2011 Women of Influence award winners named

The 2011 Women of Influence Awards, co-presented by Alta Associates and CSO Magazine, recognize outstanding women in infosec careers

1 2 Page 6

I would say that security is such a large and complex field that the best place to start is to understand what drives you. What makes you happy? What doesn't? What are you good at? What are you not? Personally I know that I am at my most happy and effective when I am driving teams and cultures through positive change to a larger vision while remaining effective in the little things and my relationships. I know that I am not good in maintaining the status quo. If you know yourself and your interests, you will be able to choose the right roles in the industry that fit what I call your personal happiness profile.

Once you are aware of what this looks like for you — and if you stay true to it — you will have the ability to not only choose the right path at the right time, but to know how and when to make the leap for the next level.

What valuable advice have you received along the way in your career?

The best advice I ever got in my career was after a very eye opening 360 review. I felt sure that I knew how I was viewed by others and that I would 'score high' (which is not the point — but those of us who have what a friend of mine calls an 'overdeveloped sense of responsibility' think like that). What I found out was that yes, people thought I was good at my job, and yes they liked working with me.

However, what was lacking in was that I wasn't EFFECTIVE. Specifically, I needed to learn how to get information to people based on how THEY wanted/needed to receive it — not based on how I wanted to give it. That was the best advice I ever got &mdashl; learn how to be effective in your delivery of information.

One to Watch

The 2011 "One To Watch" is Katie Moussouris, Senior Security Strategist Lead with Microsoft.

Moussouris leads the Security Community Outreach and Strategy team at Microsoft. Her teams work encompasses industry-leading programs such as Microsoft's BlueHat Prize (www.bluehatprize.com the industry's first and largest prize for defensive security research), the BlueHat conference, security researcher outreach, and Microsoft's Vulnerability Disclosure Policies. Moussouris also founded and runs Microsoft Vulnerability Research, which is responsible for Microsofts research and reporting of vulnerabilities in 3rd party software. Moussouris recently was voted the editor of a new draft ISO standard on Vulnerability Handling Processes, following her work over the past 4 years as the lead expert in the US National Body on an ISO draft standard on Vulnerability Disclosure.

Prior to working for Microsoft, Moussouris was a penetration tester for several Fortune 500 companies, as a senior security architect for @stake when it was acquired by Symantec. At Symantec, Moussouris founded and ran Symantec Vulnerability Research.

What is the biggest challenge for women in security professions today?

The biggest challenge for women in many professions, not necessarily limited to security, is risk aversion. We must try to understand the limitations we impose on ourselves such that we can adapt and overcome them. We often don't take opportunities that will help us grow and develop professionally, due to an internally-imposed lack of confidence and an unwillingness to take risks. We mistakenly think we need to be perfect, or take care of every detail, when that thinking limits us and discourages us from taking risks.

While we may stumble along the way, and I certainly have at points in my career, we learn more from those failures than we ever would from our successes, thereby enabling us to reach even further next time. Men do this in business all the time. Women should take heed and take more risks. Borrowing wisdom from Wayne Gretsky, "You miss 100% of the shots you dont take."

What advice would you give to those in considering security as a profession, or who are in security but want to take their career to the next level?

Master the power of networking. A great leader is a great communicator, so hone those skills, as well as your ability to solve problems strategically as well as technically.

While having your technical chops in order is a must, there will come a point in your career that you will want to see daylight again instead of peering at IDS logs or staring at a debugger for the rest of your life. Imagine yourself at the helm of the group that runs the forensics investigations, or directing the team that responds to new malware. For those roles you'll need connections and business sense as much as you'll need the technical understanding of the gears under the hood.

Think big, dream of the impossible, identify mentors within your organization who can help you grow in the "soft skills" areas you'll need to take your career to the next level, and don't assume that your ideas must have already been thought of by someone else.

What valuable advice have you received along the way in your career?

Take risks. Be bold. Don't be afraid of failure, and always seek out the lessons therein — these are gifts. Listen at least as much as you speak. And most importantly, believe in yourself, as a true sense of inner confidence enables you to take on anything that life or work can throw at you.

1 2 Page 6
SUBSCRIBE! Get the best of CSO delivered to your email inbox.