In our sixth episode, Avast CISO Jaya Baloo talks with Wendy Nather, Head of the Advisory CISO team at Cisco
At the age of 12, Wendy Nather was living in Israel. Her father was a professor at the University of Tel Aviv, and when she complained to him one day that she was bored, his response launched her on the course that quickly became her life’s calling. They had an electronic console known as a “teletype” in their home – essentially a primordial fax machine – and it had a little bell inside it. Wendy’s father tossed her a BASIC programming manual and challenged her to figure out how to make the teletype bell ring on command. She did.
As a young woman, Wendy got a job at a bank in Zurich, where she took on her first cybersecurity duties. She stayed in the financial services industry for 12 years, specializing in IT and security. She served in the positions of strategist, research director, industry analyst, and CISO. She’s worked in both the public and private sector, including 5 years in state government. Today she heads up the Advisory CISO team at Cisco. Wendy is a cybersecurity guru with decades of experience, and she shares some of her most practical wisdom with Avast CISO Jaya Baloo in Episode 6 of Avast Hacker Archives.
One CISO to another, Jaya asks Wendy what she finds most burdensome for a chief information security officer these days. Having started in security back when the only things that needed protection were mainframes, Wendy has witnessed every new evolution of technology since, each with its own specific security needs. “You’re having to cover all of that,” she says “And where everyone else has the luxury of forgetting the old stuff, you can’t.” A CISO ready for any threat is a CISO armed with an arsenal of knowledge that spans, essentially, the history of technology. And the new tech just keeps coming.
This front row seating to emergent technology revealed a pattern, Wendy tells Jaya. The same security mistakes are being made over and over again when a new technology comes out. She witnessed it when computers went online, then again when computers went mobile, and now again as computers become IoT. The problem is that the teams introducing each new development seem to be doing so in a silo, without assimilating the lessons learned by their predecessors.
Which brings us to Wendy’s main message for the security industry: more communication is essential, across all channels – device manufacturers, IT departments, security services, and even the consumer. Security needs to be understandable to everyone at this point in our technological development. “Everyone needs to know the basic security principles and how to implement them,” Wendy tells Jaya. “It can’t be the wizards versus the muggles anymore.”
In fact, Wendy welcomes more muggles to step into the field. “You don’t have to have had 25 degrees in certifications and all this kind of stuff to be ‘a security person,’” she says. “There are just so many ways that you can contribute to the state of knowledge and security coming from wherever you’re coming from,” she adds. “Don’t let the gatekeepers get in your way. We’re all making this up together and you can do it just as well as we can.”
Click the link below to hear more of Wendy’s wisdom and advice as she and Jaya discuss these topics and more, such as IoT sneakers, the reason Wendy doesn’t use parental controls on her kids’ devices, and certain ways CISOs can improve security without spending a penny. Wendy gives security advice that makes good, practical sense to everyone, so kick back and check out Episode 6 of Avast Hacker Archives.