Michelle Valdez, senior director of cybersecurity resilience and strategy, Capitol One
Securing a corporation from a cyberattack is not a simple or easy process. It is complicated further when part of the necessary infrastructure needs to be built from the ground up.
But that is what Michelle Valdez undertook and accomplished in her current role as Capitol One's senior director of cybersecurity resilience and strategy. Valdez built the division from scratch, including its budget and resource management, communications and awareness, metrics and reporting, cybersecurity resilience initiatives, and cybersecurity capability maturity.
“She has the ability to help her team members reach their full potential and be strong contributors, even when her team members are challenging to work with and can develop large-scale projects and then break the projects into manageable tasks so that the team can accomplish goals and continually make progress,” said friend and former colleague Roselle Safran.
Dealing with corporate resilience is Valdez's primary passion, at least on the job, and one she is able to pour into her position at Capitol One.
“The reason resilience spoke to me was because I had spent most of my career focused on threat with never feeling like I was truly making a lasting impact. Resilience focuses on impact, which needs to be balanced with threat – so I help my company put those critical capabilities in place that bring that balance, so regardless of the threat, we can minimize the impact of any disruption,” she says.
Her accomplishments at Capitol One is symbolic of her previous efforts. She has multiple degrees, including masters degrees in justice and public safety and information systems technology from the University of Washington and Auburn University at Montgomery, respectively. She then moved on to serve in the U.S. Air Force for seven years, including a stint as operations officer for the Office of Special Investigations, as an analyst for General Dynamics, Department of Defense Cyber Crime Center, and chief of staff of the Director of National Intelligence. She then moved on to CERT Software Engineering Institute where she was a team lead and senior engineer on the Cyber Risk and Resilience Team.
“Valdez honed her ability to create new cybersecurity programs while at CERT, in a role where she was helping support the Department of Homeland Security,” Safran says. "There she played a critical role in designing, developing and implementing DHS's initiative to enable information sharing with critical infrastructure, the Cyber Information Sharing and Collaboration Program (CISCP)."
Valdez says that after leaving the Air Force she took a position at the Defense Cyber Crime Center where she helped build out the brand and the organization, which is where she first gained experience dealing with cybercrime.
“Prior to that, I had no experience in computer crime but knew this was a field that I could build a career upon,” she says, adding that her interest in resilience came when she moved to Carnegie Mellon Software Engineering Institute where she helped support the Department of Homeland Security.
“After spending over two years building a cyber information sharing program for DHS, I took SEI's course on the Resilience Management Model. I knew immediately this was my next adventure. I moved to the Resilience team at SEI and have been working in resilience ever since,” she says.
Safran also notes Valdez's ability to figure out what is coming down the road as another reason for her success. “She has an amazing ability to think strategically about cybersecurity issues, develop plans and then follow through with excellent execution. She can also identify where the industry is heading – or needs to go – far ahead of the curve." As an example of this, Safran says Valdez was talking about the NIST CSF years before most people know what it was.
And Valdez put her prognostication on NIST to good use at Capital One developing a comprehensive plan to mature all of Capital One's cybersecurity capabilities using the NIST Cybersecurity Framework, which was approved by the company's board and regulators.
Valdez's ability to quickly adapt to new situations also garnered high praise from her co-workers. “I have had the pleasure of working with Michelle in support of our internal resilience program and find her passion and experience in process definition and rigor in support of security controls and requirements to be second to none," says Brandon Young, managing director of cybersecurity framework and risk assessment at Capitol One. "Her background and ability to quickly assimilate the culture to understand how we operate has led to high quality interactions and recommendations that are based in reality and not strictly academic." – DO