From childhood fascinations and unlikely epiphanies to unexpected opportunities and market surges, top security managers find inspiration in almost anything – and they're willing to seize opportunity and take responsibility to lead their teams.
Scott Charney, corporate vice president, Trustworthy Computing
Being in the right place at the right time is a common career-finding mantra, and Scott Charney credits that for the start of his career. The U.S. Department of Justice (DoJ) created a Computer Crime Unit, and as he put it, “I was in the right place at the right time.”
But what really got Charney started was his father's job as a systems administrator back in the “vacuum tube days” of computers. Charney wrote COBOL routines at a young age, which in February 1991 led him to the DoJ's Computer Crime Initiative. In 1996, he was named the first chief of the Computer Crime and Intellectual Property Section, which combats computer and intellectual property crimes.
At Trustworthy Computing, Charney is responsible for the corporate programs that improve the security of Microsoft products, services and internal networks. This year and looking ahead, hybrid networks, the Internet of Things (IoT) and advanced persistent threats (APTs) present the biggest, and most exciting, challenges, he says.
Kristin Lovejoy, general manager, IBM's security services division
Kristin Lovejoy remembers when during her work at a Bronx correctional facility she had a security epiphany. During a paralegal study she helped run, prisoners were asked what would most deter them from breaking into a house. It could have been a gun, for example, or an alarm. Instead, prisoners gave a surprising answer: a dog.
“It was interesting because it was a profound ‘aha' moment,” Lovejoy says. “Security is not necessarily solved by the thing that one would assume solves the problem. The security problems might be solved by something quite different.”
To this day, in her role as the general manager of IBM's security services division, Lovejoy remembers that lesson. As a self-taught security professional, Lovejoy is a major proponent of talent development, especially with high school students.
“I'm passionate that you don't need to go to college to have the right skills to be hired in security,” she said.
In addition to her high school program endeavors, Lovejoy is keeping her eye on the cloud and is making an effort to explain it to people who might not have a total understanding. She wants to address concerns at varying levels to keep the field moving forward.
Ari Schwartz, senior director for cybersecurity for the National Security Council at The White House
Ari Schwartz can credit a surge in spyware as his reason for getting into cybersecurity. During his time at the Center for Democracy and Technology (1998-2010), he and his colleagues noticed an uptick in spyware, including keystroke loggers and tools marketed to spy on ex-lovers. He wrote a paper about the issue and, sure enough, companies and advocates began asking him to have the center lead a group that could define the problem and create objective criteria for identifying spyware.
Eventually Schwartz made his way to the National Institute of Standards and Technology (NIST), which launched him into the government career path. This year, he is working on President Obama's Executive Orders on Cybersecurity, as well as leading efforts on the White House Cybersecurity Summit.
“Our critical infrastructure continues to be at risk from these threats, as does the personal information of millions of Americans,” he says. “And these threats are not going away. We must do a better job of protecting both government systems and critical infrastructure while protecting privacy.”
Alex Stamos, CISO, Yahoo
For some, fascination with the cyber world can start at a young age. Alex Stamos's started at age five – in his kindergarten year – when his parents bought him a Commodoure 64 with a 300 baud modem. From there, he's continued to learn more about computers and their security features. “I still think security is the most interesting area of tech due to the fact that it is one of the only engineering specialties where you have an adversary playing the game against you,” Stamos says.
After college, Stamos joined LoudCloud, an early cloud computing company, and continued to make his
way around the tech world with stints at @stake, a security professional services company, and iSEC, a firm he started with four @stake colleagues. After selling the firm to NCC Group, Stamos landed his current Yahoo gig.
In his CISO role, Stamos wants to build products that are safe for all users, “no matter where they are or how they use Yahoo,” he said. Coming up this year, he and his team will be working on authentication methods and account lifecycle management strategies that are safe in an environment of constant third-party breaches.
Patricia Titus, vice president and CISO, Freddie Mac
Patricia Titus's career began with interpreting one of the oldest modes of communication: Morse code. Her interest in security was piqued in her role as a Morse code operator in the United States Air Force's Electronic Security Group.
“I strongly believe that this job planted the seed of my career and entrenched me deeply in cybersecurity,” she says.
Now serving as the vice president and CISO at Freddie Mac, Titus previously served as the Transportation Security Administration's CISO and held overseas jobs within the U.S. Department of Defense, the U.S. State Department and other private security firms.
Her current role requires her to maintain the protection and integrity of Freddie Mac's information assets while also allowing for information access. Really, though, Titus is keeping an eye on insider threats, especially new technologies that will incorporate human psychology with artificial intelligence to assist in monitoring for insider threats, she says.
“As this technology develops, it's going to raise the debate about where to draw that fine line – balancing privacy rights with a company's right to monitor threat activity,” Titus says. “The next few years in the security space should be fascinating.”