Caroline Wong, vice president of security strategy, Cobalt.io
When it comes to the topic of women in security, Caroline Wong is not just a woman who happens to work in security, but someone at the forefront of attempting to boost the number of women in the field.
Wong's day job is vice president of security strategy for the crowdsourced pen test firm Cobalt.io, but her spare time is spent as a LIFT Mentor at the Executive Women's Forum (EWF), where she mentors graduate students and industry practitioners on information security and career topics. The EWF has not let Wong's efforts go unrecognized, awarding her the 2010 Women of Influence Award in the One to Watch category.
She has also recently begun serving on the security/privacy program committee with The Grace Hopper Celebration of Women in Computing.
“In a world where there are not many women leaders in cybersecurity, I have seen Caroline take on a chief of staff for information security role at eBay, a security strategist role at Zynga, a security product leader role at Symantec, security initiatives leader role at Cigital, and now a VP, security strategy role at Cobalt.io,” says Rinki Sethi, senior director of information security at Palo Alto Networks and a colleague of Wong's.
In addition to using her spare time to mentor others, Wong is also an author who just published her second book. “This year I published my second book, Crowdsourced Pen Testing for Dummies. The book contains a detailed analysis of how the application security industry has advanced over the past few decades, and explores options for how to approach a variety of different testing scenarios,” she says.
Wong has a B.S. in Electrical Engineering and Computer Science from the University of California at Berkeley and a certificate in finance and accounting from Stanford University's Graduate School of Business.
Her EE degree, in a roundabout way, led to her involvement in the cybersecurity industry, a business category she was totally unfamiliar with at first. Her path to cyber began by spending a summer interning at eBay working on IT project management. After the internship was completed she asked for a full-time job, but was told there was a hiring freeze in place in that department. However, the supervisor recommended she take a look at a position on the Information Security Team.
“At the time, I didn't know anything about cybersecurity. I literally didn't know what the term “information security” meant, and the night before my interview I memorized the Wikipedia page on the subject,” Wong says.
Evidently, Wong did a fine job memorizing the information and she kicked off her cybersecurity career at eBay where she was chief of staff and manager for the e-commerce site's global information security division and then moved on to spend a few years at the online gaming company Zynga. Here she was the senior manager of its security program.
Wong seems to have found a good home in her current position – one that appeals to her interest in metrics and the application to cybersecurity. “The coolest thing about working for a crowdsourced pen testing company is the data. I'm extremely interested in security metrics and the role they play in justifying appropriate levels of investment in cybersecurity. I've worked with a lot of organizations on metrics to show the value of their application security programs, and the challenge that comes up all the time is that organizations often don't have a single source of record for pen test findings, so they can't get the data to calculate their metrics,” she says.
However, with the metrics that can be supplied with pen testing this problem goes away, she says.
Wong's friends, colleagues and co-workers also point out that Wong is a fun and caring person always willing to take some time to offer advice or make an otherwise dull task fun.
“No matter how busy she is, she always finds time for me,” says Tyelisa Shields, a risk manager at Apple. "My day-to-day work life is changed because of her influence. She encourages me to grow, learn and look out for myself in very pragmatic ways."
Cyber industry veteran John Johnson says Wong has “done it all” during her career, having worked at big companies and small in a variety of roles, and, he adds, "she's also a fun and pleasant person to work with. When we were working on putting panels together for RSA, she was responsive and thoughtful in her approach, always willing to highlight the achievements of others and engage in interesting and occasionally controversial discussion,” Johnson says. – DO