CyberVista’s Simone Petrella outlines practical steps for better security and her vision for the role AI will play in infosec.
Simone Petrella is chief cyberstrategy officer at CyberVista and an ISACA (Information Systems Audit and Control Association) expert on cybersecurity. She recently spoke at CSX North America.
At CyberVista, she is responsible for developing, communicating and executing strategic initiatives. She also leads product development and delivery of cybersecurity training and education curricula as well as workforce initiatives for executives and cyber-practitioners.
‘The best way to protect data is to go in with the assumption that no data is inherently safe’
– SIMONE PETRELLA
Prior to joining CyberVista, Petrella led Booz Allen Hamilton’s all-source cyberthreat intelligence business within the Defense Intelligence Agency. In the commercial sector, she helped financial and retail clients build out their cyber fusion centres.
Tell me about your own role and your responsibilities in driving tech strategy?
As an education and training company, CyberVista relies heavily on technology solutions that help enable the business while still keeping customer data secure. This spans a variety of areas, to include our learning management platform, work with virtual environment vendors, sales and back-end processing, and marketing initiatives.
The key is to constantly balance the needs of growing the business and using technology that can help do that, while still being mindful of the security and privacy needs of our company and our customers.
Are you spearheading any major product/IT initiatives you can tell us about?
One of our largest current initiatives is building out a role-based training offering and platform that helps organisations better align cybersecurity professional training based on specific cyber job roles.
This product will allow individuals and employers to assess their strengths and competencies, resulting in a 100pc online professional development solution that helps address talent identification, training and retention. In addition to having a modular framework that focuses on skills and is aligned to specific job roles, it includes diagnostic, conceptual and experiential learning that is congruent with all major cybersecurity certifications.
In addition, we are working to integrate practical lab and scenario-based exercises into the training curriculum and platform to address the need for hands-on learning and experience.
How big is your team? Do you outsource where possible?
We are around 50 people total, including a variety of subject-matter experts and personnel in sales, marketing and curriculum. We do outsource functions where possible. Sometimes, outsourcing is a more secure option than building something ourselves. Other times, it allows us to get products out to market more quickly as we focus on the core material that differentiates us (rather than wasting time building out infrastructure).
What are your thoughts on digital transformation and how are you addressing it?
I think there is no way to ignore the importance of digital transformation for our customers, their needs, and the shifts in the industry. In many ways, CyberVista is premised on this notion of digital transformation, since we focus on providing entirely online cybersecurity training solutions and believe strongly in the idea that today’s customers need the ultimate flexibility, cost-efficiency and high quality – especially when it comes to preparing their workforces.
By focusing on optimising the customer experience online and making online training as interactive and engaging as possible, we think we’re well positioned given the recent focus on digital transformation.
What big tech trends do you believe are changing the world and your industry specifically?
The current buzz around artificial intelligence (AI) certainly has the potential to change the world, but I do think we’re still a long way from achieving true AI. That said, I think the continued automation of repeatable and predictable tasks/functions has increased – and will continue to increase – business and personal efficiency.
There’s also a downside to all this: the same AI algorithms that allow us to collaborate and move quickly can also easily be exploited and abused, especially given the ability of social media platforms to proliferate false information.
I think AI certainly has this same ability to change the cybersecurity industry, especially when it comes to how that impacts the workforce. Increased automation of data analysis and security handling will fundamentally change the kind of skills that security professionals will need to succeed in this new environment. Entry-level jobs will become rarer as they become automated, and employers will increasingly need higher-level analysts/professionals to ferret out exceptions and unique situations. Thus, I think this industry will see an increased demand for candidates with more diverse knowledge bases and qualifications in areas like critical thinking, communication and risk management.
In terms of security, what are your thoughts on how we can better protect data?
The best way to protect data is to go in with the assumption that no data is inherently safe. If you start with that assumption, you can make practical decisions on the best way to protect the data you have, whether that’s through segmenting customer usernames/emails from payment information, not retaining personally identifiable information itself, choosing not to collect certain data at all, or encrypting sensitive information using more sophisticated hashing algorithms.
But, like everything else, it’s a trade-off and it has to start with a strong understanding of the data you have, what you collect, and how truly sensitive it is. Once you know that, then you can make informed decisions about the controls, processes and policies that will best protect that data.
Want stories like this and more direct to your inbox? Sign up for Tech Trends, Silicon Republic’s weekly digest of need-to-know tech news.