“Cutting off the head” is not normally something that organizations would consider to be a reasonable solution to a security issue.
Mary Yang, chief marketing officer at Syxsense, begs to differ. She notes that by cutting ties and creating silos, organizations can protect themselves from attack. In one example, Yang recalled an assignment in which her team was tasked with protecting a corporate website from Russian state actors who were known to infiltrate sites via content management systems (CMS.)
“As a recent innovation for websites, decoupled websites would enable the company to stay on the current content management system, but enable a disconnect from the frontend of the site,” Yang said.
“Thus, if an attacker went to the company website from an internet browser, there would be no way to pivot or exploit a plugin to gain access to the backend of the site. This fulfilled the security requirement (i.e., ‘make sure the website cannot be used by attackers to pivot into our company network or products’) while continuing to move forward on the project and deliver it on time.”
The approach may not seem conventional, but Yang has a knack for getting things done outside of the conventional matter. She credits her abilities to effectively manage security challenges in part to her time spent at Mitre.
“I got to dive deep with people who are interested in understanding the challenges outside of the vendor ecosystem and spend time with scientists that wanted to understand the issue,” Yang explained.
As CMO at Syxsense, Yang has led a number of internal security initiatives and played a key role in the company’s recent acquisition by Absolute Security.
She has also taken a leadership role in a mentoring and collaborating with fellow women in the IT space. She has collaborated with analysts who have gone on to speak at prestigious industry conferences such as Shmoocon and WiCys.
Yang says that while mentoring women into cybersecurity roles is important, there is no one single pipeline through which people can enter the profession. She says that in addition to a STEM education, she looks to help inspire women who have come from other backgrounds such as arts and humanities.
“Some of the best cybersecurity engineers are people who don’t come from traditional cyber backgrounds,” she explained.
”We need more encouragement on the fact that you don’t need that hard technology degree.”
