Proper vendor risk management is important as you look at any of the parties you trust. For example, we use AWS at Assent — and any third party that we use in our products, or the delivery of our products needs to be embedded, monitored, and audited to ensure proper security is in place.
Supply chain security is a critical aspect of the manufacturing industry. With numerous suppliers and partners involved, the potential for security risks is high. How do product security managers ensure supply chain security? How do they identify and address potential risks associated with suppliers and partners? As a part of this series, we had the pleasure of interviewing Krystal Cameron.
Krystal Cameron leads the product management team at Assent, a global leader in supply chain sustainability management solutions. Krystal has been with Assent for 13 years and was the founding member of the customer management team at Assent. This has allowed Krystal to bring a deep understanding of customer needs and develop successful partnerships and solutions to meet them. She launched the Product Executive Advisory Board initiative, which enables key customers to work with product management to align on Assent’s product roadmap. As Vice President of Product Management at Assent, in addition to being responsible for the product vision, strategy and roadmap, Krystal collaborates across the product organization to build an empowered team that consistently strives to improve its methodologies, including agile principles and continuous discovery.
Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?
I was born and raised in Edmonton, Alberta, with divorced parents and four siblings across the two families. I grew up playing high-level soccer and hockey — and as I am sure many folks who have played sports have noted, this created a foundation for understanding the importance of teams and discipline to balance all the time commitments necessary to be successful.
I loved school, and was a geek long before being a geek was cool. I had amazing teachers who helped me develop a lifelong love for reading and learning and an appreciation for the sciences. I was fortunate to get a job as a teenager with a bursary program to help me pay for my education so I could stay for 7 years, learning a tremendous amount about the business and gave me my first people management opportunity. This taught me some essential lessons in leadership and decision-making.
Is there a particular story that inspired you to pursue a career in supply chain software? We’d love to hear it.
To be honest, I never expected to work in software at all! I graduated with my degree in physical and biological sciences and spent the last half of my education focusing on environmental science — which was relatively new then. While this education would serve me well down the road, it wasn’t enough to work in those fields. I began working as front-line chat and telephone support for a tax software company and when the tax season was over, moved into technical support, which began my true experience in technology.
My work at Assent allows me to meld an understanding of substances in products, my chemistry background, and the use of software to make the world a better place. I joined Assent as the sole person responsible for the customer side of the business. And, as many people know, your official title doesn’t matter when working in a startup. You wear a ton of hats, and you must be an excellent problem solver.
When I moved from customer success to the product side of the business, I started in operations and didn’t even know what product management did! But I had a manager who firmly believed that my background, experience, and knowledge of the business, meant I was the right fit for a product management role.
Can you share the most interesting story that happened to you since you began this fascinating career?
When I moved to Ottawa to start my new life with my family, I had to restart my career. I stumbled upon an organization helping companies gather information from their suppliers regarding the presence of dangerous substances in their products (the European REACH Regulation and RoHS Directive). I was already aware and cared quite a bit about environmental issues but I needed exposure or awareness of complex manufacturing and the product compliance regulations this industry faces.
Then, a former colleague (one of Assent’s founders, Jon Hughes) connected with me because he needed someone to support customers at his new company, Assent. This role enabled me to expand my work with customers, advise manufacturers across North America and Europe, learn about new regulations, and continue to drive change in an area of business that most of the world does not realize exists.
As new regulations emerge around various ESG (Environmental, Social, Governance) topics, we can support manufacturers in data gathering across numerous areas they may not be aware they’re responsible for. This enables companies to make informed decisions to improve their supply chains and help make the world a better place.
You are a successful leader. Which three character traits do you think were most instrumental to your success? Can you please share a story or example for each?
This is a great question, and to be completely honest, it is always challenging to reflect on your success. I think so often of the folks around me who have contributed to where I am today far more than anything else. When I dig into this, I frame it to include the things I am proud of in my personal life as much or more than my professional life. My wife and my children have taught me so much that has made me a better person and leader.
- Willingness to change: This is also a willingness to learn. This is crucial to successful relationships and leadership. My eldest son is determined and passionate about things I know nothing about; he has always carved his own path, which I respect immensely. The building of this relationship, in parallel with my development at work, has forced me to change my approach to interactions in innumerable ways, enabling me to build relationships and lead differently depending on the person and the room I am in.
- Passion: A trait I respect immensely in people and the only way I know how to approach my life. For anyone who has been part of a startup, you know there can be some very challenging days with so many different phases a company goes through. Along the way, Assent continues to attract people who care. I don’t mean this tritely. I am surrounded by folks who are genuinely passionate about their teams, solving problems, doing a good job, building something incredible, and about our customers. Working with individuals who are enthusiastic about our work can mean carrying a burden when things are not going well. Their stress and level of care have a heavy impact in those times. However, I wouldn’t have it any other way. Those are the folks you know in the trenches you can lean on, which can be exceptional.
- Patience: I am not a patient person by nature. Having sons means you either learn to roll with the punches, pick your battles (choosing the outcomes you aim for and not sweating the small stuff), and calmly repeat and re-message or live in misery. This is similar to what I need in my professional life and helps me to know where I need to expend my energy.
Are you working on any exciting new projects now? How do you think that will help people?
Assent has always viewed suppliers differently. In the supply chain sustainability space for complex manufacturers, suppliers are bombarded, overwhelmed, and fatigued by trying to keep up with changing regulatory requirements and customer requests. While Assent has always provided significant supplier support, we are working to bring things to a whole new level. This will enable us to get unparalleled visibility into the supply chain and help achieve our mission to make the supply chains of complex manufacturers deeply and durably good.
Are there any regulatory frameworks or industry standards that address the importance of supply chain integrity in the manufacturing sector? How can organizations align their practices with these standards to enhance product security?
There are a lot of frameworks for manufacturers to consider, especially regarding vendor management. The ISO 27001 framework provides a guide for organizations to protect their information systematically and cost-effectively. By achieving ISO 27001 certification, manufacturers and vendors alike can demonstrate their commitment to data and information security.
In my work at Assent, we put in place suggested policies, procedures, and controls for our vendors to ensure they meet or exceed our security policies, thus mitigating security risks. For additional confidence, organizations can undergo third-party validation and receive audit results such as a Soc II Type 2 report. Many regulatory frameworks like these have special sections for vendor management, which is especially important for manufacturers with complex global supply chains.
How does the concept of traceability tie into ensuring integrity in the manufacturing supply chain? What role does it play in identifying potential security breaches or vulnerabilities?
Traceability is crucial to maintaining integrity and security across the manufacturing supply chain.
As supply chains grow more complex around the world, manufacturers must be able to understand the activities across their supplier network. To do this, they must collect large amounts of data from potentially thousands of suppliers, spanning different countries, languages, and relationships. They also need to confirm that the information they collect is accurate and can be validated.
At Assent, we are helping our customers create a streamlined supplier engagement ecosystem that allows them to achieve deep visibility into their supply chains. When manufacturers have complete visibility, they can see where the risks and vulnerabilities lie within their network. It can also help them understand where to make further investments or security improvements.
Are there any emerging trends or technologies in the manufacturing sector that can help enhance product security and supply chain integrity? How can organizations leverage these trends to stay ahead of potential threats?
I see the growing importance of identity and access management policies ensuring that the right users access appropriate technology and resources. The industry is experiencing many emerging threats related to weaknesses in access and identification. To get ahead of it, manufacturers should invest in secure authentication technology and employee training to add a layer of risk mitigation. Ensuring vendor and supplier networks use similar tools or policies will also help manufacturers evade the growing volume of bad actors.
Ok, thank you. Here is the main question of our interview. What are the “5 Things We Must Do To Ensure Product Security in the Manufacturing Sector?” and why?
1. Allocate the proper resources and people for a company’s scale. For example, as Assent continues to grow, we’ve made key hires, such as adding a Chief Information Officer, to ensure both proper oversight at an executive level and dedicated resources to cybersecurity.
2. Internal standards are essential for maintaining operational excellence, but committing to upholding external standards is equally crucial. At Assent, we go the extra mile by adhering to internal guidelines and obtaining and upholding the Soc 2 Type II certification and rigorous annual auditing processes. This dedication demonstrates our unwavering commitment to ensuring our customers’ the highest level of security, privacy, and trust.
3. Penetration testing and vulnerability assessment are super important in ensuring systems and networks are secure and strong. By simulating real-world attacks and finding weaknesses, organizations can stay on top of potential issues, beef up their defenses, and protect essential assets from threats. These proactive measures keep sensitive information safe and ensure a company’s cybersecurity approach is solid overall.
4. Security is crucial in today’s digital world, especially in the development processes. It’s all about having strong security measures to protect sensitive data and systems from potential risks. By following industry best practices and regularly checking security, organizations can lower the chances of cyber-attacks and maintain the integrity of their software development. Making security a top priority in development processes is critical to keeping valuable assets safe and earning customer trust.
5. Proper vendor risk management is important as you look at any of the parties you trust. For example, we use AWS at Assent — and any third party that we use in our products, or the delivery of our products needs to be embedded, monitored, and audited to ensure proper security is in place.
You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. :-)
That is a tough ask; with the current economy and the cost of living that we are all struggling with, I would ask that we all do everything we can to support companies looking to be good organizations, by making safe products in safe ways, to help make the world a better place.
How can our readers further follow your work online?
You can reach me via LinkedIn https://www.linkedin.com/in/krystal-cameron-0407a52b/ or visit the Assent website and contact us to learn more: https://www.assent.com/
This was very inspiring and informative. Thank you so much for the time you spent with this interview!
About The Interviewer: David Leichner is a veteran of the Israeli high-tech industry with significant experience in the areas of cyber and security, enterprise software and communications. At Cybellum, a leading provider of Product Security Lifecycle Management, David is responsible for creating and executing the marketing strategy and managing the global marketing team that forms the foundation for Cybellum’s product and market penetration. Prior to Cybellum, David was CMO at SQream and VP Sales and Marketing at endpoint protection vendor, Cynet. David is a member of the Board of Trustees of the Jerusalem Technology College. He holds a BA in Information Systems Management and an MBA in International Business from the City University of New York.