Intelligent CISO Issue 55 - Page 71

I recently restored my grandmother ’ s cabinet grand piano from 1900 and took up playing piano again in earnest .

GO PHISH

WE ‘ GO PHISHING ’ WITH KAREN WORSTELL , SENIOR CYBER STRATEGIST AT VMWARE , WHO TELLS US

ABOUT LIFE INSIDE AND OUTSIDE THE OFFICE .

wWhat would you describe as your most memorable achievement in the cybersecurity industry ?

Early on in my career , I was presented with challenges that looked daunting to begin with but turned into my proudest achievements . One of which was to write the first cyber policy manual for Boeing alongside various standard bodies .
At the time I was the VP of IT Risk Management and CISO at AT & T Wireless , where we were given 10 months to overhaul Boeing ’ s security . With a US $ 41billion merger dependent on having zero deficiencies in the security audit , I was terrified . There were lots of unintended lessons learned along the way , but we did it and the validation I felt was surreal .

I recently restored my grandmother ’ s cabinet grand piano from 1900 and took up playing piano again in earnest .

What first made you think of a career in cybersecurity ?
I first became interested in information security when my graduate school professor in my software engineering class encrypted the final exam . We had to build code-breaking tools all semester long because he encrypted 10 questions with 10 different algorithms and 10 different keys and gave us 24 hours to solve them . I had such a good time with that exam and I wanted to do more ! I ended up doing my masters thesis on fast hardware encryption and as a result , Boeing hired me .
What style of management philosophy do you employ with your current position ?
At VMware , I don ’ t own any dedicated lines of management but I do need to get things done by influencing others . Nothing is solely up to me and the outcome depends on the quality of the work of the people I ’ m working with . Though I get more of the spotlight sometimes , I always ensure my teams know that I appreciate their work and give credit where it ’ s due .
What do you think is the current hot cybersecurity talking point ?
At a conference I recently attended , the room packed out for a discussion on cyberthreats . People are increasingly wanting to get a handle on evolving cybercrime . But I feel our attention should be on risk management more specifically .
Companies are still engaging in a game of whack-a-mole , where they ’ re not targeting the right areas of the control environment . This calls for a solid risk management strategy . I like to think VMware is the best security company , particularly when it comes to risk reduction .
We ’ re running workloads on vSphere – the most secure way to do so – with the visibility and full context of VMware Contexa . We also instrument www . intelligentciso . com
71