GO PHISH
people represent an opportunity , not an error waiting to happen . I believe that we can make people think securely , we can make the internet safer in a scalable way .
How do you deal with stress and unwind outside the office ?
I lead the Madrid chapter for WoSEC — Women of Security , and we are always looking for new members . I also enjoy puzzles and calisthenics , and am an absolute corgi fan .
If you could go back and change one career decision what would it be ?
Every job I ’ ve had has contributed to where I am today . Developer support taught me empathy and communication skills . My first security job as a security program manager taught me to approach things in a more structured way . I ’ ve learned from every experience , and from that standpoint , I don ’ t think I would change anything .
What do you currently identify as the major areas of investment in the cybersecurity industry ?
Security awareness continues to be a major focus to help employees detect the most common cyberattacks , but more than any money or technology , these efforts need investment from people in leadership .
If you want to be an ally to your security team and create a culture of security , you have to look at how security is prioritised with other business needs . Are you focused on speed or security ? What gets praised ? Is your security awareness training a checkbox or short , frequent , and engaging for employees ( we hired a Morgan Freeman impersonator ). Do employees have enough time and resources to make security part of their job and their lives ?
Are there any differences in the way cybersecurity challenges need to be tackled in the different regions ?
Security basics are the same for everyone , but some regions have special considerations , especially around data privacy . In the EU for example , there is a lot of talk about GDPR , the invalidation of Privacy Shield , and the need for US companies to process and store their data in Europe . We ’ ve seen countries like Japan and Kenya pass data protection laws too . Ultimately though
We have a role to fulfil for the business – reducing risk – but we also have a responsibility to influence people , so they live safer lives online in general . it comes down to general security best practices : collecting only the data you need , securing it appropriately , using secure passwords and multi-factor authentication , and following secure coding practices .
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months ?
The security culture and awareness role is a bit different for everyone . Many of our metrics are on the phishing side , which is important , because it continues to be an ongoing threat for any organisation .
But there ’ s also more to the world than phishing . We have a role to fulfil for the business – reducing risk – but we also have a responsibility to influence people , so they live safer lives online in general . I would like to see our industry focus more on people and relationships and connecting the dots between our personal and professional lives . Teaching people how to write a phishing email is more engaging than showing them one , and we could all benefit from learning about MFA and privacy settings in our personal accounts . u
72 www . intelligentciso . com