CyberWire Daily - Nicole Sundin: Women helping women. [Chief Product Officer] [Career Notes]
Episode Date: October 29, 2023Nicole Sundin, a Chief Product Officer from Axio sits down to discuss her career path and what it is like to be a woman in the cybersecurity field. As a UX leader, Nicole has devoted her entire career... to building awareness around the benefits of usable security and human-centered security to the broader cybersecurity community. She also shares some of her background as she moved her way up the later to get to where she is today. As a female in a male-dominated industry, Nicole shares her unique insights on embracing the responsibility of serving as a role model to women aspiring to contribute to the cybersecurity field, and the importance of building a diverse team. She says "Really, it's about building community in your organization and outside your organization of strong women or strong friends that you have that you can lean on when you know you're the only person in the room." We thank Nicole for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024. These traditional security tools expand your attack
surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security. Thank you. Learn more at zscaler.com slash security.
Hello, my name is Nicole San ear, nose, and throat specialist doctor
because I had a lot of ear problems growing up.
And so I was always in the ENT's office getting fixed up,
which is obviously much different than what I actually do today.
Ever since I've been growing up, I've been very interested in humans, people.
I remember talking to people as a little kid.
I was a very friendly kid.
And asking them questions
that probably kids should not ask adults, right?
But it's coming from a place of inquiry
because I was so interested
in why humans would make choices in their lives.
I became a social researcher for a university in Iowa where I was evaluating large government grants.
And this is where I fell in love with the discipline of usability.
Because I was writing these 100-page reports.
And in my head, I was thinking, there's no way people are reading this, right?
And so before data visualization was cool and everyone talked about it, I really immersed myself in data visualization and infographics.
And I started presenting that in parallel with reports so they could consume the data much more easily.
And that really led my career trajectory into design and then product at other organizations.
After I worked at the University of Northern Iowa, I moved to a job as a consultant at NIH where I would do visualization design of their budgets, their security operations, and some of their clinical research sites, their HIV and AIDS organization.
Really expanding how they're viewing the massive amount of data that they have. In that, I really started working into more custom development
and custom development design for products
to support some of those initiatives.
And there's where I really fell into the discipline
of usable security and information visualization
and retrieval and the paradigm where these two meet.
And with that education, I decided I was going to just go
all in on security products.
I started working at an organization
called Thycotic,
which is a privileged access management solution.
And they are now Delinea
because they were bought.
But I built their UX program
from the ground up,
redesigning 11
product lines, building a UX team, but really inserting UX discipline, understanding the user
in the product processes, but also in the overall organization.
We often led with a usable security message, which I'm very passionate about.
We really ingrained ourselves in that philosophy
to build the best products for our customers. After that company was sold, I started working
at Axio. And the reason why I started working at Axio was because the usable security message that
I really deeply believe in is so present in the discipline of risk management
and cyber risk quantification that Axio does. And then we received Series B funding last year.
And a couple of months ago, around six months ago, I was promoted to the chief product officer,
which was my first chief product officer job, where I'm really shaping the vision
and the strategy of the product under UX principles and usable security.
There's two things that are happening. It's harder than ever to hire cybersecurity resources. And so
you are not always getting these highly technical people joining your teams. There's a lot of mentoring and training. So the luxury of having these technical
personas is just not as high as it used to be. So you have to service them and make their jobs
easier by augmenting technology. But the second thing is, what I often talk about is that there's
always two personas that are using cybersecurity products.
They're the configuration persona, right?
That's that person who is hacking away at the command line, APIs.
They like it when it's 12 clicks to set something up because the more complicated it is, their mental model says, the more secure it is.
Obviously, that does not work for the second persona,
which is the utilization persona.
The utilization persona is where often
these workarounds are found.
They're the people that are using that two-factor.
They're the person that has to go into the vault
to get their password, right?
And those two personas could not be more different.
This is where designing for cybersecurity products gets very tricky.
And designing product, and I mean from the product feature level, gets very tricky as well because you are servicing two opposite personas.
And so in some ways you have to service that API command line person.
that API command line person.
Thinking about those two always when you're buying and implementing a product,
but also when you're designing features
or designing UI or UX for a product
is highly important as well.
So cybersecurity is absolutely a male-dominated industry
and cybersecurity technology is also a male-dominated industry, and cybersecurity technology is also a male-dominated industry.
And so it is not rare for me to sit in a room and be the only woman there.
I am comfortable with that now.
At first, it's uncomfortable, right?
But I am comfortable with that now.
But I am comfortable with that now.
The biggest thing is to find mentors and friends in your organization that you work with that you can help with influence. As soon as you have influence, you can start making moves and feel more comfortable speaking up about things that you think are good or wrong.
But finding that cohort in your organization is highly important.
That cohort in your organization is highly important.
It's also highly important to find your cohort outside of your organization where you can talk through issues that you have,
things that you've experienced,
to work through problem solving that and going back to work
and working through those problems.
Really, it's about building community in your organization
and outside your organization of strong women or
strong friends that you have that you can lean on when you know you're the only person in the room.
My leadership style is very data-driven. I have learned often in my career that if I can make a case that is backed up by data, I can influence much easier.
And so I have moved to be very objective, right, in what I'm saying.
You can't argue with data, which is very nice.
which is very nice.
I've also really tried my best as a leader to elevate and empower the voices on my team
because diverse voices are super important
in any product organization
because at the end of the day,
your user population, your customers are also diverse.
And so speaking up as a team and empowering them
to have a voice at the table is really one of the most important things a product leader can do.
And empowering them to be able to speak their mind and give advice and feedback
to the larger leadership team is also something
that I find very valuable. Thank you. us all the work for you with detailed reports so you know exactly what's been done. Take control
of your data and keep your private life private by signing up for Delete.me. Now at a special
discount for our listeners. Today, get 20% off your Delete.me plan when you go to joindeleteme.com
slash N2K and use promo code N2K at checkout. The only way to get 20% off
is to go to joindelete.me.com slash N2K
and enter code N2K at checkout.
That's joindelete.me.com slash N2K, code N2K.