‘Cybersecurity is a constant balance between usability and security’

11 Sep 2020

Michelle Lindblom, Salesforce. Image: Michelle Lindblom

Salesforce security awareness manager Michelle Lindblom talks about her journey in cybersecurity and how the industry is changing.

Michelle Lindblom is the security awareness manager at Salesforce. After years of hopping around many different industries, she landed a role in the banking sector, supporting the SVP of fraud prevention and the chief information security officer. “From that day forward, I have been fascinated and passionate about security, and specifically cybersecurity,” she said.

In her current role, Lindblom educates internal employees on best security practices. This means speaking to all levels.

“Some may know a lot about security, but most people do not and take it for granted in their daily lives. Those are the people I love educating the most because I really have an opportunity to teach them how to take control of their data and own their digital destiny.”

‘Security is a shared responsibility’

Lindblom said one way Salesforce staff are trained is through the company’s own training platform, Trailhead. The tool is a public-facing platform that has a number of ‘trails’ on different subjects, including teaching users how to use Salesforce products.

“We utilise Trailhead for all of our internal training as well, where I help spearhead all of our security awareness training,” she said.

How has the cybersecurity industry changed?

When it comes to cyberattacks, Lindblom said phishing attacks still appear to be the top way to breach a company, but she has noticed the attacks becoming much more sophisticated in recent years. “Attackers have learned how to spell correctly and target their victims in more direct ways.”

On the data protection side, she has seen a bigger focus on “the human element”, which is necessary in order to protect data. “Cybersecurity is a constant balance between usability and security,” she said.

“We can make systems secure enough to never be attacked but this would also mean no one could ever access or use them. Putting a focus on teaching users how to best secure their data is one of the best tactics we have at our disposal.”

Another positive change she has seen is an increase in diversity. She works closely with non-profit organisation Women in Cybersecurity, which focuses on “lifting women up and diversifying the security industry landscape”.

It helps students and industry professionals review CVs or résumés, hosts mock interviews and offers career advice with industry professionals during its yearly conference.

Lindblom added that learning how to navigate a traditionally male-dominated field was one of the biggest challenges in her own career. “To overcome this challenge, I have worked hard to network, resulting in allies and mentors who have helped lift me up and pushed me in the right direction when I had doubts about my skills. It is now a personal mission of mine to pay it forward and offer this same advice and support to others.”

Working in the industry

Lindblom obtained her bachelor’s degree in computer science and software engineering with an emphasis in cybersecurity from the University of Washington. She then spent another year completing a master’s in engineering in cybersecurity policy and compliance while taking up her current role in Salesforce.

“There are so many subsections of cybersecurity, which means many different skillsets and personalities are valued and needed,” she said. “Some great skills to have include understanding a basic level of network security and constantly having a drive to learn, research and develop new skills as the landscape evolves more.”

She said being a team player is also extremely important, as well as having patience. “Things will break, repeatedly, and users will continue to make mistakes, over and over. Security is a shared responsibility.”

‘There are so many subsections of cybersecurity, which means many different skillsets and personalities are valued and needed’

When it comes to working in the industry, Lindblom said that networking and constantly learning are important. “Connecting with those in the field can help you narrow down on areas of cybersecurity that appeal to you most. You don’t have to be a programmer or bug hunter to work in cybersecurity. Use your network to learn about all of the different areas and find a mentor, or two, to help guide and connect you with others,” she said.

“Cybersecurity is a constantly changing landscape, which keeps you challenged every day.”

Want stories like this and more direct to your inbox? Sign up for Tech Trends, Silicon Republic’s weekly digest of need-to-know tech news.

Jenny Darmody is the editor of Silicon Republic