Name: Wendy Nather
Title and company: Research Director, Retail Cyber Intelligence Sharing Center
Number of years in the information security industry: 20
RSAC: What was your first job in the infosec industry?
Nather: Director of IT Security for the EMEA region of the investment banking division of Swiss Bank Corporation
RSAC: What does the RSA Conference 2017 theme, "The Power of Opportunity," mean to you?
Nather: To me it means that as an industry, we can be proactive. We can choose different roads to get to solutions, and we're not stuck with just reacting to what happens in technology and crime.
RSAC: What is the #1 trend infosec professionals need to be paying attention to right now?
Nather: Account takeover attacks. Criminals are automating and scaling up their reuse of stolen credentials, and it affects both enterprises and consumers equally.
RSAC: How can the industry balance the opportunities with new and growing technology with keeping our data (and people) secure?
Nather: We need to address underlying problems, such as the fact that we're placing the security burden on the user of technology that in many cases they don't understand (and shouldn't have to). We need to examine and address the faulty assumptions that we make as an industry, because they're hindering us from finding that balance.
RSAC: Tells us about your work with Securing Change.
Nather: Securing Change is an organization that helps provide security services to nonprofits. I'm on the board of directors, but the real hero getting the work done is Oliver Day, the founder. He's the one setting up arrangements so that the nonprofits can focus on helping clients rather than trying to fight off attackers.
RSAC: You've held many prestigious positions across the security industry, including serving as a CISO in both the private and public sectors. What advice do you have for someone who is new to the CISO role?
Nather: Make friends. Seriously. If you think of security as a service organization, rather than a control organization, you'll have the right frame of mind for gaining the trust of your management and peers. And since many argue that security shouldn't be a separate function anyway, you'll need to influence as many other people as you can in order to be successful. It's the hardest social engineering job you'll ever have, but it's critical.