Mission

Search

Security by Default, with Cybersecurity Consultant Jenna Waters

Play episode

Companies big and small, old and new are trying to get a handle on the best way to secure their data. But the challenge is that there is so much that goes into cybersecurity, it can be overwhelming for a company to oversee it internally…These vast challenges are often shouldered by a couple people in the IT department who are left to defend an entire company against a host of bad actors. 

“Cyber security is one giant game of whack-a-mole. It is either, you’re trying to take out the threats against your company as they’re attacking your organization or entity, or you’re trying to tackle one problem at a time as it comes up because you never assessed what those problems could be in the first place.”

To help defend against these nefarious attacks, more companies are employing the services of third parties to aid them in their defense. Jenna Waters is a Cyber Security Consultant at True Digital Security, where she specializes in assisting clients with security development and threat intelligence. On this episode of IT Visionaries, Jenna explains how her service in the military led her to defending clients  from cyber criminals. She also explains cybersecurity essentials every company should deploy, plus she speaks to the future of privacy regulation and the need for security professionals to align their personal goals with the business.

Main Takeaways

  • Out of Alignment: When designing your security measures, you have to take into account what the goals of leadership are. If you are pushing strict security measures on your product and services and they are hampering leaderships’ ability to sell the product, you are going to consistently be pushing against the current when it comes to implementing your policies, so you have to make sure you are aligning your values with the businesses.
  • Secure by Default: When developing in-house software systems, make sure you are designing these systems with security in mind. When software or products are developed with security measures already in place, you can see as much as 80-90% of the security work will already be done. When systems are not designed to be secure, it creates a scenario where patchwork security systems need to be developed, making the product more vulnerable.
  • Lonely, I’m So Lonely: One of the key issues with the alignment of IT and security teams is that they often operate in silos or within departments that don’t know how to manage them or have the proper resources and budget to support the vast needs of a cybersecurity team.

For a more in-depth look at this episode, check out the article below.


Article 

Companies big and small, old and new are trying to get a handle on the best way to secure their networks. But the challenge is that there is so much that goes into cybersecurity, it can often be overwhelming for a company to oversee on its own…These vast challenges are often shouldered by a single individual in the IT department who is left to defend an entire company against a host of bad actors. 

“Cyber security is one giant game of whack-a-mole. It is either, you’re trying to take out the threats against your company as they’re attacking your organization or entity, or you’re trying to tackle one problem at a time as it comes up because you never assessed what those problems could be in the first place.”

To help defend against these nefarious attacks, more companies are employing the services of consultancy agencies to aid them in their defense. Jenna Waters is a Cyber Security Consultant at True Digital Security, where she specializes in assisting clients with security development and threat intelligence. On this episode of IT Visionaries, Jenna explains how her service in the military led her to defending other types of criminals. She also explains cybersecurity essentials every company should deploy, plus she speaks to the future of privacy regulation and the need for security professionals to align their personal goals with the busienss.

Waters began her career in the United States Navy working under the U.S. Fleet Cyber Command at the Naval Intelligence Operations Center and with the NSA. It was there that her passion for defense was born. 

“I really wanted to work in a field where my job had a purpose and where I felt I could do the most good,” Waters said. “That’s really what drove me, not just to pursue a career in cyber security, but then to do so in consulting. Instead of working for one company, I get to work for a bunch of companies, a bunch of state agencies.”

By working for a host of different organizations ranging in size, Waters has developed a keen eye for how security is often neglected internally, stating that most organizations don’t defend themselves from bad actors until it’s too late.

One of the tactics that Waters has developed during her time in the industry — and what she advises her clients on — is the idea of security by default, which is the idea that companies design their systems and tools with security measures in place, instead of doing patch work when problems arise.

“Trying to get companies to recognize that if you’re secure by default, no matter what compliance you’re going for, no matter what assessment you’re going for, whether that’s HIPAA, SOC2, PCI, whatever acronym you’re pursuing, you’re already getting there maybe 80 to 90%,” Waters said. “From there, you just have to make tweaks if you have that security by default.”

Another process Waters has developed is defense by depth, a layered approach to security that has multiple systems and levers in place if a part of the network is infiltrated. But while it’s important to have multiple steps in place, the one thing Waters was adamant about is that no security system can thrive unless your security goals are aligned with the values of the business.

“If you don’t have leadership input and you don’t have their backing, you’re not going to succeed,”Waters stressed. “Then you’re just pushing against the grind to secure your systems because your CEO or your COO is trying to get a product out there. You really need that leadership buy-in to recognize that it has to be a part of the process, no matter what you’re making, no matter what software you’re developing, no matter what service you’re providing. If you make sure that security is there at every step in the game, what you have done is you have essentially done your due diligence, not just yourself as an organization, but to your partners, to your vendors and to your customers and clients.”

To hear more about Waters’ past in the military, her thoughts on privacy and policy, check out the full episode of IT Visionaries.

To hear the entire discussion, tune into IT Visionaries here

Menu

Episode 287