Annalea Ilg is vice president and chief information security officer at hybrid IT infrastructure provider Flexential. Her remit covers maintaining programs, policy, security and compliance teams, crisis management, privacy and security resilience for clients, vendors and partners. Before joining Flexential she held security roles at CoSentry and Central States Indemnity Co. of Omaha. Here, she shares her career path and offers advice for aspiring security leaders.
What was your first job? My first job ever was at FunPlex Amusement Park in Omaha, Nebraska when I was 16, where I worked at the ticket and snack bar counter. My first professional IT job came in 1999 when I was the systems administrator for a small international telecommunications company, where I managed desktops, Exchange and servers. I distinctly remember the hysteria around the Y2K scare at that time!
How did you get involved in cybersecurity? My IT career evolved during a time when security regulations were maturing and that’s when I really developed a passion for cybersecurity. I also think my personality fits square into the qualities required to manage cybersecurity. As you can imagine, it’s not for everyone.
Tell us about your career path. Once I decided to pursue IT and cybersecurity, that was the path. Funny enough, I started in IT by accident as I was an executive assistant for a computer cabling company. I, by default, became remote hands for a consulting firm out of Minnesota. There, they would troubleshoot through me and that is how I became interested and learned the basics. I loved IT so much that I changed my education path. From there, I went on to networking, disaster recovery and then security for insurance, healthcare and financial businesses.
Was there anyone who has inspired or mentored you in your career? When I started out, there weren't many women in IT so I became laser focused on what I wanted and researched myself. However, there was one mentor that inspired me to put my dreams in reality. His name is Tom Schildhauer and he was the CEO of NetLink, the computer cabling company where I was an executive assistant. He was the first and only professional that sat me down and asked me where I saw myself in five years during my first interview. It was very eye-opening and without that question I don’t think I would be where I am today. Now, every five years I ask myself that same question and plan ahead.
What do you feel is the most important aspect of your job? Protecting the company and our customers from cyberthreat, directing strategy and communicating the security posture.
What metrics or KPIs do you use to measure security effectiveness? Threats, events, activity and industry comparisons.
Is the security skills shortage affecting your organization? What roles or skills are you finding the most difficult to fill? More people want to work in security which is awesome but I find silos of knowledge in the industry.
Cybersecurity is constantly changing – how do you keep learning? The domains and basic security standards don’t really change. That said, I make sure I continue to keep track of security news and vendor notices. I also make sure I understand controls and how to improve them. Cybersecurity threat is ever growing and its clear companies are still not following basic security practices. If they were, we wouldn’t be seeing so many breach notifications.
What is the best current trend in cybersecurity? The worst? The worst is the breach notifications we are seeing in hyperscale cloud. Unfortunately, this will only continue to rise. Not everyone has security teams to help them with configuration and best practices and companies are still in the mindset of being compliant versus being secure — this has to change. The best trend is seeing all the need for security professionals in the market.
What's the best career advice you ever received? You can achieve anything if you surround yourself with like-minds and talented people. Don’t get hung up on negative influence.
What advice would you give to aspiring security leaders? Roll up your sleeves and understand the environments you are securing and the threat landscape holistically, and learn how to be creative in a prescriptive world.
What has been your greatest career achievement? There have been many milestone achievements along the way but one that is specifically memorable is the first build of our Health Cloud. Working with teams and partners to develop compliant and secure environments for customers that need a full suite of managed services was extremely complex and integrated. Every person involved was extremely talented and it was exciting to be around.
Looking back with 20:20 hindsight, what would you have done differently? I started working at a young age and didn’t stop. I juggled college and career at the same time. Looking back, I would have forced my younger self to slow down and take more vacations. Work/life balance is critical.
This interview is part of CSO’s regular Spotlight series, which focuses on the career paths of security leaders. If you know someone (or are someone) with a story worth telling, please contact kate_hoy@idg.com.