Content

Women in Security: PowerPlayers

Dawn Beyer
senior fellow, Lockheed Martin

Dawn Beyer didn’t know it when she left her Florida home at age 17 some 30 years ago to go into the Air Force, but she was about to embark on a long career in the military, intelligence and cyber.

Over a 24-year career in the Air Force, Beyer says the military helped pay for four degrees, culminating with a doctorate in information systems from Nova Southeastern University.

Beyer says her first job in security was as a terminal area security officer where there might be an office of 10 people and only one or two desktop computers available to the staff. She says the job mostly entailed running checklist items, but gave her a background in IT security that the military put to work for more than two decades.

“I had experience in IT security, and was also trained to handle sensitive information, which fit in well with my work in IT,” Beyer says.

Then in 1998 there was a security event with an advanced persistent threat (APT) involving a nation-state that heightened Beyer’s interest and awareness in security. From that point, Beyer recognized how important the field was becoming and how important it was to national defense.

When asked about being a woman in a male-dominated field, she says for most of her career, she would go into a meeting thinking about the points she wanted to make in a meeting – and never noticed that the room was all men.

“Some of my best supervisors were men. They would always support my goals and would let me work on the type of projects I was interested in,” she says.

Then in the past year Beyer was in a meeting with one of her leaders and was asked how many women participated in a recent cyber event. She said that there was only one.

“From that point on I made it more of a goal to help women work through the challenges of working in a male-dominated field,” Beyer says. “In many ways it’s not about a women’s technical capabilities, they are often brilliant. The best thing we can do is encourage women to take risks in their careers and build up their confidence.”

Beyer says Lockheed Martin works closely with local high schools, community colleges and universities to attract women into the IT and cybersecurity fields. She tries to expose interested candidates to the broad number of opportunities in cybersecurity. Beyer says many people assume cybersecurity personnel work mainly on incident response, but there are many jobs in the field, including analysts in a security intelligence center, threat research, forensics, embedded security, privacy and risk analysis and management.

“People are often limited about what they know about the field,” Beyer says. “But once I point out all the possibilities, they often say they didn’t realize cybersecurity was so broad.” – Steve Zurier

Jadee Hanson
CISO, vice president of information systems, Code42

Jadee Hanson’s cybersecurity bonafides are clearly recognizable – CISO at Code42, Target’s senior director of information security – but it’s the numerous activities in which Hanson is involved that push her to Power Player status.

In her role at Code42, Hanson serves as a mentor and advocate for women, but that is only the tip of the iceberg. She often participates in speaking with local security groups on the issue of boosting the role of women in security and discusses the issue in outlets like WeAreTheCity. This organization was started in 2008 as a centralized site that houses a multitude of career development resources helping women gain new skills, grow their networks and ultimately progress in their careers, including cybersecurity.

“Jadee is not only committed to putting the protection of our customers’ data first, but is also an advocate for women in technology and drawing on diverse viewpoints to solve business challenges,” says Joe Payne, Code42’s president and CEO.

Hanson was behind having Code42 work with the Girl Scouts. In the past year Code42 has hosted two events with the Girl Scouts at which more than 150 girls earned STEM and Cybersecurity badges.

“We have to start encouraging participation at the next generation of workers. One of the ways we do this at Code42 is through a partnership with Girl Scouts.  We house Girl Scouts here to get their STEM Badge or Cybersecurity Badge. In fact, we’re the first company within the River Valley region of Girl Scouts to host the Cybersecurity Badge. They’re not all going to choose a career in cybersecurity, but the thing that we’re trying to do is make sure that the younger generation knows and believes that if they do want to choose this career path, there’s a place for them,” Hanson said in a GRA Quantum article.

“The active role Jadee takes in developing her team, supporting professional networks and championing educational events with children is paving the way for women to make a bigger impact on the security industry in the future,” Code42 said about her actions.

In addition to numerous extracurricular efforts to boost the number of women in security, Hanson has also worked tirelessly internally to improve her Code42 team. This includes crafting a vision statement for the security department with a philosophy that the team should be a collaborative service organization that enables innovation rather than a mysterious, feared entity – one that says yes instead of no.

Hanson’s efforts to help others also extends outside the tech field. She is the founder of Building Without Borders, a non-profit started in 2015 with the mission to serve those in poverty-stricken locations around the world through housing services. Since April 2015 it has built 42 homes in the poorest areas of the Dominican Republic. – Doug Olenick

Priscilla Moriuchi
director of strategic threat development, Recorded Future

Asia is home to some of the world’s most sophisticated state-sponsored hacking groups, but just because they share a continent doesn’t mean they operate by the same playbook.

That’s what makes Priscilla Moriuchi’s expertise so valuable: she has that unique combination of government background, cybersecurity knowledge, and geo-political experience that allows her to develop a keen understanding of foreign cyber operations.

As director of strategic threat development at cybersecurity company Recorded Future, Moriuchi serves as a preeminent expert on Asian cyber activity, with in-depth knowledge of China and North Korea. Moriuchi joined Recorded Future in April 2017 after spending 12 years at the U.S. National Security Agency (NSA), most recently as its enduring threat manager, leading the agency’s East Asia cyber threats office. Among her responsibilities at the time was assessing whether China was adhering to its 2015 agreement to refrain from stealing intellectual property and trade secrets from U.S. corporate firms.

Earlier this year, Moriuchi authored a paper released during the annual RSA show revealing how China exploits social media platforms to sway the opinions of Westerners and portray China in a more sympathetic light. According to the report, Chinese state-run news agencies use social media to spread biased, English-language content that favors China’s stance on global issues such as the ongoing trade war with America.

As part of Recorded Future’s Insikt Group research team, Moriuchi has also recently investigated how China and Russia manage their respective national vulnerability databases. The team found that China is on average much faster than the U.S. at reporting the latest confirmed product vulnerabilities in its National Vulnerability Database (CCNVD). However, Recorded Future also accused China of manipulating CCNVD records to cover up evidence that the Ministry of State Security withheld public disclosure of certain vulnerabilities while it evaluated the viability of exploiting them in offensive cyber operations.

Meanwhile, research into Russia’s vulnerability database, the BDU, found it to be far less comprehensive than its American counterpart, omitting many critical bugs while focusing heavily on flaws that appear to be specifically relevant to Russian state information systems.

Moriuchi also collaborated on research into the digital behavior of North Korea’s most senior leadership. The investigation revealed that the country’s ruling elite are technologically savvy and use the internet to circumvent international sanctions, as well as generate revenue through means such as cryptocurrency theft.

Moriuchi has become a prominent voice in the cyber industry, speaking out on the need to recruit more women as skilled talent, while openly acknowledging the challenges these women can face when entering the field. – Bradley Barth

Eve Maler
vice president of innovation and emerging technology, ForgeRock

A strategist and innovator in the digital identity, security and privacy space, Eve Maler has been assigned quite a few of her own “digital identities” over an accomplished 34-year career.

For starters, she earned the nickname “XMLgrrl” for her work as a co-creator of Extensible Markup Language (XML), which debuted in the late 1990s. She was later called “SAML Lady” for her role in the invention of the Security Assertion Markup Language standard for exchanging authentication and authorization data between parties.

And she has referred to herself as “chief UMAnitarian” for founding and leading the User Managed Access Work Group that’s been developing UMA, an OAuth-based access management protocol standard. The group operates under the auspices of the non-profit Kantara Initiative, whose website describes the group’s mission as developing “specs that let an individual control the authorization of data sharing and service access made between online services on the individual’s behalf, and to facilitate interoperable implementations of the specs.”

Currently vice president of innovation and emerging technology at identity and access management provider ForgeRock, Maler drives advances in privacy and consent that enable user-controlled and compliant data sharing across web, mobile, and Internet of Things contexts.

She also directs the company’s engagement in interoperability standards such as Health Relationship Trust (HEART), which is a set of profiles that gives health care patients the power to specify how, when, and with whom their clinical data is shared. In fact, Maler co-founded and co-chairs the OpenID Foundation’s Health Relationship Trust Work Group.

Additionally, she serves as a trusted advisor to public and private forums specializing in key initiatives such as open banking, which requires strong authentication protocols.

Prior to ForgeRock, Maler was a principal analyst at Forrester Research, where she consulted with clients on such topics as emerging identity and security solutions, consumer-facing identity, distributed authorization, privacy enhancement and API security. Before that, she was named distinguished engineer of identity services at PayPal, which followed a long stint with Sun Microsystems, where she served as technology director and XML standards architect. Other key stops along her journey included Arbortext and Digital Equipment Corporation.

“Even is an extremely bright and quick technologist with deep insight into standards and politics surrounding them,” said Gerald Beuchelt, CISO at LogMein, in a recommendation posted on Maler’s LinkedIn page.

“I consider her to be one of the leading figures in user-centric identity, having contributed to many internet standards, adds John Bradley, senior architect at Yubico, in another recommendation. – Bradley Barth

Lisa Monaco
partner, O’Melveny

Two years ago at the Council on Foreign Relations, Lisa Monaco, then counterterrorism advisor to President Obama, called out compromised data integrity as a serious threat going forward and stressed that the U.S. was open to using every tool in its arsenal to battle nation-state cyberinterference, noting the country just need to be nimbler and quicker on the draw.

Well-known for her work with the White House and as the assistant attorney general for mational security in the Justice Department, Monaco regularly drew praise for making cybersecurity a priority, including her leadership in the U.S.’s response to a number of security risks, cyber and otherwise, both domestically and internationally.

As the chair for the Homeland Security Principals Committee, she helped develop and coordinate policy and response to cyber threats, terror attacks and other crises. Her latest gig as a partner with O’Melveny, heading the Data Security and Privacy group with partner Steve Bunnell, leverages her 15 years of experience at Justice and stint in the Obama administration to guide clients through security-related sensitive governance, legal, regulatory and policy concerns.

A Distinguished Senior Fellow at the Reiss Center on Law and Security at New York University Law School and at NYU’s Center on Cybersecurity, Monaco also serves as co-chair for the Aspen Institute’s Cybersecurity Group, a public-private forum that includes industry leaders, former government officials, Capitol Hill leaders, and members of academia and journalism aimed at bringing cybersecurity to the forefront and putting action to words.

She is a member of the Council on Foreign Relations, a senior fellow at Harvard’s Belfer Center on Science and International Affairs and a senior national security analyst at CNN.

After graduating Harvard and the University of Chicago Law School, Monaco clerked for Judge Jane R. Roth on the United States Court of Appeals for the Third Circuit.

Her dedication to public service has garnered her a number of awards, including the Justice Department’s highest hone – the Attorney General’s Award for Exceptional Service – as well as the Edmund J. Randolph Award, which recognizes outstanding contributions to the department. – Teri Robinson

Malini Rao
vice president, information security, Deutsche Bank

With more than 18 years in cybersecurity, Malini Rao has extensive experience and expertise working globally for Fortune 500 clients in various areas of cybersecurity such as application security, cloud security, DevSecOps, security operations, governance, risk and compliance management, cyber risk management, IOT security and identity and access management.

Malini has managed large multimillion dollar projects and large teams globally. She has rich experience working in various industry verticals like financial services, retail, consumer goods, energy as well as for oil and gas industry clients globally. She has worked as a program manager, CISO and a global practice head in the various roles she has taken on over the years.  – Teri Robinson


Lisa J. Sotto
managing partner, New York office, Hunton Andrews Kurth LLP

In the 20 years since Lisa Sotto started building what eventually became the storied privacy and cybersecurity practice at Hunton Andrews Kurth, she’s helped prominent clients like Hudson’s Bay Company and Yahoo! navigate thorny privacy issues as they try to recover from massive breaches.

Sotto’s influence has been felt on boards around the country and across industry sectors that she advised on information governance issues surrounding privacy and safeguarding data. She’s worked side by side with organizations to develop and enhance formal privacy programs compliant with an array of legal and regulatory requirements worldwide, encompassing technologies such as facial recognition, wearables, retail tracking and geolocation as they emerge.

Sotto spent the better part of 2018 preparing more than 50 U.S.-based multinational clients like PepsiCo, Tiffany & Co., The Western Union Company and Proctor & Gamble to meet GDPR requirements, which took effect in May 2018. Her more recent work included helping organizations like Verisk and Rite Aid comply with the California Consumer Privacy Act of 2018 by its January 1, 2020 deadline. 

In 2017, she was tapped by the U.S. Department of Commerce to aid in its first joint review with the European Commission (EC) of the EU-U.S. Privacy Shield framework for data protection compliance. Sotto brought her voluminous expertise to bear during testimony before the EC, various U.S. regulatory agencies and several EU Data Protection Agencies (DPAs).

For the Judicial Reform and Government Accountability Project funded by USAID, Sotto advised the Serbian government on the legalities of global data protection and has been invited by other governments in China, Thailand and Myanmar to inform them on global privacy and data security law. She is currently working on Democratic presidential candidate Kirsten Gillibrand’s lawyers’ committee and has briefed candidate Pete Buttigieg on privacy and security issues.

For the past 13 years she has been a member of the U.S. Department of Homeland Security’s Data Privacy and Integrity Advisory Committee, where she is now the chairman. Sotto has worked closely with the U.S. Chamber of Commerce on its global data breach notification laws report – she and FTCD Chairman Noah Phillips presented the report in Brussels last October.

She is also editor and lead author of the best-selling Privacy and Cybersecurity Law Deskbook, a treatise to guide those tasked with managing privacy and cybersecurity law issues. The book includes a roadmap for compliance with global data protection laws as well as state breach notification requirements. - Teri Robinson

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.