Data Exfiltration, DLP
What is Data Exfiltration? Tips for Preventing Data Exfiltration Attacks
Tuesday, February 25th, 2020
Today, data is valuable currency. Don’t believe us? Data brokering is a $200 billion industry…and this doesn’t even include the data that’s sold on the dark web.  For an organization, this data can be anything from customer email addresses to financial projections and the consequences of this data being leaked are tremendous and far-reaching. When data is leaked purposefully and without authorization, we call it data exfiltration. You may also hear it referred to as data theft, data exportation, data extrusion, and data exfil.
What are the various types of data exfiltration? Data can be exfiltrated in a number of ways from both insiders and external bad actors. We’ll cover both in this article but, if you want to learn more about insider threats, read this blog: What is an Insider Threat? Insider Threat Definition, Examples, and Solutions. Here are some of the most common ways in which data exfiltration can be carried out. Email According to IT leaders, email is the number one threat vector. It makes sense.  Over 124 billion business emails are sent and received every day and employees spend 40% of their time on email, sharing memos, spreadsheets, invoices, and other sensitive information and unstructured data with people both in and outside of their organization.  Needless to say, it’s a treasure trove of information, which is why it’s so often used in data exfiltration attempts. But how? Insider threats emailing data to their own, personal accounts or third-parties External bad actors targeting employees with phishing, spear phishing, or ransomware attacks Employees, contractors, and other individuals with access to an organization’s systems and networks could email databases, calendars, images, planning documents, and other sensitive data to their personal email accounts or to other third-parties.  If there’s no security software in place to prevent an email from being sent anywhere, it just takes one click of a mouse to move data from inside of an organization into the wild.  But, it’s not just insiders who can exfiltrate data via email. Bad actors can, too, via phishing, spear phishing, or ransomware attacks. In this case, an employee (the target) will receive an email that appears to be legitimate. If successful, this fraudulent email will get them to share credentials, download a malicious attachment, or otherwise share sensitive information.  If the bad actor crafts the email in such a way that it appears to genuinely be from a trusted source like a CEO or third-party supplier, the target will often fall for the scam. Downloads/Uploads Data can also be exfiltrated via a USB or another personal device like a smartphone, laptop, camera, or external drive.  An employee (or someone else with access to the company network) simply has to download or upload the data without being detected in order for the attempt to be successful.  This happens more frequently than you might think. One report shows that: 15% of insiders exfiltrate data via USBs and 8% of external bad actors do the same 11% of insiders exfiltrate data via laptops/tablets and 13% of external bad actors do the same Via the Cloud  While working in the cloud, storage services like Google Drive and DropBox offer employees incredible flexibility (especially when working outside of their office environment), but there is risk involved around data exfiltration. Again, both insiders and outsiders could exfiltrate data via the cloud; all the person needs is access. Once they have access, they could simply copy, download, or print sensitive documents or they could modify the virtual machines, make malicious requests to the cloud service, and deploy malicious software. Physical theft  Before the digitization of many business operations, data was exfiltrated via physical theft. It still happens! This could involve someone taking documents or entire servers with them when they leave the office, or faxing documents to themselves or a third-party. In this case, lockable confidential waste bins, paper shredding devices, and security cameras or personnel could help secure sensitive data. But, how do you prevent digital data exfiltration? 
What types of tools and technologies can prevent data exfiltration?  Preventing data loss is a top priority for IT, security, and compliance leaders. Not only do they want to protect client and customer information and their own Intellectual Property (IP), but they want to avoid the many consequences that come from a data breach. But, data loss prevention (DLP) is a real challenge. And, while there are a handful of solutions, many fall short. Blocking or blacklisting domains, channels, or software     What it is: Data exfiltration prevention has often been simplified to stopping communication with certain accounts/domains (namely freemail accounts like @gmail) or blocking access to certain tools and software (like DropBox, for example).  Why it doesn’t work: This is a blunt approach that impedes on employee productivity. There are many legitimate reasons to communicate with freemail accounts, such as updating private clients, managing freelancers, or emailing friends and family about non-work issues. What’s more, a determined insider could easily circumvent this by setting up an account with its own domain. Secure Email Gateways (SEGs) What it is: SEGs are essentially more sophisticated spam filters. They’re used to block malicious inbound email threats like phishing attacks. Why it doesn’t work: While SEGs may be effective in blocking bulk phishing emails, they can’t stop all spear phishing emails. That means the most targeted attacks can still get through and employees could easily fall victim to an attack and unknowingly exfiltrate data to a bad actor. (Not sure what the difference is between phishing and spear phishing? Read this.) Labeling and tagging sensitive data What it is: The first step in any DLP strategy is to label and tag sensitive data. This way, it can be monitored (and stopped) when it is seen moving outside the network.  Why it doesn’t work: This approach relies entirely on employees tagging data correctly. Given how much data organizations handle, the manual process of tagging isn’t viable; employees may label incorrectly or, worse, not do it at all. Rule-Based solutions What it is: Organizations could implement rule-based solutions that take the form of “if-then” statements. These “if-then” statements involve keywords, email addresses, and regular expressions that look for signals of data exfiltration. Why it doesn’t work: Similar to tagging, rule-based solutions are impossible to maintain because data changes in value and sensitivity over time. Beyond that, you simply can’t define or predict human behavior with rules. That’s why 85% of IT leaders say rule-based DLP is admin-intensive and just 18% say it’s the most effective way to prevent data loss.  Training  What it is: Because it’s people who control our data, training is a logical solution to data exfiltration. In fact, 61% of organizations have training every 6 months or more frequently.  Why it doesn’t work: While training does help educate employees about data exfiltration and what the consequences are, it’s not a long-term solution and won’t stop the few bad eggs from doing it. You also can’t train away human error, including breaking the rules or falling for scams like phishing attacks. Learn more in our report: Why the Threat of Phishing Can’t Be Trained Away. Machine Learning What it is: Machine learning – especially ML models trained on historical email data – understands the intricacies and fluctuations of human relationships over time. That means ML models can constantly update their “thinking” to determine whether an action looks like exfiltration or not.  Why it does work: This is the “human” way forward. Machine-intelligent software recognizes what looks suspicious, much like a trained security professional could. However, unlike humans, it can do this thousands of times per second without missing information or getting tired.  How does Tessian prevent data exfiltration? Tessian uses stateful machine learning to prevent data exfiltration on email by turning an organization’s own data into its best defense against inbound and outbound email security threats.   Our Human Layer Security platform understands human behavior and relationships, enabling it to automatically detect and prevent anomalous and dangerous activity like data exfiltration attempts and targeted phishing attacks.  Importantly, Tessian’s technology automatically updates its understanding of human behavior and evolving relationships through continuous analysis and learning of the organization’s email network.  Tessian Enforcer detects and prevents data exfiltration attempts by: Analyzing historical email data to understand normal content, context, and communication patterns Establishing, mapping, and continuously updating every employee’s business and non-business email contacts into relationship graphs  Performing real-time analysis of outbound emails before they’re sent to automatically predict whether the email looks like data exfiltration. This is based on insights from relationship graphs, deep inspection of the email content, and previous user behavior Alerting users when data exfiltration attempts are detected with clear, concise, contextual warnings that reinforce security awareness training Tessian Defender detects and prevents data exfiltration attempts by: Analyzing historical email data to understand normal content, context, and communication patterns Establishing, mapping, and continuously updating every employee’s business and non-business email contacts into relationship graphs  Performing real-time analysis of inbound emails in real-time to automatically predict whether the email looks unsafe. This is based on insights from relationship graphs, deep inspection of the email content, and previous user behavior Alerting users when targeted email attacks are detected with clear, concise, contextual warnings that reinforce security awareness training To learn more about data exfiltration and how Tessian is helping organizations like Arm keep data safe, talk to one of our experts today.
Customer Stories
Mitigating the Risk of Data Exfiltration in a Regulated Industry
Wednesday, February 19th, 2020
McMillan Williams Solicitors (MW) is a British consumer high street law firm. It is a top 10 conveyancing law firm, operating across the south of England with a mission to provide accessible, affordable, inclusive, innovative and personal legal services. MW Solicitors is protecting 450 employees with Tessian Guardian, Tessian Enforcer and Tessian Constructor.
Making security a priority MW Solicitors provides legal advice to clients across the UK. Chief Information Officer David Fazakerley is responsible for ensuring that the firm’s IT infrastructure is efficient and fit for purpose. With over 1,000 new clients every month, protecting client data is a top priority.  Due to the high volume of clients, MW Solicitors’ attorneys must be efficient when tending to client needs. David notes that because of the pace of work, “mistakes can easily happen on email, especially due to features like autocomplete, which can lead to an email being accidentally sent to the wrong person.” David identified misdirected and unauthorized emails as two key problems that could compromise the firm’s data security.  What’s more, from a compliance point of view, data loss and exfiltration can cause significant issues for law firms, resulting in many hours spent on incident management and potentially having to file a report to the ICO. Seeking a solution that would ensure that their sensitive data remains secured, MW Solicitors turned to Tessian.
Efficiently mitigating the risk of data loss Tessian’s ability to easily integrate into MW Solicitors’ layered security system without having an impact on the infrastructure was a key benefit for the firm’s Risk and Compliance team. Tessian produced positive results shortly after deployment.  MW Solicitors deployed Tessian Guardian to prevent accidental data loss due to misdirected emails. One of the most common mistakes that can lead to a misdirected email is an employee inputting the wrong client email into a case management system. “This can be as simple as putting in instead of,” notes Charlotte Mays, Compliance and Data Protection Manager. This is a problem because case management systems are unable to recognize such mistakes. Tessian Guardian can prevent emails from being sent to an incorrect address saved in the case management system. It does this by analyzing the firm’s historical email data in order to understand sending patterns and relationships between contacts. By learning what the “normal” or correct email address is from previous communications, Tessian Guardian can automatically identify the abnormal email address and notify the user that the incorrect recipient has been included in the email.  MW Solicitors also deployed Tessian Enforcer to prevent data exfiltration by email to personal or non-business domains. Tessian Enforcer understands the difference between authorized and unauthorized accounts by looking at emails that each employee has sent and received in the past in order to identify non-business contacts. If an employee sends an email to an unauthorized account, Charlotte and her team are now able to easily detect this. This has been “a huge improvement, as before it might have been difficult to even identify the employee in the first place,” notes Charlotte. MW Solicitors’ Risk and Compliance team are now able to review the Tessian dashboard to see in real time if data has been sent to unsafe destinations. 
Building a culture of transparency David aims to build a culture of transparency when it comes to data security. If all employees have an understanding of the security solutions in place, David believes that this will improve employee awareness and accountability. As MW Solicitors continues to grow, highlighting the importance of data security will be vital.  Human error is a constant, but if employees are armed with the right tools to prevent mistakes from occurring in the first place, then damage can be minimized or avoided altogether.  Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
Spear Phishing
How to Identify and Prevent Phishing Attacks
Thursday, February 13th, 2020
Imagine you receive an email from FedEx with the subject line: You Missed a Delivery. Because you had, in fact, recently placed an order online and are expecting a delivery, you immediately open the email and follow the link to track your package. Everything about the email looks exactly as you’d expect it to; you recognize the sender as FedEx, the FedEx logo appears in the signature, the email itself is addressed to you, and it seems to contain information related specifically to you and your delivery. But, after following the link, your computer begins to slow and, behind the scenes, malware is consuming large chunks of your computer’s information, including personal data like saved credit card information and contact lists. What happened? You’ve fallen victim to one of the oldest and most prevalent cyber attacks in the book…phishing. What is phishing?
Although the technique was first described in a paper by HP back in 1987, the term “phishing” was actually coined in the mid-90s in a Usenet group for AOL by the well-known hacker Khan C Smith. Shortly thereafter, the term appeared for the first time in the AOHell hacking tool, which was used to generate and send fraudulent spam “from” AOL’s customer service team to users, tricking them into revealing passwords, birthdates, social security numbers, and more. While there are dozens of different “types” of phishing schemes that rely on different methods of obtaining data, the following criterion helps define this type of cyber attack. The sender is impersonating another person or company The content of the correspondence motivates users to act The message isn’t highly personalized and is sent to large amounts of people
Is phishing really a problem? While it’s been over two decades since the first phishing attack and today, most of us are attuned to what less sophisticated impersonations look like – for example, fake Nigerian princes asking targets for bank details in return for a share of their fortune – the threat is evolving and the stakes are higher than ever. Amazon, Apple,, PayPal, Target, and Qatar Airways have all made headlines in the last several years because of successful phishing campaigns in which attackers impersonated their brands and targeted their customers. While it’s difficult to quantify the total cost to individuals and the reputational damage inflicted on the spoofed brands, these scams negatively impacted tens of millions of people. The fact is, we’re spending more time online creating and sharing more data than ever before; in fact, employees now spend 40% of their screen time on email, which is why phishing is just as big of a problem for businesses as it is for consumers. While the intent and top-level tactics employed by bad actors can be the same for these two types of targets, the brands impersonated often differ. Why? Because employees tend to trust and interact with different types of brands and be motivated by different types of content. For example, while news of a missed delivery from FedEx might motivate a consumer, an employee is more likely to trust an email from Microsoft and will, therefore, be more motivated to follow a link to a login portal for Office 365. Hence why Microsoft is consistently a favorite amongst phishers.
Phishing tools and techniques Surprisingly, cybercriminals don’t actually need an arsenal of technical skills to create a successful phishing campaign. Phishing kits are readily available on the dark web and contain everything a “bad guy” needs to hook a phish including source code, images, scripts, spamming software, and sometimes, even lists of email addresses to target. In short, these kits make it easy for anyone with a bit of IT knowledge to clone a webpage and host their own look-a-like version. From there, attackers can (and do) effectively harvest data that unsuspecting victims enter into mirror versions of legitimate, branded login pages. Again, Microsoft tends to be a go-to, with 62 phishing kit variants used to target the brand’s users within an observation window of just 262 days. Of course, even without a phishing kit, it’s not terribly difficult to design a convincing email template that instills a sense of trust and confidence in targets to the point that they click a link, send a reply, or complete a form. What’s more, not all phishing schemes rely on look-a-like pages. Some attackers simply need to buy (or create) malware. Impersonation 101 As we’ve mentioned, at the core of every phishing attack is email impersonation. So, how do you successfully impersonate a person or brand? Let’s use the FedEx example and imagine that the only legitimate email address associated with the brand is [email protected] While cybercriminals can actually replicate that exact email address by spoofing the domain, it’s risky. To start, many major brands have adopted DMARC email authentication, which could prevent someone from directly spoofing their domain. But, with risk comes reward. Recipients of emails that are sent from spoofed domains have no way of knowing that an email wasn’t actually sent from its apparent sender.
Nonetheless, it’s more common for attackers to use domain variations that in some way resemble the authentic email address. The easiest way is to simply change the display name. Anyone – yes, anyone – can change their display name via their email account settings. That means that someone using an email address that’s in stark contrast to [email protected] can still use the display name FedEx Customer Service.
Likewise, attackers can register domains with the specific purpose of impersonating a legitimate company. There are dozens of phishing domain tactics, which include registering domains with just a one letter difference to the authentic domain and creating convincing sub, top-level or root domains.
Playing the odds Once the email itself has been crafted, it has to be disseminated. Importantly, time is of the essence. Since phishing by definition relies on a large pool of targets, it’s vital that the email is sent to as many unsuspecting victims as possible before the domain and/or servers used by the attacker are blacklisted. Phishing campaigns can be identified by the IP address and domain they’ve been sent from, which means that once a domain or IP address is known to be associated with malicious emails, email systems will redirect the email to a junk folder or reject it altogether. Let’s consider the odds. Phishing attacks have a 3% click rate. If the email is sent to 100 people, only 3 of them are statistically likely to open a malicious link or a download malicious attachment. If the email is sent to 1,000 people, 30 of them might fall for the scam, and so on. More targets equal more opportunity for success. An introduction to payloads Cybercriminals go to great lengths to deceive their targets, almost always with the intent of extracting data or infecting computers. As we’ve mentioned, data can be “extracted” by way of look-a-like sites that rely on the victims themselves willingly (albeit unknowingly) following a link and entering information. But, the data can also be captured over an extended period of time via an attachment that’s downloaded or installed. In the world of cyber attacks, these harmful links and attachments are called malicious payloads. When these malicious payloads take the form of an email attachment, they often fall under the larger umbrella of malware. It’s important to note, though, that not all phishing emails rely on malicious payloads. Zero-payload attacks simply use coercive language to implore the target to reply to or action a request, whether that be handing over an account number for an invoice or sharing credentials to a security tool. These types of attacks – often seen in more sophisticated schemes – are especially disquieting because cybercriminals are able to circumvent and evade legacy tools, payload inspection systems, spam filters and secure firewalls. Needless to say, there’s more than one way for bad actors to get whatever it is they’re after – from money to credentials – and as these payloads become more sophisticated, they’re harder for people and security software solutions to spot. Consequences of a successful phishing attack Today, phishing attacks are the most persistent threat to cybersecurity, with a marked 250% increase in frequency from 2018 to 2019 according to Microsoft’s annual Security Intelligence Report. That means that this year, you’re almost 3x more likely to have a phishing email land in your inbox than you were last year. So, what happens if you’re one of the 3% that falls for a phishing attack? The consequences are virtually limitless, ranging from identity theft to a wiped hard drive. Unfortunately for the average person, the phishing business is becoming more and more profitable for cybercriminals as the price tag for personal information continues to increase. But the consequences for businesses can be even more devastating, especially when you consider that the average cost of a data breach in 2019 was an incredible $3.92 million, a 1.5% increase from 2018. Needless to say, phishing is the number one cause of these types of breaches. In particular, spear phishing, phishing’s more targeted, personalized, and often more damaging counterpart. Phishing vs. spear phishing At face value, phishing and spear phishing seem almost impossibly similar. After all, the intent is identical. But, there are two key differences. While a phishing campaign casts a very wide net and is relatively easy to execute, spear phishing campaigns are targeted at fewer people, and with more personalized correspondence. Spear phishing requires more thought and time to successfully execute. In addition to the tactics that we see employed in phishing, bad actors in these more customized attacks will use information from company websites, social media, news articles, and more to engineer an email that’s believable, even to someone who’s been through extensive security awareness training. Oftentimes, cybercriminals impersonate someone in an authoritative position – for example, the CEO or a line manager – because employees tend to be less likely to question their superiors, are generally keen to help someone in power, and tend to act with a greater sense of urgency.
Zero-payload attacks like the one shown above can be particularly effective because a bad actor is able to build rapport with the victim by posing as a co-worker or superior, sometimes over a series of emails. How can you spot and stop phishing attacks? Unfortunately, innovation in email hasn’t evolved in tandem with the fast-paced digital transformation, which is one reason why reports of phishing attacks have continued to increase year-on-year. 6.4 billion fake emails will be sent today alone. Because this number continues to grow, it’s quite clear that spam filters, antivirus software, and other legacy security solutions aren’t able to keep pace with attacks that are becoming more and more complex by the day. That’s why it’s so important that individuals are scrupulous and inspect attachments and links before they’re downloaded or clicked. In particular, we recommend that you: Review the email address of senders and look out for impersonations of trusted brands Always inspect URLs in emails for legitimacy by hovering over them before clicking Beware of URL redirects and pay attention to subtle differences in website content Genuine brands generally won’t ask you to reply divulging sensitive personal information. If you’ve been prompted to, investigate and contact the brand directly, rather than hitting reply But what about businesses? While staff training, blacklists, URL and attachment inspection systems, and legacy rule-based solutions may be enough to block some phishing attacks, they aren’t always capable of stopping the more sophisticated incarnations. Even Secure Email Gateways (SEGs) – which were designed to stop high-volume spam and keep inboxes safe from malicious emails – can’t always identify more advanced, targeted attacks, in particular zero-day attacks, zero-payload attacks, and spear phishing attacks.
Businesses need to protect their human layer The tactics employed by legacy solutions – namely identifying malicious payloads and flagging blacklisted domains – are simply ineffective against the advanced impersonation tactics used by cybercriminals in spear phishing attacks. When the attacker is pretending to be someone the target trusts, it becomes a human problem, not a filter or software problem. Hence why 86% of data breaches are caused by human error. Businesses, therefore, need an adaptive, highly personalized tool that can help them detect impersonations on email in order to protect their users. That tool is Tessian Defender, and it’s powered by machine learning (ML). By learning from historical email data, Tessian’s ML algorithms can understand specific user relationships and the context behind each email. This allows Tessian Defender to not only detect, but also prevent a wide range of impersonations, spanning more obvious, payload-based attacks to subtle, social-engineered ones. To learn more about how tools like Tessian Defender can prevent spear phishing attacks, speak to one of our experts and request a demo today.  
Customer Stories
Strengthening Security in Biotechnology
Tuesday, February 11th, 2020
Gubra is a Danish biotechnology company that was founded in 2008. Gubra focuses on preclinical contract research services and drug discovery programs within the metabolic space. The organization has established itself across the globe as a highly professional and competent partner within academia, biotechnology and the pharmaceutical industry. Gubra is protecting 160 employees with Tessian Defender and Tessian Guardian.
Taking security seriously Gubra is a Danish preclinical contract research organization that specializes in model building and drug testing for a variety of metabolic diseases. Chief Technology Officer Morten Høgholm Pedersen oversees IT development, implementation and operations. With many of the globe’s largest pharmaceutical companies as customers, ensuring that Gubra’s IT systems remain secure is a top priority. Many of Gubra’s clients are very sensitive to data security due to the nature of the biotechnology industry. Therefore, it is imperative that their information remains safeguarded within the organization. “We share data via password protected fileshare solutions. So even though sensitive data would not be compromised, misdirected emails that employees could accidentally send would still seem unprofessional and undermine our reputation,” says Morten. Additionally, with the rise in spear phishing attacks, Gubra also needed a solution that would better protect the organization from inbound threats on email. Gubra turned to Tessian.
Upholding credibility through secured systems Tessian was successfully implemented into Gubra’s security stack. Administered by Gubra’s IT team and overseen by Morten, Tessian gives Gubra transparency into their email security. Gubra is now protected from accidental data loss due to misdirected emails with the implementation of Tessian Guardian. For Gubra, the most powerful feature is Tessian Guardian’s ability to automatically identify an abnormal email address and notify users in real time that the potentially wrong recipient has been included. “The pop-up warning that tells people they could be sending an email to the wrong person has had a learning effect on the organization,” notes Morten. For Gubra, Tessian Guardian has led employees to become even more cautious. Many spear phishing attempts try to lure employees into paying fake invoices; and attackers are convincingly impersonating familiar parties. For Morten, the biggest concern for the organization is maintaining data security and credibility. Tessian Defender automatically prevents advanced impersonation-based spear phishing attacks by using stateful machine learning models to analyze historical email data and understand relationship context. Tessian Defender can detect impersonation from both internal and external parties and is helping Gubra defend itself from inbound threats.
Staying vigilant in a changing environment Human error is inevitable, and people will make mistakes on email, but they can be mitigated if the right tools are in place. For Morten, “it should be a standard for all companies to have a high degree of protection using the most advanced tools available against phishing attempts and misdirected emails.” With attackers getting more sophisticated with their tactics, it will be important for organizations to stay proactive with their security strategy. Gubra can now ensure that their clients’ sensitive data remains secured.
Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions in the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
How Does Data Loss Prevention for Email Work?
Sunday, February 9th, 2020
Data Loss Prevention is a vital part of security frameworks across industries, from Healthcare and Legal to Real Estate and Financial Services. There are dozens of different DLP solutions on the market, each of which secures data differently depending on the perimeter it is protecting. There are three main types of DLP, including: Network DLP Endpoint DLP Email DLP While we’ve covered the topic of email DLP broadly in this Complete Overview of DLP on Email, we think it’s important for individuals and larger organizations to fully understand what the proper application of email DLP can offer and, with that, why it’s so important to know which email DLP system to implement. How can DLP for email protect an organization? Importantly, there are two types of threats DLP must account for: Accidental Data Loss: To err is human. For example, an employee might fat finger an email and send it to the wrong person. While unintentional, this mistake could and has led to a costly data breach. DLP solutions need to be able to flag the email as misdirected before it’s sent, either by warning the individual or automatically quarantining or blocking it. Malicious Exfiltration: Whether it’s a bad leaver or someone hoping to sell trade secrets, some employees do, unfortunately, have malicious intent. DLP solutions need to be able to identify data exfiltration attempts over email before they happen in order to prevent breaches. An introduction to rule-based DLP On a basic level, the bulk of DLP solutions operate via rule-based policies, using if-then statements to lock down data after it’s been classified. For example, if you want to ensure your HR department doesn’t share personally identifiable information (PII) like employees’ social security numbers, you could create a rule on email: “If an outbound email to a party outside of the organization contains the word ‘social security number’, then block. it.” You could also create a more broad rule. For example, if you wanted to prevent accidental data loss of company information, you might forbid employees to send emails to their personal email accounts. To enforce this, you might block all emails from an official company account to freemail accounts like,, or Of course, these rules need to be set up separately for each organization where a DLP system is implemented. Various factors can influence these rules, including the type of data being protected, workflows, and existing policies, procedures, and tools. This will help you recognize potential “borders” that sensitive data shouldn’t cross. The limitations of rule-based DLP Unfortunately, DLP – especially rule-based DLP – can be a blunt instrument.
Rules simply don’t reflect the limitless nuances of human behavior. A better approach to DLP While IT and security teams could work tirelessly to properly deploy and maintain rule-based DLP solutions to detect potential threats and limit the exposure of sensitive data, there’s a better, smarter way. Human Layer Security. Instead of rules, Tessian’s DLP solutions use contextual machine learning models to understand the context of human behavior and communications. Trained on historical emails and real-time correspondence, machine-intelligent software can recognize what looks suspicious; similar to what a human cybersecurity expert could do. However, unlike humans, it can do this thousands of times per second without missing key information or getting tired. Which email DLP solution is right for my organization? As we’ve mentioned, each organization has different needs when it comes to DLP. Some might need more network protection while others need to lock down email. In either case, it’s important to consider the budget, ease of deployment, and internal resources alongside the biggest threat vectors for data loss. If your biggest concern is data exfiltration and you’re looking for a solution that’s easy and quick to deploy and that doesn’t require heavy maintenance from an administrator, Tessian Enforcer may be right for you. If your biggest concern is accidental data loss and – again – you’re looking for a solution that’s easy and quick to deploy and that doesn’t require heavy maintenance from an administrator, Tessian Guardian might be for you.
Human Layer Security
Tessian Human Layer Security Summit: Meet the Speakers
Friday, February 7th, 2020
On March 5, Tessian will host the first Human Layer Security Summit in London. We’ll be welcoming 10 speakers with diverse backgrounds to the stage as we take a deep dive into what exactly people-centric security means. On the day, attendees can expect thought-provoking presentations by leaders from renowned institutions, a panel discussion about Human Layer Security featuring some of Tessian’s customers, and an analysis of emerging social engineering threats from an ethical hacker.
Keynote Speakers Mark Logsdon, Head of Governance and Assurance Prudential Mark – who has held senior security positions at top-tier financial service companies for over a decade – will be highlighting the challenges and opportunities associated with creating and maintaining a positive security culture within an organization. Attendees can expect a multi-faceted presentation that covers how cybersecurity can and should enable business objectives, the value in creating a proactive security environment, and the importance of collaboration across departments for cybersecurity advocacy. Tanja Podinic, Assistant General Counsel  Dentons Working at the intersection of tech and legal, Tanja is in a unique position to highlight the implications the digital transformation has had on risk for businesses. She’s particularly interested in how innovations in technology can help mitigate the risks around people. Now, with Dentons having implemented Tessian’s solutions – Tessian Guardian and Tessian Enforcer – she’ll also be joining the panel session to discuss how machine learning has helped her organization prevent misdirected emails and data exfiltration on email. Read more about how Tessian has helped Dentons protect their data here.
Panel Session Timor Ahmad, Head of Data Governance & Privacy Lloyd’s of London Timor – who believes data should be treated as an organization’s core asset – has years of experience managing data protection, privacy, and quality. With a special interest in business enablement, Timor has seen how Human Layer Security can give businesses across industries a competitive edge. Jamie Travis, Head of Information Security Herbert Smith Freehills With a great deal of experience in leading large-scale security improvement projects, Jamie has a strong interest in understanding how risk management and human behavior go hand-in-hand. This requires that he not only create strong security policies, but also that he fosters strong internal and external relationships. He now uses Tessian to mitigate risk associated with human error and people-centric security is a key focus for 2020. Mark Parr, Global Director of Information Technology HFW After a 27-year military career delivering command and control networks and communications and information systems, Mark moved into the financial sector to focus on people operations within cybersecurity. Currently heading up Information Technology at a global law firm, he’s using his expertise in Risk Management and Information Assurance alongside Tessian to navigate challenges associated with human error. Ethical Hacker Glyn Wintle, CEO & Founder  Tradecraft  Having started his career as a penetration tester, Glyn has incredible, hands-on experience in helping organizations defend themselves against ever-evolving threats. He’ll detail how hackers combine psychology and technical know-how to create highly targeted (and highly effective) phishing attacks and other forms of social engineering. Join us at Tessian Human Layer Security Summit Over the next several weeks, we’ll be releasing even more information about Human Layer Security Summit and the speakers who will be attending. Follow us on LinkedIn to be the first to get these updates. If you haven’t yet saved your seat to join those who are putting people-centric security at the top of their agenda, do so now! Spaces are filling up quickly.
Opportunity in Cybersecurity: Q&A With Swati Lay From Funding Circle
By Maddie Rosenthal
Thursday, February 6th, 2020
Swati Lay, who has more than 20 years’ experience in software development and information security, is the Chief Technology Officer (CTO) at Funding Circle, a peer-to-peer lending marketplace that allows the public to lend money directly to small and medium-sized businesses. Her interest in cybersecurity was piqued at 16-years-old with a course on Number Theory and Cryptography and, having earned her Bachelor’s Degree in Electrical Engineering and Operations Management from Princeton University, Swati started her career at Merrill Lynch in New York as a software developer.  Since then, she’s held leadership positions both at scale in larger enterprises and in higher growth environments, including retail banking at Barclays Bank and gaming, where she was the Director of Information Security at Betfair, what was then a FTSE 250 gaming operator.
Q. Describe your role as a CTO in 300 characters or less. I’m responsible for all of Funding Circle’s technology capabilities globally. Q. You’ve been apart of the larger cybersecurity industry for over 20 years. How did you get involved initially? My first real introduction to cybersecurity was a Number Theory and Cryptography course I took when I was 16-years-old. While I was so fascinated by the subject, I remember thinking that I wasn’t the strongest from a math- perspective and that, because of that, I just wouldn’t be able to get a job in this industry. Fast forward several years later, I’ve graduated from Princeton University, am working at AT&T as a Systems Engineer, and I started to realize that there are actual applications of cryptography in the business world. Importantly for me, its application in the business world is more focussed on implementation rather than the math behind it, so I was able to really get my head around it.  A colleague of mine at AT&T moved to Merrill Lynch to an Information Security team and asked me if I’d be interested in coming along. The rest is history! For me, it really was fulfilling a childhood dream. Q. Why did you initially write off the industry as an option for you? It just seemed so far out of reach. I didn’t understand what skills were required, in part because cybersecurity really wasn’t its own, standalone industry yet.  What’s even more sad, though, is that’s still the case for many people today.  Despite the industry being more defined than it ever has been, there’s still a lot that needs to be demystified to really get people interested and involved. Q. If you were discouraged based on preconceived notions about the industry, what skills and interests can you point to that are actually necessary to thrive in a cybersecurity role? I think people view cybersecurity as a black art. But, it’s really not that obscure! There’s an incredible range of opportunities available, and not all of them require technical skills.  Yes, when you consider more general engineering, technical skills are paramount. But when you think about management roles, you need communication, collaboration, vision, etc.  Then, you look at cybersecurity more broadly. What you really need is the ability to communicate risk in a way that enables decision-makers to do their job.  People don’t always understand the work you’re doing or why it’s important, and that can make you second-guess yourself. That’s why we need people who are willing to do some really deep problem solving, people who are willing to dive into deep issues and not be afraid to have a contrary point of view.  You have to be smart. You have to be disruptive. That’s why it’s so important that we diversify the population of people working in cybersecurity. We need to round out our teams and encourage more than just technical skills. If we don’t, the implications will be quite severe, especially because we’re not just protecting financial institutions and governments anymore. Companies across industries – small, medium, and large – have seen the value in building out cybersecurity functions.  Q. Does your senior role enable you to empower more people to explore the opportunities available in cybersecurity? I think every person in senior leadership in cybersecurity wants to empower more people to explore these opportunities that are available. A big piece of that is role models. You have to see it to be it!  I remember when I was 12-years-old,  someone mentioned an Ivy League school to me and I thought “I’ll never be able to do that!” It wasn’t until I saw people who had the same background and upbringing as me going to these schools that I finally thought I could do it, too. That’s why now – especially because I’ve been so fortunate throughout my career and have had so many incredible opportunities – I want to show the next generation that they can have those same experiences.  This profile is a part of the larger Opportunity in Cybersecurity Report 2020. Click here to download the report and click here to read more profiles of women in cybersecurity, including professionals from IBM, KPMG, Nielsen and more. #TheFutureIsCyber
Opportunity in Cybersecurity: Q&A With Amy Johnson From Herbert Smith Freehills
By Maddie Rosenthal
Tuesday, February 4th, 2020
Amy Johnson is the Information Security Manager at Herbert Smith Freehills, an international law firm with headquarters in both London and Australia. She’s worked in cybersecurity for over six years and started her career as a Lead Investigator at Freshfields Bruckhaus Deringer. Before entering the cybersecurity industry, she worked in Human Resources. While she doesn’t have a formal education that’s focused on cybersecurity, she’s earned five certifications to-date, including her Certification in Information Security Management Principles (CISMP), Certified Information Security Manager (CISM), Certified Data Protection Officer (CDPO), ISO 27001 Implementer, and Certified Information Systems Auditor (CISA).   Next, she’ll aim to earn her Certified Information Systems Security Professional (CISSP) qualification.
Q. Describe your roles as a Security Manager in 300 characters or less. I monitor system user behavior and I review client security requirements and questionnaires. I’m very much forward-facing and part of my job is to guide the firm and our people on how to work with information and technology in a safe and secure way. Q. How did you get started in this industry?  I don’t have a background in cybersecurity. I actually studied HR and worked in that industry for years. About two years into working at Freshfields Bruckhaus Deringer, Mark Walmsley, who was the CISO at the time and still is, started creating a new group called the Information Security Group (ISG).   At that point, I was ready for a career change. I wanted to do something that wasn’t just exciting every day, but different every day. The idea of protecting people, investigating threats, and creating training materials about the evolving risks in information and cybersecurity really, really interested me.  I decided to go for it and got the job! I was the Lead Investigator there for about five years. Since then, I’ve earned different certifications and have really catapulted myself into a more senior position that I’m in now at Herbert Smith Freehills. Q. Did your previous experience help prepare you for your first role in cybersecurity? Monitoring/ investigating systems can be a sensitive subject which means you have to be hyper-aware of data privacy laws, etc. That’s something I was able to bring to the table because of my previous experience.  But, to really be successful in a cybersecurity role, you have to be familiar with not just the current threats, but the new and evolving technologies. You have to stay on top of that. I didn’t get that exposure until I started. I also didn’t have any technical skills when I started. I learned on the job, which – to me – is far better than going to study.  Cybersecurity is really about putting what you know into practice. Q. Do you have any thoughts on why women only make up a quarter of the cybersecurity workforce? A lot of women in tech might not see cybersecurity as a suitable career path because it is considered quite a masculine profession. That’s probably ingrained at a very young age. It’s important to not be discouraged by that, though. Bear in mind, I came from a HR background; that’s a field where you’ll often work in a team that’s all women. Moving into this industry, I’ve often been the only woman within the teams I’m working in. But, that doesn’t mean I don’t feel like I belong. I don’t find men that intimidating!  Women can be just as successful in this industry and opportunity, recognition, and progression are absolutely available to those who work hard. Q. In terms of progression, do you feel like a career path to a more senior position is clear?  To be very honest, I’m already very proud of how far I’ve come in the last 10 years. When I first moved to London, I was making significantly less than I’m making now. I’ve consistently worked my way up the ladder since then. I’d still really like to learn and grow more within this industry and I certainly have dreams of being a CISO or a head of a department eventually. But, the opportunity for growth can really depend on how big your department is. Cybersecurity is still growing, and not all organizations have large teams which means you may not necessarily see what your next step will look like or what skills you need to develop to take that next step. It can be hard. But, the skills you get at any one organization are really transferable. This profile is a part of the larger Opportunity in Cybersecurity Report 2020. Click here to download the report and click here to read more profiles of women in cybersecurity, including professionals from IBM, Funding Circle, KPMG and more. #TheFutureIsCyber
Opportunity in Cybersecurity: Q&A With Kim Smathers from Snapdocs
By Maddie Rosenthal
Saturday, February 1st, 2020
Kim Smathers, who has worked in this field since the mid-90’s, is the Head of Information Security and Compliance at Snapdocs. Her resume is extensive and includes big names like Symantec, Walmart, and Jobvite among many others, as well as several years experience teaching Microsoft and Citrix certification courses and Engineering at the Computer Learning Institute. She’s just as passionate about building agile teams as she is about risk assessment and resolution and considers communication the most important aspect of being a leader. 
Q. Describe your role as a CISO in 300 characters or less. My job is all about giving people an understanding of risk and figuring out how to translate, address and resolve that risk. Q. How did you end up in a cybersecurity leadership position? The surprising thing about me – especially given where I am now in executive management – is that I don’t have a significant formal education. While I completed a bit of college, I didn’t earn my degree. But, a few years before Microsoft took off, before laptops were even a thing, I went to The Computer Processing Institute in Connecticut. This was back when computers took up an entire room!  That’s where I got my start and, for some reason, not only was I really interested in it, but it was really easy for me. I had a natural aptitude first towards coding, then networking, then technology, and I just kept going. Every time things changed, I changed. And, you have to remember, when I first started out, security wasn’t really a “thing”. It’s evolved and grown so much since then. Now, there’s so many different facets to it, so much depth. Q. What changes have you seen in yourself since then? For quite a long time, I was the only woman in the room and I would often be leading teams that were exclusively male. It was very, very hard to find any women working in information security or cybersecurity and it was even harder to find these women in leadership positions.  Initially, working in a male-dominated environment led me to think that I needed to adopt more masculine attitudes. I think a lot of women who have worked in the industry as long as I have would tell you a very similar tale. Doing this – trying to act like someone else or act how you think people want you to act – is problematic for so many reasons.  Once I started taking the time to talk to other women, I changed my approach. You’re going to get push-back from people no matter what; this taught me to rely on data instead of adopting attitudes that weren’t mine. That enables a lot more diplomacy and – more importantly – authenticity. That’s what’s really allowed me to thrive and do my best work. Q. Are you starting to see more women in leadership positions like you? There’s still only a tiny percent of women in senior leadership positions in this industry but I do see a shift, yes. Only in certain places, though. In certain companies – specifically really established companies – you still have boardrooms that are filled predominantly with white males. You can’t underestimate the impact that has on a larger organization. It all trickles down. If you’re a woman in that environment with aspirations to be in senior leadership and you’re only seeing one kind of person in those positions, the career path there can seem very unclear.  But, when you work in an organization like I do now, there’s an incredible amount to compare and contrast. There are women, there are people of color. It’s a totally different environment. Q. What advice would you give women who want to achieve the same sort of success you have? Be authentic to who you are and what you’re thinking and let go of the fear of saying “I don’t know” or “Explain it to me” or “Can I have more information, I’m not sure I understand”. Asking these questions doesn’t mean that you’re ill-informed or don’t know enough. Letting go of that fear will give you a lot more control over what goes on around you. When I build out my teams, I avoid people who are absolutely convinced that they already know everything there is to know about a topic. That almost eliminates the possibility of having a conversation and, in cybersecurity, collaboration and openness are absolutely vital. We’re influencers. My job is to bring diverse groups of people together, make them feel comfortable, and let them really exercise their creativity in order to actually influence other teams and solve problems.  This profile is a part of the larger Opportunity in Cybersecurity Report 2020. Click here to download the report and click here to read more profiles of women in cybersecurity, including professionals from IBM, Funding Circle, KPMG and more. #TheFutureIsCyber
Opportunity in Cybersecurity: Q&A With Sara Zahid From Jefferies
By tessian
Friday, January 31st, 2020
Sara Zahid is the Assistant Vice President at Jefferies, a global investment banking firm headquartered in New York City. After earning her Bachelor’s Degree in Business Administration with a focus on Finance from the University of Toronto, she started an internship at Scotiabank. Over the course of 5 years, she was promoted several times to eventually become a Lead Business Analyst. After that, she transitioned to a more IT-focused role and gained product management experience at Clarus Commerce. In her current role at Jeffries, she’s combined her business acumen with IT project management to safeguard the company’s Information Security. 
Q. Describe your role as an Assistant Vice President in 300 characters or less I am responsible for requirements gathering, simplifying requirements, testing, organizing sprints, managing the sprint cycles, delivering requirements, communicating with stakeholders and management, and other business analysis and project management activities across Jeffries’ Global Information and Technology umbrella. As a manager, one of my key responsibilities is to make sure the team stays organized. Q. Have you always been interested in cybersecurity? When I was younger, I always got feedback that I was creative, so I initially pursued marketing. But, as soon as I started as an undergrad, I realized that I was missing an important piece, which was practical, hands-on work. I actually got an offer for a marketing job straight after college and didn’t take it because it just didn’t seem interesting enough. It didn’t seem like a challenge. That’s what drove me to consider finance, then IT, and now cybersecurity.  I love to critical-think, I love to strategize, I’m great at problem-solving. It’s been a great fit. Q. What did your path into this industry look like, then? A recruiter actually reached out to me based on my experience in product management and business analysis. At that point, I had zero exposure to cybersecurity. I didn’t know what it looked like. But, during the interview, I was told that if you have a background in IT, you’ll be able to pick-up cybersecurity. It’s not rocket science.  That was hugely comforting to me and enabled me to look at the job description with a much more open mind.  They were looking for an experienced project manager who was willing to learn. I ticked both those boxes. The journey from that day until today has been exactly that: all about learning.  Q. Was it challenging to transition from business analysis to a highly technical role? I’d say my knowledge base is currently 50% technical and 50% business analysis. But that’s part of the appeal for me. It’s something I have to work at, especially because IT and cybersecurity change so drastically, so quickly.  That means that I have to learn something new every single day and I’m not afraid to admit that. I don’t think that’s a weakness, I think that’s a strength. I know 50% more about cybersecurity than I did a year ago and that number is only going to continue to grow.  And I’m not afraid to ask questions! I’m not afraid to say that I don’t know.  Asking is the only way that you get an opportunity to get involved and expand on what you already know. Q. Has your work in cybersecurity so far been what you expected it to be? I didn’t fully grasp how many problems the industry solves until I got into cybersecurity myself. Even with a background in IT and business, I didn’t know. You think about logging into your computer every morning at work. We all do that. I never even considered how a functionality like that is safeguarded until I started in cyber. Most people don’t spend time thinking about how many characters their password has or whether or not two-factor authentication is enabled, the work behind the scenes is normally done for us. I’m now the one behind the scenes doing that work. And it’s incredibly important work! Not just for the individual, not just for the company, but for any and all external parties involved in that company as well.  Q. Did you face any challenges related to the disproportionately low percentage of women in the industry? It’s very clear that there are fewer women in this field than there are men, but I don’t feel – or haven’t been made to feel – like I’m less than because of that. If anything, I’ve gotten more respect from male colleagues because of it. It’s actually in many ways empowered me and boosted my confidence. Not only have I taught myself about the industry and progressed by doing so, I’ve progressed in an industry where not many women currently exist. That’s something to be proud of, not burdened by. I also have to give credit to my colleagues and managers and people in leadership; the culture at Jeffries enables me to do my best work. The problem isn’t solved just by acknowledging that there’s a problem. It’ll take time. But, this is such an important industry and we’re solving real problems with a real impact. It’ll continue to evolve, expand, and attract more people. This profile is a part of the larger Opportunity in Cybersecurity Report 2020. Click here to download the report and click here to read more profiles of women in cybersecurity, including professionals from IBM, Funding Circle, KPMG and more. #TheFutureIsCyber
Data Privacy Day: Why You Need to Protect Your People
Tuesday, January 28th, 2020
Everyone has an email blunder story. Whether you forgot to bcc someone or you sent a message to the wrong person, mistakes on email are common. After all, the average worker spends two fifths of their working week on email, so accidents are bound to happen. But it could be happening in your organization more often than you think. According to our data, employees at large organizations send over 130 emails a week to the wrong person. What’s more, workers are also sending company data to unauthorized or personal email accounts nearly 200,000 times a year. In SMBs, we found that employees send as many as 177 emails a year to the wrong person.
Our data highlights how much of a risk employees pose to an organization’s data security. Misdirected emails – emails accidentally sent to the wrong person – are particularly dangerous. Beyond just embarrassment over cc’ing the wrong person, for example, we are seeing serious repercussions as more people expose personal and corporate data. Simply misspelling a name can result in sensitive data or company secrets falling into the wrong hands and your company facing a regulator’s wrath. More than a simple mistake In fact, latest figures from the Information Commissioner’s Office (ICO) reveal that emails being sent to the wrong person were the leading cause of online data breaches during 2019. UK organizations reported 1,357 data breaches caused by people emailing the incorrect recipient last year, up from 447 in 2017. That’s a 300% increase in misdirected emails over two years.
Last year, the ICO made it clear that failure to implement appropriate organizational and technical measurements to protect data under GDPR will result in significant penalties. With so much at stake, businesses need to consider whether their company data is properly protected from incidents of human error. And Data Protection Day (EU) / Data Privacy Day (US) on 28 January acts as a timely reminder to do this. To keep data safe, businesses need to start at the human level and protect their people. Human error is the leading cause of data breaches, and this is because people make mistakes, break the rules and are easily hacked. In many cases, people may not even realize they’re doing anything wrong. Businesses, therefore, need to take a people-centric approach to cybersecurity that focuses on educating and protecting their employees. But in addition to policies and training, organizations also need to add an extra layer of security. Securing the human layer Human Layer Security (HLS) is technology that secures all human-digital interactions in the workplace. By focusing on the human layer (employees, suppliers, customers) as opposed to the machine and systems layer (networks, devices, apps), HLS keeps business’ sensitive data and systems safe. Tessian’s Human Layer Security technology understands human behavior and relationships, enabling it to detect and prevent dangerous activity. Importantly, Tessian’s technology learns and adapts to how people work without getting in the way or impeding productivity. Tessian uses stateful machine learning models to analyze historical email data in order to understand human relationships and communication patterns. Once we know what normal and abnormal look like, Tessian can automatically predict and prevent security breaches caused by people, for example, accidentally sending emails to the wrong person or exfiltrating sensitive data to personal accounts. Given the huge volumes of sensitive data exchanged every day, the consequences of just one of these emails ending up in the wrong hands are extremely damaging. Not to mention the serious financial penalties of personal data breaches. It’s time to protect your people with Human Layer Security.
Opportunity in Cybersecurity: Q&A With Tess Frieswick From Kivu
By Maddie Rosenthal
Tuesday, January 28th, 2020
Tess Frieswick recently started a new job as a Client Success Manager at Kivu Consulting after spending a year working at Uber as a security consultant. She started as a Security Analyst straight out of college and was promoted to a more senior position after just six months.  In addition to earning her Bachelor’s Degree in World Politics with a minor in Islamic World Studies at The Catholic University of America, she’s gained political experience through internships at the International Model United Nations Association (IMUNA), the National Consortium for the Study of Terrorism and Responses to Terrorism (START), and the American Enterprise Institute.
Q. How did you end up in cybersecurity after studying World Politics and Islamic World Studies? I was fortunately hired to work for IMUNA during my first semester of college after getting involved in the organization in high school. I really lucked out and was assigned to work on the Counter-Terrorism Executive Directorate which, at the time, was focused on the terrorist group Boko Haram in Nigeria. I loved learning about African politics and counter-terrorism efforts in the region which sparked my interest in international security.  By the time I was ready to graduate, I was more certain that was the direction I wanted to take, I just wasn’t sure in what particular specialty. I had a few years of experience in counter-terrorism, but no real experience in cybersecurity. Q. What was it like, then, starting as a Security Analyst at Uber so soon after graduating? When I first started, I was a bit intimidated. I was the youngest on my team, didn’t have my Master’s, and was one of the only women on my team. I felt like I had a lot to prove, but that inspired me to work really hard. I had a manager and a boss who both recognized and valued my skills and trusted me with big projects that had a global impact.  My team actually worked on 565 different tasks from executive protection to assessing phishing emails. That experience really reinforced that cybersecurity was the path I wanted to pursue. Q. What interested you the most about cybersecurity? The 2016 presidential election piqued my interest. I remember learning about Russian interference, bots, and the manipulation of social media after Trump was elected and recognizing that cyber security is bigger than people realize. It provides a new landscape for modern warfare and these things are changing the dynamics of politics. Even something like the recent assassination of Qassim Soleimani; that presents a potential cyber warfare risk. After the assassination, I was doing assessments and considering what retaliatory actions Iran may take. Could it result in cyber warfare? Would they target critical United States infrastructure?  Developing technology is driving all of this; it’s changing everything. Politics is constantly evolving, especially with the development of cybersecurity and cyber warfare. It’s fascinating!  Q. Did you have any specific technical skills that made you especially marketable for jobs in the field? I haven’t taken any cybersecurity-specific classes. Everything I know about cybersecurity I either taught myself by reading or learned on the job. After leaving Uber, I was really upfront during interviews that I didn’t have technical skills. But, that was balanced by the fact that I can learn really quickly. That’s what I focused on. I think my writing background was also something that made me stand out. I have experience writing intelligence products in a strong, thoughtful way. At Uber, I wrote over for a project 70 documents, including style guides for products, global standard operating procedures, and security policies. Talented writers might be surprised that they have a place in cybersecurity but they’re needed to create really polished products that impress clients. Q. You had an internship at an all-female media company while you were in college. Was that a formative experience in your professional development? In every single internship I’ve had, I’ve had a woman that I looked up to for advice and counsel. I’m also just a huge feminist. I’m obsessed with Ruth Bader Ginsberg – she’s my hero, and I love Madeleine Albright. From athletes to politicians, I’m constantly seeking out stories of successful women, and women fighting for equality and change, to motivate me. I still think of some of these mentors years after working with them and I hope I am making them proud. Now, as the only female leader in my new role, I have a responsibility to step up and empower other females, too. This is especially important for women who are shy or aren’t as quick to speak up. Those people – even if they’re smart and capable – can be overlooked. Backing up their ideas, supporting them, making sure they feel empowered…it all makes a big difference.  This profile is a part of the larger Opportunity in Cybersecurity Report 2020. Click here to download the report and click here to read more profiles of women in cybersecurity, including professionals from KPMG, Funding Circle, IBM and more. #TheFutureIsCyber