Wisdom From The Women Leading The Cybersecurity Industry, With Terri Davies of the Motion Picture Association’s Trusted Partner Network

Trust Your Gut. It takes confidence to action something based on whether it “feels right or not.” I think that, as women, we are often too embarrassed to admit the lack of empirical data for fear of being judged as emotional. It is generally acknowledged that women lean more towards intuition and reading others’ emotions, whereas men tend to rely on deliberative thinking. Based on personal experience, when I’ve gone against my better judgement, or taken actions that did not feel right, they have usually resulted in mistakes being made.

The cybersecurity industry has become so essential and exciting. What is coming around the corner? What are the concerns we should keep an eye out for? How does one succeed in the cybersecurity industry? As a part of this interview series called “Wisdom From The Women Leading The Cybersecurity Industry”, we had the pleasure of interviewing Terri Davies.

Terri began her distinguished career in the Media and Entertainment industry in London, in the field of post-production. After joining Columbia TriStar Home Video (acquired by Sony Pictures), Terri and her family relocated to Los Angeles, California, one of the core entertainment hubs and capitals of the entertainment industry. Her numerous successes in developing teams, driving revenue, and building market share, culminated in an Executive Vice President role responsible for Sony Studio’s global post-theatrical mastering and distribution of movie and TV assets. Terri is now President of the Trusted Partner Network (TPN), a global, industry-wide film and television Content Security initiative that is wholly owned by the Motion Picture Association. With the goal of building a more secure future for Content Partners and their Service Providers, Terri is responsible for leading the TPN program, raising security awareness, preparedness, and capabilities in order to keep pace with the rapidly evolving technology and ever-changing M&E industry landscape.

Thank you so much for doing this with us! Before we dig in, our readers would like to get to know you a bit. Can you tell us a bit about your backstory and how you grew up?

I was born in Jamaica to English parents who at that time were teaching in Clarendon Parish in the central Jamaican mountains at a progressive co-ed day and boarding school. We moved back to the UK when I was a young child, where I grew up in Somerset, southwest England. Both my parents worked at Millfield, an independent English boarding school, known for its excellence in all-round education, which my brothers and I were all fortunate enough to attend as well. Being immersed in such a diverse, culturally rich, and international environment during my childhood helped develop my excitement for travel and can-do approach to life, where I was always seeking opportunities for exploration and discovery. I credit my parents and peers for this as I still accept and see challenges as opportunities for growth — both personally and professionally.

After completing my Bachelors in Humanities, I moved to London in pursuit of adventure and excitement. I had vague aspirations in journalism or PR, since I enjoyed writing, yet had no strong draw to any specific career. After graduating, my first job was as a receptionist, at a post-production company based in Soho, London. Within weeks, I was hooked to the media and entertainment industry, as well as the vibrancy of Soho. I truly wanted to be a part of an industry that was creative, team-orientated, technology-forward, and producing content that captivated audiences around the world.

Is there a particular book, film, or podcast that made a significant impact on you? Can you share a story or explain why it resonated with you so much?

Does music count? Growing up, my dad was a HUGE jazz fan, and by default we were too. My dad’s vinyl collection was impressive; even our family pets were tributes to the greats, with our dogs being named Duke Ellington, Count Basie, Peggy Lee, and Lady Day.

My favorite is and probably always will be Frank Sinatra Live at the Sands 1966 My children know every note and nuance of the album, and it’s still something we fondly play when we’re together as a family.

This album was recorded live in Las Vegas, when Frank Sinatra was at the height of his career. Accompanied by Count Basie’s Orchestra and Quincy Jones, he banters with the audience, joking about the rest of the rat pack. To my English ears, he is so confident and cool, and I would have loved to have sipped cocktails with him on the Vegas strip!

Years later, jazz still plays a large part in our lives. My daughter, Billie, proudly refers to her namesake as an homage to Billie Holiday. Charlie, my son, with the middle name “Ray,” good naturedly rolls his eyes whenever he explains the connection to Ray Charles.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

On Monday, November 24, 2014, a group identifying itself as “Guardians of Peace” leaked confidential data from Sony Pictures, which included personal information about Sony Pictures employees, their families, emails between employees, information about executive salaries at the company, copies of then-unreleased Sony films, plans for future Sony films, scripts for certain films, and more.

During the three months that followed, I navigated my team and service provider / vendor partners through a business continuity plan to ensure that operations were maintained, assets were protected, and customers received their deliveries on time. It was the most emotional and challenging experience of my career as, not only was the business affected in the most devastating way, but we were also all personally impacted.

The economic impact of piracy and data leaks is massive, and it goes beyond the loss of revenue; it causes job losses, illegally downloaded content steals global bandwidth, and violates the many people involved in the content chain, not to mention violating copyright laws.

Eight years after the Sony Pictures hack, I assumed the role of President of the Trusted Partner Network for the Motion Picture Association, which is the leading content security program in our industry. I am passionately dedicated to raising security standards to protect content, one of most precious assets in the media industry.

Can you share a story about the funniest mistake you made when you were first starting? Can you tell us what lesson you learned from that?

I can share a mistake I definitely learned from, although it certainly wasn’t funny. For many years, the media and technology industry has been male dominated and was quite intimidating for me as a young woman building my career in operations. I found myself behaving in ways that would minimize my presence, performing very traditional female duties such as ordering lunch and taking notes, and often shrugging off bad behavior, and inappropriate conversations in the workplace. Regardless of my patterns of behavior, I found myself being promoted within the organization, since my results spoke for themselves.

In the early 2000s, as companies were beginning to understand the importance of diversity in the workplace, I was invited to speak to a small women’s group sharing my career experiences and successes. During the workshop, I shrugged off my achievements with a “being in the right place at the right time” comment and I was quickly reproached by women at the event who reminded me to own my achievements. They reminded me that I had a responsibility to lead as a role model, helping guide other women as well as the next generation coming forward. Their reaction and passion surprised and humbled me, reminding me to stand a little taller with more assertiveness and leadership. My next experience speaking with women about their career goals and trajectory was quite different. When asked to speak about the success of women in a traditionally male-dominated environment, this time I spoke with more candor and honesty, which resulted in a grateful and appreciative audience.

An obvious turning point for me, I came to understand that I could and should articulate and champion the unique skill sets that women contribute. Following these experiences, I participate in many women’s groups, mentoring younger women, actively seeking out opportunities to share my lessons learned.

Are you working on any exciting new projects now? How do you think that will help people?

I was hired last year by the Motion Picture Association to refresh their TPN content security initiative. There was a great deal of work and strategy required to make the program more relevant and accessible to stakeholders in the industry. This has been an exceptionally exciting time for me — including all the challenges that my team and I have faced.

I take great pride in the work our team has accomplished. We relaunched the TPN program earlier this year to accommodate and include new core elements that address where the industry and related technology and services stand today. By doing so, we have increased our scope to include many more aspects of the content supply chain that must be configured and managed to keep content safe.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry seems so exciting right now. What are the 3 things in particular that most excite you about the industry? Can you explain or give an example?

Previously, I felt that security was often viewed by companies as a necessary evil and not treated as a priority. With the proliferation of cybersecurity attacks on an almost daily basis, and therefore the attention it is receiving from the media, cybersecurity is now quickly becoming a priority for C-level executives within companies (e.g. CEO, CFO, CTO etc.).

The growth of AI technology will increase the sophistication of threats and the people designing and performing the cybersecurity attacks are continuing to become more creative and devious. Yet, I am also excited about how the increased implementation of advanced machine learning and other AI techniques can also help in identifying and responding to threats.

According to the Center for Internet Security (CIS), 594 million people are affected globally by cybercrime each year and last year we witnessed a tremendous push on the need for training, multi-factor authentication (MFA), and employee education around phishing.

It’s an exciting time for me because I feel as if the world is finally understanding and appreciating the critical importance of cybersecurity, with new tools, techniques, and approaches to help keep personal and business data safer.

What are the 3 things that concern you about the Cybersecurity industry? Can you explain? What can be done to address those concerns?

As important as standards and standard operating procedures are in the cybersecurity industry, I think they can sometimes be perceived as overly jargonistic, opaque, complicated, and often bureaucratic. Unfortunately, this may result in senior management tuning out the noise and therefore de-prioritizing the importance of security.

At TPN, we have spent the last year transforming the content security program to be greatly simplified, transparent, inclusive, and accessible. We have also worked hard to match our control framework with other frameworks to help our members leverage pre-existing investments in alternate security solutions.

We are witnessing rapid growth in security compliance automation and monitoring platforms that leverage artificial intelligence, deep learning, and machine learning for companies to maintain continuous compliance with the most popular frameworks. This will help security become more accessible, and my hope is that AI and ML will eventually (once the AI hype can meet our expectations) contribute to simplifying processes, improve efficiencies, and mitigate risk.

Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for? Can you explain?

Artificial Intelligence (AI) will undoubtedly pose a greater risk as unsavory characters deploy this technology to improve the sophistication of phishing, or misrepresent content or greater privacy issues, for instance. Employee education, training, and testing is critical, and every company must invest in programs that successfully engage their employees so they can spot a phishing email or text, comply with multi-factor authentication (MFA) requirements, ensure their software is using the latest updated version and so on.

Job cuts are up nearly 400% this year, approaching levels not seen since the early pandemic in 2020. Layoffs in the tech industry represent 38% of all jobs cut, making it by far the hardest-hit sector. If those layoffs occurred in the cyber or content security groups, there is a danger that a company’s focus may shift away from the critical topic of security, which requires regular vigilance and management.

Can you share a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?

The Sony Pictures hack remains the biggest and most impactful experience I have had with a cybersecurity breach.

It is a constant reminder that every company must prioritize the importance of cybersecurity and put in place a business continuity and disaster recovery plan.

What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?

We use multi-factor authentication (MFA) for identity management, on a daily basis. This multi-step account login process requires users to enter more information than just their password. Along with the password, they might be asked to enter a code sent to their email, answer a secret question, or scan a fingerprint.

As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a layperson can see or look for that might indicate that something might be amiss?

In the instance of receiving a file unexpectedly or from an unknown sender, good advice for a layperson would be to not click on the link or attachment, nor respond in any way. Unexpected or suspicious emails, text attachments or links should never be opened as doing so may execute a disguised program (malware, adware, spyware, virus, etc.) that could damage or steal data. If in doubt, one could always call the sender to verify, or consult with IT support staff.

After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?

The U.S. Federal Trade Commission (FCC) has published a comprehensive data breach response guide for businesses: https://www.ftc.gov/business-guidance/resources/data-breach-response-guide-business.

If a security or data breach occurs, a company should move quickly to:

• Secure its operations
• Fix identified vulnerabilities
• Notify appropriate parties of the breach

What are the most common data security and cybersecurity mistakes you have seen companies make? What are the essential steps that companies should take to avoid or correct those errors?

Lack of preparation and denial that a data or security breach could ever happen to them is serious oversight. Many mistakes can emanate from this denial such as lack of employee training and awareness, neglecting software updates, and falling for common cyber-attacks.

Let’s zoom out a bit and talk in broader terms. Are you currently satisfied with the status quo regarding women in STEM? If not, what specific changes do you think are needed to change the status quo?

According to the American Association of University Women (AAUW), women make up only 28% of the workforce in science, technology, engineering, and math (STEM) occupations, and men vastly outnumber women majoring in most STEM fields in college. The gender gaps are particularly high in some of the fastest-growing and highest-paid jobs of the future, including computer science and engineering.

Gender stereotyping, imposter syndrome, lack of strong female role models and underrepresented women in the STEM workforce, and male-dominated cultures contribute to this inequitable crisis.

Today’s young women are digital natives, and while they instinctively use technology, we must focus on showing them opportunities in STEM areas. Billie Jean King said, “If you can see it, you can be it.” We can help foster interest in STEM fields by showcasing industry representation and female role models to students when they are starting to explore their interests and the careers they wish to pursue.

Women in the science, engineering, and technology fields often report feelings of isolation, hostile male-dominated work environments, and a lack of effective sponsors. These factors and lack of mentorship can cause them to leave the industry. Companies and industry associations should provide mentoring opportunities for female STEM employees to connect with other successful women in their industry. This includes committed recruitment companies to address the gender gap.

What are the “myths” that you would like to dispel about working in the cybersecurity industry? Can you explain what you mean?

I have often heard that to have a successful career path in the cybersecurity industry, one should be left brained orderly, logical, precise, living in spreadsheets, and highly organized. While these are extremely important qualities, the industry also needs right-brained proficiencies including communication, interpersonal and problem-solving skills, and team members who can navigate through structural ambiguity.

My experience in this industry is that everyone benefits from whole brain thinking; a mix of analytical and structured thinking as well as social and conceptual contributions are needed.

Thank you for all of this. Here is the main question of our discussion. What are your “5 Leadership Lessons I Learned From My Experience as a Woman in Tech” and why? (Please share a story or example for each.)

Imposter Syndrome Is Real. For many women, feeling like a fraud, attributing your success to luck or being embarrassed about acknowledging your own success is most often the result of systemic bias and exclusion. I spoke about my own imposter syndrome in an earlier question, although I didn’t recognize it as such at the time. As women in tech and STEM, we, along with our allies, can help each other manage imposter syndrome by supporting and encouraging one another to own our achievements rather than just brushing off praise, and celebrating our successes. I am in my tenth year of mentoring at the USC Marshall School of Business. Whenever the topic of imposter syndrome comes up, the young women in my group sit up straighter, nod in agreement, and usually follow up with me afterward as the topic they most want to discuss and seek help with. It’s so important to provide a protected space for young women in STEM to learn through shared experiences, and for those of us with more experience, it is such a privilege to be able to provide feedback, support, and guidance to the women who will follow.

Trust Your Gut. It takes confidence to action something based on whether it “feels right or not.” I think that, as women, we are often too embarrassed to admit the lack of empirical data for fear of being judged as emotional. It is generally acknowledged that women lean more towards intuition and reading others’ emotions, whereas men tend to rely on deliberative thinking. Based on personal experience, when I’ve gone against my better judgement, or taken actions that did not feel right, they have usually resulted in mistakes being made.

Trust But Verify. It is important to demonstrate trust in your team, colleagues, and business partners, and equally important that prudence and common sense do not cause you to blindly accept information. I learned this hard lesson early on in my career when one of my internal teams was responsible for a large software development project. At each weekly check-in, the updates were anecdotal and vague, which gave me the sense that something wasn’t quite right. Since I didn’t want to appear unsupportive or to cause any embarrassment, I failed to ask for supporting proof that the project was on track. Subsequently, the project derailed, and it was a scramble to get it back on track before we missed our budget and deadline. Since then, my approach has always been to trust but verify. I now firmly, but kindly, require tangible status and information while still demonstrating confidence in the person, team, partner, or company giving the updates.

Progress Over Perfection. Throughout my career I have been responsible for delivering large transformation initiatives. Nearly all have had critical deadlines, dependencies, budget constraints, and change management components. While it is vital to plan for long-term outcomes, I have had the most success by understanding that the best outcomes are a result of what we learn on the journey. This is especially true in the STEM world where many of us are building software, processes, or business models that have no precedent and in industries that move at lightning speed. It is therefore important to avoid boxing yourself in by striving for perfection. I always invite people to remain flexible and open-minded. You will learn more along the way, and ultimately provide a better long-term deliverable.

Fail Fast. Managing progress over perfection and trying something new can sometimes lead to mistakes and failures. The important thing is to understand why the failure occurred, to course correct swiftly, to ensure the mistake isn’t repeated and avoid creating a blame culture. Creating an environment where teams understand that failure is an acceptable part of continuous improvement and forward momentum, can be a terrific learning aid as you move toward your north star.

We are very blessed that very prominent leaders read this column. Is there a person in the world, or in the US with whom you would like to have a private breakfast or lunch, and why? He or she might just see this if we tag them :-)

Michelle Obama has spent most of her adult life striving to make the world a better and more equitable place. She is a role model for women around the world and an advocate for healthy families, service members and their families, and adolescent girls. It would be an honor and privilege to meet her.

Thank you so much for these excellent stories and insights. We wish you continued success in your great work!