Meet the IAM Disruptors: Danielle Jackson
Danielle Jackson recently joined the SecureAuth executive leadership team as the company’s first Chief Information Security Officer (CISO). Danielle brings more than 15 years of leadership experience in network, system, data, cloud and security design, and joins SeureAuth to help define the security and compliance roadmap for the company’s product portfolio, continuing the momentum of preventing the misuse of stolen credentials.
Danielle’s expertise in developing and implementing governance, risk and compliance (GRC) frameworks meets today’s sophisticated information security challenges, but here’s a deeper dive into her favorite technologies, career motivations and personal take on the cybersecurity industry:
What is your favourite personal gadget?
My cell phone
What item improves your life most at work?
Headphones. I've always got a pair with me. It's a device that's become an accessory. I make calls with them, throw them on when I'm on a flight, and if I need to concentrate on reading a policy or document, it helps me stay productive in an open space.
Is there any technology that has become extinct that you would like to resurrect?
No, because I appreciate the advancement of technology, the changes it brings and the challenges in securing them. I've also been in environments where I thought certain technology was extinct. I'm convinced all tech (new and old) is still alive in some form.
What are your thoughts on the next transformation in the cybersecurity industry?
I'm hoping that the next transformation is a business transformation. I would like to see organizations embrace and welcome security teams as a business partner and a business enabler. I think this will most likely happen in tech first, but am hopeful other industries and verticals will follow suit.
What is the greatest transformation in cybersecurity you've witnessed?
I believe we, as consumers of technology, are all witness to and part of the transformations that happen in cybersecurity. Biometrics on phones and multi-factor authentication for day-to-day transactions have transformed how we access information every day. I expect transformations in this industry to continue to evolve as technology advances.
What is the current state of the cybersecurity industry?
Billions are spent on network and endpoint security, yet breaches still occur and are on the rise. It seems like there’s a new major breach every month we read about in the news. Sixty-three percent of all breaches involve the use of stolen credentials; that’s a huge element that cannot be stopped by network or endpoint security. Historically, two-factor authentication was the answer, but it causes an undesirable balancing act between “security” and “usability,” in which neither can be maximized at the same time successfully. Forward-thinking organizations are moving towards a fundamentally new approach to identity and access management by deploying adaptive-access control methods and multiple pre-authentication risk checks. This strategy provides both high security and great usability while still offering flexibility and fitting into existing infrastructures.
How can businesses ensure they remain compliant with constantly-changing data privacy laws?
This is a challenge, but there are a few approaches here, depending on the size and maturity level of the business. Enterprises that are larger in scale and have a strong global presence often have legal teams, privacy officers and compliance personnel dedicated to keeping organizations, like security, up-to-date with data-privacy regulations. I would encourage security and compliance teams that are a part of larger enterprises to leverage their legal teams for guidance and support on data-privacy requirements. For those entities that are smaller in scale or may not have the funding or staff to support a dedicated team or privacy-officer position, I would recommend a security framework and attest to a compliance audit annually. I would also recommend that smaller organizations go above and beyond what is expected for data-privacy protections. This usually provides additional cover in the areas of security and confidentiality of systems and data.
Who or what motivates you?
People motivate me. My children motivate me to lead by example. I'm motivated by those who try their best every day. I'm also motivated by those who are less fortunate. I'd like to be in a position one day to give back. I'm motivated to do more, so I can give more.
Why did you decide to pursue a career in technology?
I'm always up for a challenge. Technology is everywhere. It’s in the way we communicate, how we drive and how we advance. It wasn't something I wanted to avoid; but rather, it was something I wanted to embrace in my career.
What has been your most interesting job so far?
All my positions have been interesting in their own way, but perhaps the most rewarding was my time at AOL. Being a part of changing technology while making a positive impact on how technology works with the community was a rewarding experience.
What are your thoughts on the gender gap in the IT industry – why is this the case?
Historically, technology has been a male-dominated field...and still is. Security wasn't always an industry or organization that was well funded or supported, often taking talent and budget from the technology side of things. With more men in the workplace overall during a time when cybersecurity was not in most enterprises, it's only natural that more men than women took on roles in the security space once the industry picked up steam. However, over the last five years, I've noticed a significant increase in the number of women working in tech. I hope this trend of women in the cybersecurity space continues, filling the large disparity between male and female security professionals.
Want to learn more about Danielle? Check out the announcement on her appointment to CISO at SecureAuth here!