Title: Insights from Sarah Wynn: Women in Cybersecurity Leadership
Written on
Chapter 1: Standing Firm in Cybersecurity
In the world of cybersecurity, having a strong stance is essential. During an installation of a critical system, a team aimed to complete it that day. However, I insisted that no deployment occur without a thorough vulnerability scan. The risk of jeopardizing communications for the Pacific Fleet was too great. Despite considerable resistance, we conducted the scan, uncovered significant vulnerabilities, and halted the installation until those risks were adequately addressed.
As part of our series highlighting "Women Leading in Cybersecurity," I had the privilege of speaking with Sarah Wynn.
Sarah Wynn, raised in a Navy family, began her career right after high school. With nearly ten years of experience, she discovered her enthusiasm for cybersecurity while serving as a translator. Since then, she has taken on pivotal roles, including Cyber Security Director at the Department of Defense and Cyber Security Program Manager at Maximus. Currently, she leads teams providing cybersecurity services to the Environmental Protection Agency and the Department of Transportation, bringing numerous systems into compliance. Additionally, Sarah is dedicated to mentoring the next generation as an adjunct professor at the University of Maryland Global Campus.
Thank you for joining us, Sarah! Before we dive deeper, could you share some of your background with our audience?
I grew up in a military household; both my parents served in the Navy. My father, a SEAL, would wake us with reveille, instilling in me the value of early rising. My parents balanced each other perfectly—my dad was strict, while my mom was nurturing. My childhood was largely free from technology until I graduated high school, although I did enjoy singing along with my Walkman while mowing the lawn, believing no one could hear me. Michigan, with its rustic charm, dirt roads, and lakes, shaped my work ethic and discipline. Although I longed for a bigger world, I'm grateful for those formative experiences. After graduation, I enlisted in the Navy, and that set the course for my career.
Section 1.1: Influential Literature
Is there a particular book or podcast that has profoundly influenced you?
I’m an avid reader. One book that deeply impacted me was "Their Eyes Were Watching God" by Zora Neale Hurston, which I read around age 14. Growing up in a predominantly white town, this work opened my eyes to issues like racism and sexism that I was previously unaware of. It challenged me to broaden my understanding and confront my own biases. I also admire Brené Brown and frequently listen to her "Dare to Lead" podcasts, appreciating her unique take on leadership and vulnerability.
Subsection 1.1.1: Formative Experiences
Section 1.2: Discovering Cybersecurity
What inspired your journey into cybersecurity?
I stumbled into the field. Initially, I served as a linguist in the Navy, working with Korean and Spanish in classified settings. My curiosity about how we safeguard our information grew, leading me to focus on protecting systems and data.
Chapter 2: Learning from Mistakes
Can you recount a humorous mistake from your early days?
During my time in Virginia, we piloted a Host Based Security System at headquarters. After observing network traffic for four days, I transitioned it to protection mode. Unfortunately, when automated vulnerability scans began, the system mistakenly interpreted it as a port scan and shut down every port on our switches. I had to manually reactivate each one. The lesson? Four days isn’t enough for cyber tools to acclimatize to the environment.
Are there any current projects you're excited about?
My team is currently working on a comprehensive cloud modernization effort, which is a significant digital transformation encompassing infrastructure and business processes. When executed correctly, this initiative can enhance security, streamline operations, and facilitate quicker application deployments.
Section 2.1: Excitement in Cybersecurity
What excites you most about the cybersecurity industry today?
Cybersecurity has always been thrilling, but the recent surge in focus is invigorating. It is now recognized as a necessity rather than an optional function. Previously, we fought for budgets, but now cybersecurity has a permanent line item. The increase in awareness around cybersecurity is a significant win. Additionally, innovations like zero-trust architecture and advancements in machine learning to detect threats are remarkable. The growth in the industry is encouraging, particularly the rising number of women and individuals of color entering leadership roles.
What concerns you about the industry?
Despite our reliance on cyberspace, there is a pressing need for better education on cybersecurity. From teaching employees about phishing to educating older generations on safe online practices, the awareness gap remains a challenge. Additionally, government agencies struggle to retain cybersecurity talent due to budget constraints, and rapid technological advancements often outpace security developments, posing risks.
Looking ahead, what threats should companies prepare for?
One critical area is securing cloud infrastructures, especially after many companies transitioned workloads to the cloud during the pandemic without proper security measures. The Internet of Things (IoT) also presents risks, particularly in sectors like manufacturing and healthcare. Furthermore, our critical infrastructure remains vulnerable to attacks, exemplified by the Colonial Pipeline incident, underscoring the need for robust security regulations.
Section 2.2: Cybersecurity Breaches
Can you share an experience from a cybersecurity breach you helped address?
While I hope to have prevented many breaches, I often join organizations post-incident to enhance their security programs. A recurring theme is the lack of readiness; many believe they are immune. The key takeaways are that cybersecurity is a collective responsibility and preparedness is crucial, as breaches can happen to anyone.
What cybersecurity tools do you frequently use?
I regularly employ scanning tools like Nessus for operating system vulnerabilities, Airwatch for mobile devices, Webinspect for web security, and DBProtect for databases. These tools help identify and prioritize risks, allowing for effective mitigation. Splunk is invaluable for monitoring network health and responding to threats.
Are there signs that a layperson can look for to identify a potential breach?
Staying vigilant is essential. Look for unusual programs on your computer, high disk usage, or if your contacts receive unsolicited emails from you. Additionally, unexpected website redirects can indicate a hack. Strong passwords and keeping systems updated are vital preventive measures.
After a breach, what steps should companies take to protect themselves and their customers?
The first step is to activate the incident response plan, ensuring clear communication with both internal and external stakeholders. Transparency and accountability are crucial in managing the situation. Identifying the root cause and implementing solutions while educating staff can help prevent future incidents.
Chapter 3: The Future of Women in STEM
What is your perspective on the current status of women in STEM?
I am concerned. Women represent only a quarter of STEM jobs, with even fewer in cybersecurity. Gender stereotypes often deter women from pursuing these careers. We need role models and confidence-building initiatives for young women, starting in elementary schools to foster inclusivity.
What myths about working in cybersecurity would you like to dispel?
- The notion that cybersecurity is not for women is false. Women offer unique perspectives and often excel in spotting risks.
- The belief that one must be highly technical to work in cybersecurity is misleading. There are diverse roles, including policy and compliance positions.
- The assumption that only young individuals can succeed in cybersecurity is incorrect. Many professionals enter this field later in life, bringing valuable experiences.
What are your five leadership lessons learned from your journey in tech?
- Speak Up: Your input matters. I learned the importance of involving the security team early in projects to foster collaboration.
- Stand Firm: When necessary, hold your ground. I refused to deploy a system without a clean scan, ultimately preventing critical vulnerabilities.
- Embrace Discomfort: Growth often comes from stepping outside your comfort zone, as I experienced during a significant communications transition in the Navy.
- Value Different Perspectives: Understanding diverse viewpoints fosters collaboration and innovation.
- Empathy Matters: Leadership should be about finding common ground and understanding others' experiences.
Is there someone you would like to meet for a private conversation?
I would love to have breakfast with Susan Wojcicki, CEO of YouTube. Her ability to balance a high-profile career and motherhood inspires me, and I admire her advocacy for women in the workplace.
Thank you for sharing your valuable insights and experiences, Sarah! Your contributions to the field are commendable, and we wish you continued success in your endeavors!