As chief information security officer of Very Good Security, a company that uses public cloud infrastructure, Kathy Wang said she is focused on limiting data exposure.

“It’s actually all about making sure that the exposure of the data is very much limited on your public cloud because you have to let customers, for example, to access their data, but you don’t want to do it in a way that exposes any of the data to any unauthorized parties,” Wang told Sam Curry, CSO at Cybereason, during the CISO Stories podcast by Security Weekly, a sister brand of SC Media.

“We’re looking at risks associated with that [access to data in the cloud] and we’re also looking at the risks that come with other vendor, third-party infrastructure, as well, which is extremely difficult to track. I think every CISO knows that. It’s, like, ‘OK, applications: What applications need access to what, and who’s using what application at what time.’”

Click here to listen to episode 37 of the CISO Stories podcast: “Extending detection and response to the cloud.”

Having very good visibility and monitoring capabilities of the infrastructure, and into the different cloud environments — such as development, testing, staging and production — is a big part of the job.

“It’s all about proper access controls,” said Wang. “IAM [identity access management] is a very big part of it.”

Wang has worked in government, commercial, and technology startup environments. Wang co-authored the book “Beautiful Security,” and holds a bachelor’s and master’s of science in electrical engineering from the University of Michigan, Ann Arbor.