There are many ways to approach an insider risk program, but for Jadee Hanson, chief information security officer and CIO at Code42, she prefers to build partnerships with the employees as well as HR and the legal team.
Hanson says under the cloud-based Incydr system they built at Code42 that gets used internally and with customers, if someone on the team improperly shares a document, it automatically triggers a Slack message to the user that they shared a document that they shouldn’t have shared outside of Code42.
Click here for full coverage of the 2022 Women in IT Security.
The user can then opt to click that they meant to share the document, which then logs an action for the security team to look at, or if they did not mean to do it, they click an option that then plays a one-minute video that shows the exact steps to change sharing settings so that the document no longer gets shared outside Code42.
But there’s so much more: in her six years since coming to the company from Target, Hanson has transformed Code42’s security division into a revenue generator, leveraging the company’s technology to win new customers. Hanson has also elevated security’s role within the organization, helping teams embrace and adopt risk management while increasing the company’s cyber detection, response, and recovery capabilities by 90%. An expert in cloud conversion, Hanson stabilized Code42’s corporate technology infrastructure by streamlining and transitioning all services to the cloud, resulting in more than $1.2 million in SaaS-based spending reductions.
Even with all her accomplishments, Hanson is best known for her work as an insider threats expert. She even co-authored a book with Joe Payne, "Inside Job: Why Insider Risk is the Biggest Cyber Threat You Can’t Ignore." Hanson’s approach to insider risk is widely viewed as innovative.
“We don’t want to solely focus on stopping collaboration or blocking things, but more focus on securing the collaboration culture,” Hanson said. “We’re the security organization, we’re charged with monitoring all the data exposures that may happen in the organization. But we will do it in partnership.”