The CSO is probably the most besieged person in organizations today, as the network faces daily attack from either outside or within — and sometimes both at the same time.
Small wonder some at the end of every work day come close to pulling their hair out.
Not Leslie Lambert, an executive who has been a CISO for an IT company and a security vendor.
“It’s always interesting, it’s always changing,” says Lambert, chief security and strategy officer for Gurucul, a Los Angeles-based company which makes user behaviour analytic solutions to detect insider threats.
A former CISO at Juniper Networks and Sun Microsystems, she admits that few IT security administrators would describe their positions as “interesting.”
But, she says, “if you’re not able to withstand that constant shelling, that constant change and see through it then I think it can become depressing … I guess I’m just an optimist.”
Lambert was interviewed last week in Toronto, where spoke at a closed door Canadian Bankers Association security conference.
“I think in security you have to have a pretty high level of resilience, and you certainly have to have a good sense of humour. You can’t attend to every data point, because if you did you’d go crazy. You have to keep your eyes on the horizon, looking forward, what’s the longer goal …
“I think it’s fascinating: There’s always some level of intrigue, of what’s new in technology. I also have a couple of degrees in psychology and that helps me understand the psyche of what’s going on — what people are think, not only the perpetrators but also people who are falling into various traps… there’s always something new.”
“If you’re not able to withstand that constant shelling, that constant change, and see through that then I think it can become depressing … I guess I’m just an optimist. I’m able to see the glass half full versus half empty.
“I do know there are lots of people in security who see the glass as bone dry, and I think they kind of like burn out and leave. But me, I’m hanging in there. I think it’s great.”
Lambert has been in IT for over 20 years, although she sort of backed into it. Her career started designing control systems in the petrochemical industry, moving to a computer in 1980. An opportunity to work in programming and system analysis for the company’s CAD systems which started her on path to learning more about computer science.
When she moved to Sun she found security was always a critical part of the products it made.
Over her 18 years there she rose to become CIO for a number of product divisions, then periodically chief IT architect (which also managed the new IT security team). But “after years of doing CRM, ERP systems and all those different things I surely couldn’t do another one, so I decided to focus all my attention energy into security and privacy.” Eventually she became its CISO for four years, then held that title at Juniper for three years. Two years ago she joined Gurucul.
Gurucul is one of a number of IT security companies including Ottawa’s Interset, McAfee and Fortscale Security, using big data for behaviour analytics to ferret out possible insider threats — whether it’s a disgruntled employee or an attacker who has been able to compromise.
Industry analyst Jon Oltsik of the Enterprise Strategy Group noted in an email that many security technologies include behaviour analytics in their solutions, including Courion Corp. in its identity and access management products, Lancope Inc.‘s network session behavio solution and CyberArk’s privileged accounts solution.
Often organizations have no shortage of traffic data from monitoring applications to security event managers, but may not be able to tie it to specific identities (people or IP addresses). These solutions can tap into that data help create risk-based profiles of employees.
Lambert notes — perhaps ironically — that the U.S. National Security Agency apparently had no way of keeping track of the behaviour of security consultant Edward Snowden, who used his privledged access to NSA systems to get access to the identities of others and eventually make off with a lot of controversial information. “We need to move beyond just getting streams of data and move to wards analyzing multiple pieces of input,” she concludes.
Another piece of irony: Thanks to Snowden, she says, people now understand what CISOs/CSOs do for a living (protect the enterprise).
Finally, she has some advice for her CSO colleagues: Learn to stop talking jargon to other members of the organization. “A lot of people make the mistake of saying ‘We have this many types of intrusions, this many times of this,’ and you have board members looking at you like ‘So, is that good news or bad news?’
“So I think failing to understand the language of the business and being able to characterize what’s really happening, the language of risk, business language,” is one of the biggest mistakes CSOs make. Getting an MBA was one of the ways Lambert helped learn the other side.