In the cybersecurity field, it’s easy to forget there’s a person behind the keyboard using the technology. And rather than focusing on the technology, Wendy Overton tries to help companies proactively identify the risks and help people through employee assistance programs instead of having them think everyone is bad.
“People just might be in a tough situation or not know the rules because no one ever shared the security policy with them,” said Overton.
Until recently, Overton led Optiv Security Inc.’s insider risk mitigation program. She currently serves as an adviser for Safe Security, as well as on the partner advisory board of Code 42.
Overton said she tries to help people figure out what is expected of them before a situation gets to the point where someone decides to take intellectual property with them before they leave a job because they think it belongs to them, or take it upon themselves to publicize something because they ideologically disagree with something an organization is doing.
And it’s a conscious decision on their part if they do end up doing something drastic, she said.
Just the fact that an organization is implementing an insider threat program can hurt more than it can help, Overton said. For example, productivity trackers inherently implies that you don’t trust your employees, which could lead to disgruntled employees who may not be excited about what they do.
Plus, maybe organizations need a different hiring process if they don’t trust their employees.
While part of Optiv’s cyber strategy organization, in addition to its security in mergers, acquisitions and divestitures; and Cybersecurity Maturity Model Certification (CMMC) offerings, Overton had a hand in its recruiting process to ensure it was recruiting, interviewing and, when appropriate, hiring diverse security practitioners by working with universities and diversity centric organizations.
In addition to things such as race and gender, Overton said she looks for what people can bring to the table in terms of their diverse background or experiences. While acknowledging having some IT background helps, it’s the problem solving and diversity of thought that people who may have a non-technical education that adds value to an organization.
Overton herself has a liberal arts background in East Asian studies and Mandarin Chinese while an undergraduate at Western Washington University. After earning a master’s in international relations at George Washington University, she focused on foreign policy at the National Security Agency, but also learned about tech and cybersecurity while there. She eventually earning a Certified Information Systems Security Professional in 2020 while at Deloitte.
She said she was lucky to have people who believed in her and valued the things that she brought — her background and thinking — that wasn’t necessarily a cybersecurity education.
“People can learn, people can pick it up. And if they're passionate about it — that's what's most important,” she said. “At the end of the day, you can be the smartest cybersecurity person in the room, but if you don't care about it, you're not going to do your best job.
“And, frankly, women and people of color are super underrepresented in security, so anything that I can do to help get people in the door that I know that are more than deserving is a huge passion of mine.”