Career Notes 11.27.22
Ep 127 | 11.27.22

Laura Whitt-Winyard: Securing the world. [CISO]


Laura Whitt-Winyard: Hi, my name is Laura Whitt-Winyard, and I'm the CISO at Malware

Laura Whitt-Winyard: When I was growing up, I wanted to be a pediatric oncologist. Being a pediatric oncologist stayed in focus for me until freshman year of college. Uh, when I realized that I don't think I'd be able to disassociate and be able to treat patients without being emotionally invested. I took a year off, once I realized, um, that might not be for me, so I decided, let me take a year off. Um, I worked with children that were mentally, physically abused and that solidified things for me that it was not something I could do. I I brought too much of it home with me.

Laura Whitt-Winyard: I bounced around from job to job trying to figure out what now, what do I wanna be when I grow up? Uh, even though I was a full fledged adult and in 1999, I bought my first computer and it was like a light bulb went off in my head. This is when I realized that I had an insatiable, um, desire to learn and solve puzzles and technology was the solution for my overwhelming, um, need to continuously learn, grow, and change.

Laura Whitt-Winyard: I recall, uh, just a little anecdote, when I, um, was getting my first modem and I was asked, what size modem do you want? And I said, medium because I thought he meant physical size. So there was a lot to learn, but I gathered quite a few books. I locked myself away, I figured out how to get on the internet. Um, I sort of exaggerated my way into my first job in IT and that desire to just understand everything, uh, propelled me forward. I was moved to a tier four think tank team, uh, within four months of working in IT, and probably about a year and a half later, uh, I was asked to join a company as one of their security architects, and from then on, security became a massive passion of mine.

Laura Whitt-Winyard: In the beginning I think there might have been a bit of imposter syndrome. I remember the first time, uh, I was relocated somewhere for a, a higher position. I, I thought to myself, oh, I wonder if they know what they're doing, but after a while I realized that within a few weeks, I could pick it up quite easily and the things that I didn't know, I could learn on my own. I could learn by Googling, I could learn by webinars, by reading, and it just satisfied me so much.

Laura Whitt-Winyard: One of the things that I've, uh, preferred to do in my career, uh, to date, has been to join a company, spend three to four years there, getting their security program up and running. Um, change the mindset of the company, um, about security equals compliance, not the other way around, building up a team, getting the team excited, uh, about this cybersecurity mission that we are all on, training my successor, and then moving on to help another company. One of my mottoes is, um, I wanna secure the world, one company at a time and that's pretty much what I've done. Uh, and what led me to Malwarebytes.

Laura Whitt-Winyard: Initially, I would say the, the beginning was learning the environment. This is my first foray into being a vendor CISO or working for a cybersecurity company. So understanding that one of our mottos is that we drink our own champagne, meaning we use our own tools internally. So understanding our tools, their capabilities, having that CISO hat on and being able to work with product. 

Laura Whitt-Winyard: So I'd like to think of myself as a servant leader. My goal is the greater good, always the greater good of technology, I mentioned previously this mission, this cybersecurity mission, it's really important to me, um, to get the entire team on board with this mission, and it's not just about a job or a career. I like to think of myself also as, uh, in a football analogy, I view myself as a center that PAs the path for the quarterbacks on my team to reduce the noise, to give them all the tools that they need to do their jobs and do their jobs well.

Laura Whitt-Winyard: There's so much information out there right now. For instance, there's BSides communities in just about every state that you could join and, you know, they're very accommodating to first time learners of cybersecurity. There's free training everywhere, so, um, uh, I like to use and recommend cyberary, um, which has a lot of free cybersecurity training. YouTube, Reddit, there's Discord channels on cybersecurity, um, Twitter, you know, there's so much information. Gather the information, start talking with people in the industry. Read cybersecurity news, um, that gets you into that mindset, there's a specific cybersecurity mindset that good cybersecurity professionals have.

Laura Whitt-Winyard: I don't really ever want to hang up my hat. I don't ever really want to retire. What I prefer to do is start a non-profit. When I'm at the point where I'm no longer being a CISO, I'd like to start a cybersecurity nonprofit. I'd like for people to go back and see that I've made a difference.