
      • Trust is the currency of the future.
      • The digital vortex is upon us and only smart digitization will see us through.
      • Stay true to yourself. Stay curious.  Ask why.
    • The presentation regarding EWF’s initiative for Voice Privacy. As products proliferate utilizing voice interaction, it is imperative we consider the security and privacy aspect of our voices and provide the industry with appropriate guidance for voice enabled technology.
    • Yolanda Smith’s presentation on The New Device Threat Landscape.  Client-side attacks generally start off the corporate network.  Smith demonstrated a karma attack using a Hak5 Pineapple Nano as the deviant access point (complete with a phony landing page) and the Social Engineering Toolkit to generate a payload for a reverse TCP shell.  To mitigate the threat of these sort of attacks, remove probes from your devices and refrain from connecting devices to unknown networks.

EWF’s goal of extending the influence and strength of women’s voices in the industry, aligns well with Adobe’s mission to establish Adobe as a leader within the industry for creating an environment which supports the growth and development of global women leaders.  Therefore, it’s exciting for Adobe to partner with the Executive Women’s Forum organization.  If EWF’s national conference is a taste of their yearly impact, it will be compelling to participate in the additional year-round initiatives, events and opportunities available through EWF’s membership. We look forward to connecting with colleagues and friends at more events going forward.

Adobe @ the Women in Cybersecurity Conference (WiCyS)

Adobe sponsored the recent Women in Cyber Security Conference held in Atlanta, Georgia.  Alongside two of my colleagues, Julia Knecht and Kim Rogers, I had the opportunity to attend this conference and meet the many talented women in attendance.   

The overall enthusiasm of the conference was incredibly positive.  From the presentations and keynotes and into the hallways in between, discussion focused on the general knowledge spread about the information security sector and the even larger need for more resources in the industry, which dovetailed into the many programs and recruiting efforts to help more women and minorities, who are focused on security, to enter and stay in the security field.  It was very inspiring to see so many women interested in and working in security.

One of the first keynotes, presented by Jenn Lesser Henley, Director of Security Operations at Facebook, immediately set the inspiring tone of the conference with a motivational presentation which debunked the myths of why people don’t see security as an appealing job field.  She included the need for better ‘stock images’, which currently portray those in security working in a dark, isolated room on a computer, wearing a balaclava, which of course is very far from the actual collaborative engaging environment where security occurs.  The security field is so vast and growing in different directions that the variety of jobs, skills and people needed to meet this growth is as much exciting as it is challenging.  Jenn addressed the diversity gap of women and minorities in security and challenged the audience to take action in reducing that gap…immediately.  To do so, she encouraged women and minorities to dispel the unappealing aspects of the cyber security field by surrounding themselves with the needed support or a personal cheerleading team, in order to approach each day with an awesome attitude.

Representation of attendees seemed equally split across industry, government and academia.  There was definitely a common goal across all of us participating in the Career and Graduate School Fair to enroll and/or hire the many talented women and minorities into the cyber security field, no matter the company, organization, or university.   My advice to many attendees was to simply apply, apply, apply.

Other notable keynote speakers included:

  • Sherri Ramsay of CyberPoint who shared fascinating metrics on cyber threats and challenges, and her thoughts on the industry’s future. 
  • Phyllis Schneck, the Deputy Under Secretary for Cybersecurity and Communications at the Department of Homeland Security, who spoke to the future of DHS’ role in cybersecurity and the goal to further build a national capacity to support a more secure and resilient cyberspace.  She also gave great career advice to always keep learning and keep up ‘tech chops’, to not be afraid to experiment, to maintain balance and find more time to think. 
  • Angela McKay, Director of Cybersecurity Policy and Strategy at Microsoft, spoke about the need for diverse perspectives and experiences to drive cyber security innovations.  She encouraged women to recognize the individuality in themselves and others, and to be adaptable, versatile and agile in changing circumstances, in order to advance both professionally and personally. 

Finally, alongside Julia Knecht from our Digital Marketing security team, I presented a workshop regarding “Security Management in the Product Lifecycle”.  We discussed how to build and reinforce a security culture in order to keep a healthy security mindset across a company, organization and throughout one’s career path.  Using our own experiences working on security at Adobe, we engaged in a great discussion with the audience on what security programs and processes to put into place that advocate, create, establish, encourage, inspire, prepare, drive and connect us to the ever evolving field of security.  More so, we emphasized the importance of communication about security both internally within an organization, and also externally with the security community.  This promotes a collaborative, healthy forum for security discussion, and encourages more people to engage and become involved.

All around, the conference was incredibly inspiring and a great stepping stone to help attract more women and minorities to the cyber security field.

Wendy Poland
Product Security Group Program Manager

BSIMM Community Conference 2013

In mid-November, I attended the BSIMM Community Conference 2013 in Chantilly, VA.  The community represents 67 firms, and there were about 100 people in attendance.

The Building Security In Maturity Model (BSIMM) is the result of a multi-year study of real-world software security initiatives.  The BSIMM helps to measure, compare and contrast software security data.  The model also describes how mature software security initiatives evolve, change and improve over time.  Adobe was one of the nine original participants in the first version of BSIMM and has participated in subsequent BSIMM surveys.

This year the conference provided two tracks, thereby providing a smaller ratio of presenters to attendees per presentation.  Topics included Static Analysis, Software Security Meets Agile, Mobile Security, Software Security Metrics for Efficiency and Effectiveness, Architecture Analysis, Insider Threats, and Third Party Software and Security.

To sum it up, I appreciated the opportunity to connect, network and discuss comparative security initiatives, current events, and best practices with those in attendance.  Thanks to BSIMM organizers for putting on a great event.

Wendy Poland
Product Security Group Program Manager