CyberWire Daily - Laura Whitt-Winyard: Securing the world. [CISO] [Career Notes]

Starting point is 00:00:00 You're listening to the Cyber Wire Network, powered by N2K. and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks and a $75 million record payout in 2024. These traditional security tools expand your attack surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools. It's time to rethink your security. Thank you. Learn more at zscaler.com slash security. Hi, my name is Laura Witt-Winyard, and I'm the CISO at Malwarebytes. When I was growing up, I wanted to be a pediatric oncologist. Being a pediatric oncologist stayed in focus for me until freshman year of college, when I realized that I don't think I'd be able to disassociate and be able to treat patients without being emotionally invested.

Starting point is 00:02:08 I took a year off once I realized that might not be for me. So I decided, let me take a year off. I worked with children that were mentally and physically abused. And that solidified things for me that it was not something I could do. I brought too much of it home with me. I bounced around from job to job trying to figure out what now, what do I want to be when I grow up, even though I was a full-fledged adult. And in 1999, I bought my first computer and it was like a light bulb went off in my head. This is when I realized that I had an insatiable desire to learn and solve puzzles. And technology was the solution for my overwhelming need to continuously learn, grow, and change. When I was getting my first modem and I was asked, what size modem do you want? And I said, medium, because I thought he meant physical size.

Starting point is 00:03:36 So there was a lot to learn, but I gathered quite a few books. I walked myself away. I figured out how to get on the internet. I sort of exaggerated my way into my first job in IT. And that desire to just understand everything propelled me forward. I was moved to a Tier 4 think tank team within four months of working in IT. And probably about a year and a half later, I was asked to join a company as one of their security architects. And from then on, security became a massive passion of mine. In the beginning, I think there might have been a bit of imposter syndrome. I remember the first time

Starting point is 00:04:26 I was relocated somewhere for a higher position. I thought to myself, I wonder if they know what they're doing. But after a while, I realized that within a few weeks, I could pick it up quite easily. And the things that I didn't know, I could learn on my own. I could learn by Googling. I could learn by webinars, by reading. And it just satisfied me so much. One of the things that I've preferred to do in my career to date has been to join a company, spend three to four years there, getting their security program up and running, change the mindset of the company about security equals compliance, not the other way around, building up a team, getting the team excited

Starting point is 00:05:22 about this cybersecurity mission that we are all on, training my successor, and then moving on to help another company. One of my mottos is I want to secure the world one company at a time. And that's pretty much what I've done and what led me to Malwarebytes. Initially, I would say the beginning was learning the environment. This is my first foray into being a vendor CISO or working for a cybersecurity company. One of our mottos is that we drink our own champagne, meaning we use our own tools internally. So understanding our tools, their capabilities,

Starting point is 00:06:13 having that Cecil hat on, and being able to work with product. So I'd like to think of myself as a servant leader. You know, my goal is the greater good, always. I mentioned previously this mission, this cybersecurity mission. It's really important to me to get the entire team on board with this mission. And it's not just about a job or a career. I like to think of myself also as in a football analogy, I view myself

Starting point is 00:06:49 as a center that paves the path for the quarterbacks on my team to reduce the noise, to give them all the tools that they need to do their jobs and do their jobs well. and do their jobs well. There's so much information out there right now. For instance, you know, there's B-Sides communities in just about every state that you could join. You know, they're very accommodating to first-time learners of cybersecurity. There's free training everywhere.

Starting point is 00:07:26 So I like to use and recommend Cyberary, which has a lot of free cybersecurity training. YouTube, Reddit, there's Discord channels on cybersecurity. Twitter, there's so much information. Gather the information. Start talking with people in the industry. That gets you into that mindset.

Starting point is 00:07:53 There's a specific cybersecurity mindset that good cybersecurity professionals have. I don't really ever want to hang up my hat. I don't ever really want to retire. What I prefer to do is start a non-profit when I'm at the point where I'm no longer being a CISO. I'd like to start a cybersecurity non-profit. I'd like for people to see that I've made a difference. Thank you. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant.

CyberWire Daily - Laura Whitt-Winyard: Securing the world. [CISO] [Career Notes]

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.