CyberWire Daily - Caroline Wong: A passion for teaching. [CSO] [Career Notes]

Starting point is 00:00:00 You're listening to the Cyber Wire Network, powered by N2K. and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks and a $75 million record payout in 2024. These traditional security tools expand your attack surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools. It's time to rethink your security. Thank you. Learn more at zscaler.com slash security. Hello, my name is Caroline Wong, and I am a chief strategy officer. So when I was really young, I wanted to be a giraffe. And then I wanted to be a rock star. And then I wanted to be president of the United States.

Starting point is 00:02:02 So when I was 16, my Chinese immigrant father asked me what I would like to study in college. And I said to him, I'd love to study dance because dance is my favorite thing to do. And I said, I would consider studying psychology because that field is very interesting to me. And my father said to me, you're going to study engineering and you're going to attend the best school you get accepted to.

Starting point is 00:02:22 And in my household, that was just how things worked. the best school you get accepted to. And in my household, that was just how things worked. I applied to UC Berkeley and I got accepted to the Electrical Engineering and Computer Sciences program. And I did it. And it was quite an adventure. I was looking for a summer internship between my junior and senior year, and I ended up working at eBay in IT project management. And then when I graduated from college, I asked my internship manager if I could possibly work for eBay full-time. And he said, Caroline, there's actually a hiring freeze in IT right now, so we can't offer you a full-time position. But there are entry-level positions available on the information security team, and the rest is history. I found myself as a college student trying to decide if I was going to spend time

Starting point is 00:03:18 going to class or doing my homework. In my computer science classes, we were being asked to program, essentially, today, what is Google Maps, which at the time was MapQuest. You know, in my electrical engineering courses, we were being asked to design nano semiconductors. It was really intense. And it gave me an enormous appreciation for my technical colleagues. And it gave me an enormous appreciation for my technical colleagues. Professionally, I've never actually done engineering work. I've always been kind of on the strategy side, the project or program management side, the leadership side of things. I got so lucky at eBay. I worked with eBay's then chief information security officer, and it was really such an amazing way to learn about the field. I actually wrote a book a couple

Starting point is 00:04:17 of years after I left eBay. After I left, I was then on the Zynga security team, and I helped to write the information security policies to take that company through its IPO. Then the book comes out in 2011, and that book has been inaugurated in the Cybersecurity Canon Hall of Fame, which is something I'm extremely proud of. After Zynga, I did a brief stint at Symantec in global product management. I actually loved that job and I could see, you know, a different kind of parallel universe version of my life where I did that job for like 10 or 15 or 20 years. I just adored the people that I got to work with. But Symantec as a company was going through a lot of change at that time. When I was there, I think they had something like four different CEOs in the span of four years. So there was just a lot of change going on. And I end up pivoting from working primarily in

Starting point is 00:05:18 the GRC, governance, risk, and compliance side of information security into the application security field. I take a job at a company called Sigital. Sigital later got acquired by Synopsys. And when I was at Sigital, I led more than three dozen what are called B-SIM assessments. I got to travel all around the world and talk to people who are making software and ask them about software security activities and write recommendations and give them a scorecard. And after doing that for a few years, I found myself at Cobalt. So I joined Cobalt, which is where I am still currently, when it was just 10 people in 2016. And since then, it's just been really fun to watch the business grow. I would describe my leadership style as gritty and radically transparent.

Starting point is 00:06:17 So I like to be really open with my teams. I like to hire people who are much smarter and better than I am. I like to hire people who are true experts at what they do. And I like to provide them with a lot of business context so that they can understand what's happening with the organization. And I ask them for the recommendations. So I really look at my style of leadership as partnering with the folks that are on my teams. The advice that I give to folks in this type of a situation is to use a market-driven approach. So a common question that I get asked is, Caroline, I'm really interested in getting into cybersecurity. What certifications

Starting point is 00:07:14 should I get? And I'll say to that individual, hey, I think there's actually an alternate way of looking at this problem, which is instead of asking what certifications should I get, you should ask, what does the world need right now? And you can actually do that in an extremely data-driven way. You simply go on LinkedIn or Indeed or whatever job posting website there is, and you begin to familiarize yourself with the security roles that are open and on the market right now. And if you look at 50 or 100 different roles that are at the level that you're interested in getting into, that data is going to be able to tell you far better than me or I think anyone else in the field about what certifications you should go after and what sort of skills you should try and develop.

Starting point is 00:08:11 I think that using a market-driven approach to identifying what skills you want to develop next is always going to be in someone's best interest. I hope to be remembered as someone who has made a positive impact on the industry and someone who was a teacher. I think that my favorite part of the work that I get to do is teaching, and in particular, being able to communicate about cybersecurity concepts to a wide audience. I have such tremendous gratitude. My father is one of the reasons that I have had confidence in my life to try and do hard things. had confidence in my life to try and do hard things. He always instilled with me a belief that I could and that I should certainly try. And I can see sort of the richness of the lifestyle that I get to lead.

Starting point is 00:09:20 I feel so lucky that I get to work remote full-time from home. When I want to, I get to work remote full time from home. When I want to, I get to travel to really fun places. I get to work with extremely interesting, really smart people. And I get to do work that I think has a positive from Black Cloak. And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home? Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives. Because when executives are compromised at home, your company is at risk. In fact, over one-third of new members discover they've already been breached.

Starting point is 00:10:30 Protect your executives and their families 24-7, 365 with Black Cloak. Learn more at blackcloak.io.

CyberWire Daily - Caroline Wong: A passion for teaching. [CSO] [Career Notes]

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.