Chapter 1: Embracing Discomfort for Growth

To truly grow, one must embrace discomfort. This principle became evident to me when I was tasked with leading a significant communications initiative in Naval history. The challenge involved transferring systems across three networks—two classified—while ensuring confidentiality, integrity, and availability. Although it was a formidable undertaking filled with obstacles, we ultimately succeeded and set a precedent for future operations.

In today's world, the cybersecurity field is more crucial and dynamic than ever. As part of our interview series titled "Wisdom From Women Leading The Cybersecurity Industry," I had the privilege of speaking with Sarah Wynn, a Senior Cyber Security Program Manager at Maximus, who shared her unique insights and experiences.

Sarah is a seasoned expert in Cyber and Information Security, with a focus on managing programs and projects related to various security domains. She possesses a Top Secret security clearance with SCI eligibility and has undergone a Counter Intelligence Polygraph.

Before diving deeper, Sarah, can you share a bit about your background and upbringing?

I hail from a military family, with both parents having served in the Navy. My father was a SEAL who used to wake us up with reveille, instilling in me a habit of early rising. My mother and father complemented each other well—my dad's toughness balanced by my mom's nurturing nature. My childhood was largely tech-free until I graduated high school, though I did enjoy my Walkman while mowing the lawn, blissfully unaware that my singing could be heard. Michigan, with its rural charm, remains my true home, deeply influencing my work ethic and discipline. After high school, I enlisted in the Navy, marking the beginning of my career journey.

Chapter 2: Current Projects and Future of Cybersecurity

What exciting projects are you currently involved in?

My team is undertaking a comprehensive cloud modernization initiative. This digital transformation encompasses infrastructure, platforms, applications, and business processes. Properly executed, cloud migration can yield faster app deployments, enhanced security, and improved disaster recovery capabilities.

What excites you most about the cybersecurity industry?

Cybersecurity has always been thrilling, but recent years have ushered in a heightened focus on its necessity. It has evolved from a secondary function to a critical component within organizations, now often included in annual budgets. The constant innovations, especially in areas like zero-trust architecture and machine learning, are particularly exciting. Additionally, the increasing number of students pursuing cybersecurity degrees and certifications, especially women and people of color in leadership roles, bodes well for the industry's future.

What concerns you about the cybersecurity landscape?

Despite the industry's growth, several concerns persist. Cybersecurity education must improve across all demographics, particularly among older generations who may not be aware of the dangers of phishing and social engineering. Moreover, government entities struggle to retain cybersecurity talent due to budget constraints, often losing skilled professionals to private companies. Lastly, technological advancements are outpacing security innovations, highlighting the need for continuous adaptation.

Looking ahead, what critical threats should companies prepare for?

Several threats deserve attention, particularly securing cloud infrastructures as more businesses move their operations online. Misconfigurations and credential abuse have led to data breaches, underscoring the need for robust cloud security practices. Additionally, the Internet of Things (IoT) introduces vulnerabilities in various sectors, while the protection of critical infrastructure remains paramount. Supply chain risks, highlighted by incidents like the SolarWinds attack, also require careful management.

What lessons have you learned from past cybersecurity breaches?

Throughout my career, I’ve been involved in assisting agencies with their security programs post-breach. A common theme is the lack of preparedness and awareness within organizations. The key takeaways are that cybersecurity is a collective responsibility and readiness is crucial since breaches can happen to anyone.

What cybersecurity tools do you frequently utilize?

I regularly employ scanning tools like Nessus, Airwatch, Webinspect, and DBProtect to identify and prioritize vulnerabilities. Splunk serves as an essential SIEM tool for monitoring and responding to attacks, ensuring the network's overall health.

What signs might indicate a potential hack?

It’s vital to remain vigilant for any anomalies, such as unfamiliar programs appearing on your computer or unusual disk usage. If your email contacts receive phishing messages from you, or if you find yourself redirected to unexpected websites, these may be signs of a breach. Maintaining strong passwords and keeping software updated are effective preventive measures.

After a breach, what immediate steps should a company take?

Activating the incident response plan is crucial, ensuring clear communication with both internal and external stakeholders. Transparency and accountability are vital in mitigating the situation. Companies should analyze the root cause, implement quick fixes, and educate employees to prevent future occurrences.

What common cybersecurity mistakes do you see in companies?

Many organizations underestimate their vulnerability, believing they are too small to be targeted. However, cyberattacks occur every 39 seconds, impacting businesses of all sizes. Every organization must implement a solid incident response plan, regardless of its size.

Are you satisfied with the current status of women in STEM?

Currently, I am not satisfied. Women represent only about 25% of STEM roles, with an even smaller fraction in cybersecurity. We need to provide role models and create supportive environments that foster curiosity and confidence in young women. Hiring practices and retention efforts also need improvement to create equitable opportunities.

What myths about cybersecurity careers would you like to dispel?

Cybersecurity is often perceived as male-dominated and overly technical. However, women bring unique perspectives and skills to the field, and there are various roles beyond technical positions. Additionally, individuals of all ages can thrive in cybersecurity, as diverse backgrounds enrich the workforce.

What are your five key leadership lessons from your journey as a woman in tech?

1. Speak Up: Your voice matters. In my experience, involving security teams early in projects fosters collaboration and strengthens security processes.
2. Stand Firm: Upholding security standards, even in the face of pressure, is critical. I refused to allow a system onto our network without a vulnerability scan, preventing potential risks.
3. Embrace Discomfort: Growth occurs outside your comfort zone. Leading significant initiatives has taught me the importance of tackling challenges head-on.
4. Value Diverse Perspectives: Leadership is about collaboration. Engaging with team members and understanding their viewpoints can lead to innovative solutions.
5. Practice Empathy: Recognizing that everyone has their challenges creates a more inclusive and effective work environment.

If you could have lunch with any influential leader, who would it be and why?

I would love to have a conversation with Susan Wojcicki, the CEO of YouTube. Her ability to balance a demanding career with motherhood is inspiring, and her advocacy for women in the workplace resonates with me.

Thank you for sharing your insights, Sarah. Your experiences and lessons are invaluable to our readers. We wish you continued success in your endeavors!