In many enterprises, the CISO reports to the CIO, and occasionally you find a CIO who reports to the CISO. But Venafi's Tammy Moskites holds both roles. How does she manage the natural tension between technology and security?
"The benefit [of wearing both hats] is that I just have to ask myself for money, and I can say yes," jokes Moskites, who joined the security vendor in 2014 after spending 25 years in leadership roles at such organizations as Time Warner Cable and The Home Depot. But she does acknowledge the true challenge of ensuring that security is built into all of the technology solutions Venafi develops.
"We're fortunate in the sense that Venafi doesn't have tens of thousands of employees," Moskites says. "I'm able to, right away from the beginning, get things done the right way - making sure security is in the beginning of project management. With larger organizations, security was more of a 'Let's check it at the end of development,' and then you have to back-fit security or controls."
In this interview, part of Information Security Media Group's Executive Sessions series of in-depth conversations with security industry leaders, Moskites talks about her career and some of the lessons that security and technology leaders can draw from recent high-profile data breaches.
One of the big lessons is that organizations must make greater efforts to secure fundamental elements such as user IDs, passwords, digital certificates and cryptographic keys. "Keys and certificates are the foundation of our Internet," Moskites says. "[They form] that trust factor - the ability to know who you're doing business with ... is known and trusted."
Moskites also discusses lessons she's learned in her career, and one of the biggest is: Delegate.
"I tried to do a lot of things myself early on in my career because I always felt I had to prove myself," she says, owing, in part, to being one of the relatively few women in IT and security. "I've learned very humbly over the years that there are people who are a lot smarter than me and can do it a lot better."
In this exclusive interview (see audio link below photo), Moskites discusses:
- Natural tensions between CIO and CISO roles;
- The latest attacks on cryptographic keys and digital certificates ;
- Her advice to the next generation of IT and security leadership.
As CIO and CISO, Moskites helps Venafi's clients fortify their strategies to defend against increasingly complex and damaging cyberattacks targeting the trust established by cryptographic keys and digital certificates. Her professional experience, leadership and domain expertise enables her to help fellow CISOs defend their organizations.