Women in Security: Women of Influence
These five women have exerted influence on a variety of
cybersecurity issues — from policy, awareness training and legislation to R&D and regulatory compliance.
Dinah Davis
vice president, research and development, Arctic Wolf Networks
When she started university studies as a math major 20 years
ago at the University of Lethbridge in Alberta, Canada, Dinah Davis thought she
would pursue the traditional track for a woman – a career as a math teacher, as
suggested by her high school career counselor.
“One of the great things about my undergraduate years at
Lethbridge was that they encouraged us to take a lot of different courses
outside of our major, so I took as many courses in computer science that I
could,” Davis says. “Over time I discovered that computer science fit in nicely
with the way my brain works in terms of a problem-solving approach.”
Davis also was exposed to cryptography as part of the
internships she did with the Canadian government during her undergraduate years
at Lethbridge. Later on as a graduate student at the University of Waterloo,
Davis earned a master’s degree in mathematics majoring in cryptography.
After graduation, she worked for eight years on the
development team at BlackBerry that focused on security.
“I was part of the team that made BlackBerrys secure enough
that government agencies and corporations would use it for their most sensitive
data,” she says.
Today, she heads up the team at Arctic Wolf Networks that’s
building the underlying platform for the company’s SOC-as-a-Service offering.
Davis has also become a major advocate for encouraging women
to pursue careers in STEM fields. She founded Code Like A Girl, a publication
that supports women in tech, guides allies on how they can help, provides
resources for parents and teachers for getting girls involved in tech, and
works to change perceptions of women in technology.
“On one of my previous jobs, I had a misogynistic boss and I
decided to leave,” she says. “I started blogging about my experiences and it
turned into the site that exists today where we now have 40,000 followers and
up to 3,000 unique views a day.”
Davis has also been planning to bring many female keynoters
to the CyberCity Conference in the Waterloo area in October. She says that with
so many open jobs in cybersecurity, it makes sense the industry should steer
women into a career in that field. Davis wants to promote the Waterloo Region
as a cybersecurity hub along with its existing reputation as tech hub. “We have
a female keynote speaker yet to be announced and are also looking into running
a blind CTP event so that gender will have no play in who we choose to speak at
the conference,” Davis says.
“I am not a fan of Women In Security panels where they talk
about being a woman in security. That story has been told already,” she says.
“We want to see women in security speaking about security so that they become
role models for other women and men in the audience.”
The security field offers a career path where people can
start off as an entry-level analyst and work their way to becoming a security
engineer or researcher, says Davis. In fact, she points out that a Deloitte
study identifies something like 20 different titles within cybersecurity.
“There are a lot of ways people can get involved, they don’t
have to have a math background like me,” she says. “People can participate in
various capture-the-flag events both locally and online, take a college program
geared towards cybersecurity, or simply do reading on their own.” – Steve
Zurier
Angela Davis Dogan
director, vendor risk and compliance services; member, executive strategy team, Lynx Technology Partners
Angela Davis Dogan’s contributions to the field of
cybersecurity can be neatly summed up as a combination of “Risk” and “Reward.”
As director of vendor risk and compliance services for
infosec company Lynx Technology Partners, Dogan develops third-party risk
management programs for enterprises and public sector organizations, allowing
them to mitigate threats that often arise when sharing data or systems with
business partners.
Then, in her spare time, she mentors underrepresented women
and minority youths in the Greenville, South Carolina area, encouraging them to
reap the rewards of a career in cybersecurity.
Dogan has devoted 16 years to helping companies combat
third-party risk. She presently serves on the Steering Committee of the Shared
Assessments Program, a global member-led organization with a mission to drive
third-party risk assurance via best practices, training and technology. Dogan
also chairs the organization’s Standardized Controls Assessment Tool
Development Committee, which aids in the advancement and adoption of emerging risk
management solutions.
The Shared Assessments Program is managed by the Santa Fe
Group, a strategic consulting company where Dogan worked as senior project
manager from 2013-2017. During this time she helped guide the development of
best practices and resources that were ultimately integrated into leading
organizations’ vendor risk management frameworks. Before that, she was a vendor
auditor with Resurgement Capital Services, a manager and servicer of consumer
debt portfolios for credit grantors and debt buyers.
Dogan also serves on the Cloud Security Alliance’s Cloud
Controls Matrix Working Group, assisting in the organization’s efforts to
further enhance its cloud security framework for the past three years.
Last year Dogan received an Outstanding Service Award from
the International Consortium of Minority Cybersecurity Professionals (ICMCP),
where she volunteers in an effort to grow the cyber workforce through diversity
initiatives. She is a current member and past director of the organization’s
Corporate Events Committee and has assisted in the development of its K-12
outreach program. Dogan is also a member of Techgirlz, Women in Cybersecurity
(WiCys) and Women In Technology (WIT).
A grandmother of four, Dogan says her personal goal is to
one day develop a third-party risk management curriculum for students. – Bradley
Barth
Atefeh (Atty) Mashatan
director, cybersecurity research lab, professor, information technology management, Ryerson University
Dr. Atefeh (Atty) Mashatan may have settled into life as a
professor at Ryerson University in Toronto, where she focuses on information
systems security, cryptography and combinatorics, but she previously had an
extensive career on the front lines of the cybersecurity field.
Mashatan’s co-workers nominated her based on her leadership
and efforts in advancing the industry, as well as academic partnership with
focus on cybersecurity. In her current role she “has been a tireless innovator
and leader…for development of talent through mentorship and broader society
in advancement of trust in technology through cybersecurity.”
Mashatan’s care and dedication to her subject matter is also
obvious to many of her students who gave her a series of glowing reviews for
the most recent semester.
“Professor Mashatan clearly cares about her students. She
was always willing to help me and others after class. Her level of expertise
and knowledge is evident in her teaching and she is able to clearly articulate
the material. Tests and assignments were difficult but fair. They helped me
gain new knowledge about information security,” said one student.
Prior to Ryerson, from 2012-2016, Mashatan was with the
Canadian Imperial Bank of Commerce as a senior information security consultant
and solutions architect and led the evaluation of newly proposed and existing
security systems while providing subject matter expertise related to threat and
risk management. The preceding three years were spent as a scientific
collaborator at the Security and Cryptography Laboratory of the School of
Computer and Communication Sciences, EPFL (Swiss Federal Institute of
Technology, Lausanne) where she conducted research on design and analysis of
cryptographic protocols.
She is a Certified Service Oriented Architect (SOA) with
honors and obtained the Certified Information Systems Security Professional
(CISSP) certification from International Information Systems Security
Certification Consortium (ISC2) in 2015. – Doug Olenick
Algirde Pipikaite
project lead, governance and policy, Centre for Cybersecurity, World Economic Forum
Devout ice skating fans might recognize Algirde Pipikaite as
a former Lithuanian champion skater, but over the last 15 years, she’s also
distinguished herself in cybersecurity, summoning legal, technical and business
knowledge combined with prudent and pragmatic risk-taking to tackle complex
issues and influence the advancement of cybersecurity in both the private and
the public sectors.
Perhaps it is her fluency in chess – she’s a champion in
that as well – that makes Pipikaite a successful and respected strategist in
the security sector. As project lead of governance and policy at the Centre for
Cybersecurity at the World Economic Forum, Pipikaite works closely with
investors – bringing together leaders from the likes of S&P Global and
Moody’s – to tease out new market incentives that will help make security a
priority in technological innovation. By pushing for security to be backed into
software, resulting in less vulnerable offerings, Pipikaite strives to shrink
the cyberspace attack surface.
She came to the World Economic Forum from CyberSponse, Inc.,
where she was the vice president of information risk. Her journey to
cybersecurity started with work on a variety of international development and
security projects that included the launch of a community-driven group for
incident responders.
Billed as a digital transformation and cybersecurity
policymaker, Pipikaite holds an MPA from the Harvard Kennedy School of
Government, an LLM from the University of Lausanne, Switzerland and a B.A. from
Mykolas Romeris University in Lithuania. – Teri Robinson
Rosa Smothers
senior VP, cyber operations, KnowBe4
As a cyber threat analyst who supported cyber operations in the Central Intelligence Agency for more than a decade and a
veteran of the Iraq war, Rosa Smothers has built up a portfolio of skills and experience – much of which can’t be disclosed
for national security reasons, though one supporter said her CIA work qualified
her as “an all-out badass” – that make her an influential player in the
cybersecurity industry.
At KnowBe4, where she’s senior vice president of cyber
operations, Smothers conducts internal investigations that bring her research
and forensics experience to bear – and showcases her ability to work with
external subject matter experts in coordinated efforts to determine attack
attribution.
Her extensive research into FedRAMP and contract-specific
work shaped KnowBe4’s plan to become the first, and what is currently the only,
security and awareness training platform in the FedRAMP marketplace. Exemplary
of her influence is her work with two lobbying firms in Washington to help
boost federal cybersecurity legislation.
Smothers puts in considerable time with lawmakers on Capitol
Hill to develop cybersecurity working groups and caucuses aimed at tackling
cybersecurity issues and has provided input to various committees across
different industries that touch on cybersecurity. Her efforts have paid off and
she’s lauded for increasing lawmakers’ understanding of the importance of
security awareness training and simulated phishing to help mitigate cyber
threats.
She is generous with her time in helping women understand
their value and improve their status within the cybersecurity
industry and cultivating the tools and confidence for them to develop
persuasive and assertive skills. She has mentored countless women and was
tapped as a designated mentor during her tenure at the CIA.
Smothers also is a member of Women in Defense, aimed
at
advancing women in national security. – Teri
Robinson
Gloss