CyberWire Daily - Alyssa Miller: We have to elevate others. [BISO] [Career Notes]
Episode Date: August 8, 2021Business Information Security Officer at S&P Global Ratings, Alyssa Miller, joins us to talk about her journey to become a champion to create a welcoming nature and acceptance of diversity in the cybe...rsecurity community. Starting her first full-time tech position while still in college, Alyssa noted the culture shock being in both worlds. Entering as a programmer and then moving to pen testing where she got her start in security, Alyssa grew into a leader who is committed to elevating those around her. Some stumbling blocks along the way gave her pause and helped point her in her current role where Alyssa works to bring more diverse views to improve the problem-solving in the space, something she sees as a key to success for the industry. We thank Alyssa for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024. These traditional security tools expand your attack
surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security. Thank you. More at zscaler.com slash security.
Alyssa Miller, Business Information Security Officer for S&P Global Ratings. I mean, they go back to when I was really young, but I laugh because this was definitely
not the career I saw myself landing in.
I mean, there was a time that I wanted to be an astronaut, a fighter pilot, be a lawyer.
Ultimately I enrolled in university initially in a pre-med major.
Three semesters of college-level chemistry later and I was, what can I
change my major to a year and a half into this? And that's when I stumbled
across computer science.
I had been hacking computers since I was 12 and programming even longer than that.
I changed schools and major to get into more of an MIS degree to bring in more like the business side of it.
I was still in college when I got my first full-time tech job.
I'm in the middle of a degree program in computer science.
I knew how to program already.
Companies were desperate for programmers.
So I actually landed with a large financial services company as a programmer on their electronic payment systems.
That was really my start.
I worked for that original company for 15 years. After nine years, I got asked to join their
penetration testing team, which is how I finally actually landed in security. When you're, you know,
19, full of piss and vinegar, it's kind of a weird culture shock
moving into that world. You know, I mean, I had been hacking computers since I was 12,
but never realized that that could be a career. I dropped into that role and honestly accelerated
pretty fast. You know, by the time I was 31, I was leading the entire vulnerability
management program and security testing program for, you know, a Fortune 200 financial services
company. I mean, we had 35, at that point, we'd gone through a merger, we had 35,000 employees.
After 15 years, I'd kind of seen enough of financial services. I wanted to know what the rest of the world was doing.
So I got into consulting.
And so I joined a reseller.
And had some challenges, honestly, from a career perspective.
Specifically, I got passed over for a promotion, a promotion that the incumbent who was leaving
had recommended me for to multiple levels of the org, things where I didn't feel like I got
treated fairly. That really kind of crushed my self-confidence. And so I kind of took a step
back, got into an individual contributor role as an application security consultant, which was great.
My goal was I was going to focus on the public speaking side that I was really enjoying.
I was going to travel internationally a whole lot more.
And then three months after I joined the organization, this little thing called COVID popped up.
little thing called COVID popped up.
This role where I'm at now, this business information security officer role at S&P came up just through my network that I have developed on social media.
It was an opportunity to do something really amazing, to take over security leadership
for an entire division of S&P.
And to be able to jump into that role was a pretty exciting change.
My leadership style actually can be summed up in an article i wrote on linkedin and the title of it is bosses demand leaders inspire and i learned this from my very first salary job and that's
really my goal i want to hire people who are intelligent who have potential to grow and to be amazing and wonderful.
I want to help them be amazing and wonderful because the more amazing and wonderful they are,
the better I can do my job. I view myself as the one that's there to give them a vision,
give them some direction with some objectives and leave it to them to really drive us forward
and challenge me when they think that
direction isn't the right way to go or they think, you know, we should accomplish it in a different
way. You work for the company. You work with me. I'm a big proponent that we have to elevate others. The cliche of the rising tide raising all ships, it's true.
My focus has always been on the security community, right?
I mean, I'm a child of hacker culture.
I'm hearing that from people in the community,
that the efforts that I and others are making are having an impact on them.
The reality is there are so many people
in this community now who are just committed to really trying to elevate others and really
help improve the welcome nature and the diversity, quite honestly, of this space.
I say this a lot. Info security is about problem solving. It's not about technology.
And to improve problem solving, you need those diverse perspectives. You can talk diversity
of thought all day long, but diversity of thought does not come from having 20 white male cis
heteros in a room. They can't speak to the experience of a black woman
or a Hispanic man or a transgender woman.
We can't deny that the culture you come from
shapes your experiences in a very real way.
We need those varying perspectives,
and you will not get that when everyone in the room looks the same.
It can be hard to navigate. How do I go in there and have a conversation in their language and
approach things their way without necessarily compromising my ideals and how do I stay true
to myself? We need to be able to understand their motivations,
speak to their motivations, and show them how we bring value to what it is that's most important
to them. Because that's how we're going to get security to be a higher priority and to be
addressed the way that we all know it needs to be done.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private
by signing up for Delete.me.
Now at a special discount for our listeners.
Today, get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout.
The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code n2k at checkout.
That's joindeleteme.com slash N2K, code N2K.