Network Security, Vulnerability Management

2014 Women in IT Security: Wendy Nather


"Wendy personifies grace under pressure," says Mike Rothman, a consultant with Securosis. "She works through everything in front of her with a great sense of humor, and that is inspirational. On the job front, she brings a broad perspective to her job leading 451's security team. She leads by example and has been able to build a great team at 451 Research.

From a school-aged start in BASIC and working on Suns and a PDP-11, Wendy Nather began her career in technical writing – documenting Gosling Emacs for UniPress Software, and working within the systems administration group for O'Connor and Associates in Chicago. After working in Zurich, Switzerland, managing the Unix Sysadmin Team for the investment banking division of Swiss Bank Corporation, now UBS, she moved to London to be the director of IT security for the EMEA region. 

She returned to her hometown of Austin, Texas, where she worked as the information security officer for the Texas Education Agency, working on the state data center consolidation project while participating in security policy and rule-writing. 

Wendy Nather
Research director of security, 451 Research 

In 2010 she joined 451 Research as a senior analyst, and she now serves as research director for the information security practice covering many different areas, with a heavy focus on application security, security services and threat intelligence.

Rothman notes that Nather is modest and unassuming, but, he says, "when you get to know her you find a depth of intellect, wit, perspective and caring that is unique. Our industry is better because she's in it."

Nather emphasizes the importance of security as a service rather than a control mechanism. She believes there is much work to be done in educating leaders about risk and to raise some organizations out of what she refers to as the security poverty line.

"I firmly believe that for most organizations, security functions best when it acts as a service organization, not a control organization," Nather says. "It is there to help the rest of IT and the business – which includes figuring out how to secure the infrastructure and business processes without getting too much in the way."

As a CISO, she says she has walked business leaders through risk assessments and advised them on decisions that addressed the risk as they saw it. "There is no point in fighting with your own management. Having said that, we still have a long way to go to educate executives on the real risks out there." 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.