Women Reshaping The Cybersecurity Industry: Amanda Kane Of Guidehouse On The Five Things You Need To Create A Highly Successful Career In The Cybersecurity Industry

An Interview With David Leichner

Willingness to learn — the cybersecurity space is quickly evolving and there are all kinds of different technologies and offerings for protecting organizations employees and external users. With career with identity management has served as a jumping off point to work with others and learn about zero trust architecture, data protection, asset intelligence, supply chain risk management, and more.

The cybersecurity industry has become so essential and exciting. What is coming around the corner? What are the concerns we should keep an eye out for? How does one succeed in the cybersecurity industry? As a part of this interview series we had the pleasure of interviewing Amanda Kane.

Amanda Kane is Partner at Guidehouse within the Cybersecurity practice, specializing in identity and access management (IAM). Amanda has over 15 years of experience in Federal consulting, supporting clients with IAM policy, strategy, and implementation. Her goal is to collaborate with clients and teammates to bolster an organization’s security posture by advancing cybersecurity capabilities and / or establishing new and innovative solutions.

Thank you so much for doing this with us! Before we dig in, our readers would like to get to know you a bit. Can you tell us a bit about your backstory and how you grew up?

I grew up in Northern Virginia and received my degree in Business Administration from Washington & Lee University and a Master’s in Management of Information Technology from University of Virginia. My dad retired from the military when I was a child and had a second career as a contractor for the Federal government and I have two older siblings that also have pursued work in technology and consulting. I’m also very proud of the fact that I was a college athlete, playing women’s basketball, where I attribute my work ethic and focus on teamwork.

Is there a particular book, film, or podcast that made a significant impact on you? Can you share a story or explain why it resonated with you so much?

I’m a fan of Brene Brown’s audiobooks and podcasts. I think there is a perception of a business mode that can sometimes lack empathy and vulnerability. When in reality, those same traits can influence your decision-making, leadership, and team-building in the workplace.

I also often go back to the saying that the things that scare you the most, or are the hardest, are the ones worth doing. It’s usually associated with doing something new or risky, but often also has the highest reward. It’s something I reminded myself of when I was looking to change jobs and something I continue to think about as my role has evolved.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

I got really lucky in that I had an internship between junior and senior year of college that was based on a Federal project related to cybersecurity and identity management. At the time, I was thrilled to have a business-oriented internship but reflecting back and growing up in the late 90s/early 2000s, there was already cyber and digital innovation happening all around me. I’m of the era of AOL Instant Messenger and Napster — technologies that quickly raised questions about security and copyrights and changed the game for how online applications operate today.

Are you working on any exciting new projects now? How do you think that will help people?
I’m working on several projects with the Federal government for modernizing the cybersecurity tools that protect the nation’s critical assets. In addition to developing strategies for our clients, my teams are implementing leading edge tools that support identity and credential management, secure authentication, and zero trust architectures.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry seems so exciting right now. What are the 3 things in particular that most excite you about the industry? Can you explain or give an example?

Three things that I find exciting in the industry today are:

1. Mobile IDs/Vetting — I’m seeing increased interest in how mobile identification and vetting technologies can be used to enhance both security and the user experience, for instance, in a mobile driver’s license.
2. Supply chain risk management — I’ve been learning a lot from my colleagues on how this and monitoring services help organizations to identify, analyze and mitigate supply chain risks and ensure continuity of operations.
3. Open standards-based technologies — my teams are implementing more and more tools with open standards technologies that leverage common coding languages and application programming interfaces (APIs) and allow for easier integration across tools in an enterprise.

What are the 3 things that concern you about the Cybersecurity industry? Can you explain? What can be done to address those concerns?

1. Phishing — I continue to see these types of incidents where emails or texts are used to obtain personal or financial information from an individual thinking it’s a legitimate request. Users should not click on links from unknown senders or from requests that look suspicious (misspelled words, etc.)
2. Mobile phone security — today’s smartphones are a strong piece of digital technology in the hands of users with varying levels of understanding of cybersecurity best practices, making it an easy target for cybercrime. Users should utilize security controls such as strong passwords, biometrics, or multi-factor authentication when accessing phone apps that might have sensitive data.
3. Malware — Similar to phishing, malware is a type of software used to target data or information from a computer or network. Organizations should look at endpoint and network security monitoring tools that will help identify access vulnerabilities or anomalies.

Can you share how you are helping to reshape the cybersecurity industry?

I’m working with several large public sector clients on modernizing their cybersecurity and identity management platforms through innovative technology tools, business process optimization, and change management.

As products, devices and vehicles become connected, this is creating a new and emerging threat vector. How do you think manufacturers and their customers should prepare to be as safe as they can be?

I think there is joint responsibility for both manufacturers and customers. For manufacturers, there is responsibility to have mechanisms for safeguarding and protecting the privacy of customer’s information. This comes in the form of account management (passwords, tokens), data management (retention, protecting personally identifiable information), and network management (device and vulnerability scanning). For customers, there is more of an educational responsibility, to know what of their information is being collected and for what purpose, and how to identify scams and phishing attempts.

Can you share a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?

I have not been directly involved in fixing or stopping a cybersecurity breach. Much of my work has focused on identity management: that ensures the right people have the right access to the right resources at the right time. My teams are implementing tools that put additional security controls and policies in place to help prevent cyber breaches.

As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a layperson can see or look for that might indicate that something might be amiss?

Most definitely and this relates back to my earlier comment about customer education on cybersecurity. A few examples include:

• Account sign-in activity from IP addresses in other countries. I’ve had this happen with my Netflix and take the opportunity to change my password.
• Anonymous emails or text messages about bank accounts or payments that require your attention. These emails often come from addresses with spelling errors or look like an email account you know.
• Unprompted requests for you to download software or files to your computer. This is a common tactic for malware to be installed for viruses or unauthorized data capture.

After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?

Companies should consider how to enhance their cybersecurity tools, revamp business processes, and/or educate employees and consumers. Some common guidance would be to:

• Review cybersecurity policies and tools for gaps and improvements.
• Provide additional cybersecurity training to employees and consumers.
• Utilize strong passwords or other tokens as needed to protect data.

What are the most common data security and cybersecurity mistakes you have seen companies make? What are the essential steps that companies should take to avoid or correct those errors?

I commonly see investment in individual solutions without a comprehensive cybersecurity strategy in place. There is not a “one-size-fits-all” solution and it can be easy to focus on particular use cases and problem sets without taking a bigger picture view. Organizations should also consider that cybersecurity challenges are a combination of people, processes, and technologies. I recommend the following to support a stronger cybersecurity posture:

• Evaluation of existing solutions for effectiveness and adaptability to the new strategy.
• More coordination between stakeholders or lines of business on an organization’s strategic goals as it relates to cybersecurity technologies and business processes.
• Creation of an acquisition strategy to support ongoing or new solutions that will require additional budget or investment.

Thank you for all of this. Here is the main question of our discussion. What are your “Five Things You Need To Create A Highly Successful Career In The Cybersecurity Industry?

1 . Willingness to learn — the cybersecurity space is quickly evolving and there are all kinds of different technologies and offerings for protecting organizations employees and external users. With career with identity management has served as a jumping off point to work with others and learn about zero trust architecture, data protection, asset intelligence, supply chain risk management, and more.

2 .Collaboration & Teamwork — I’ve worked as part of teams throughout my entire career and collaboration is a huge part of the corporate culture at Guidehouse. The role I took when I joined the company, allowed me to work on cybersecurity projects across industries and segments and support a lot of different missions.

3. Network — I’ve expanded my network tremendously over the years through school, my colleagues, professional organizations, solution vendors, and clients. You truly never know how your career might change and how your professional network will play a role.

4 .Advancement of Technology — staying in tune with technology and the advancement of cybersecurity tools gives you point a view on new and upcoming solutions. I recently was cleaning my storage closet and came across my first iPhones, iPods and Blackberrys. It really put into perspective how far we’ve come today, to a single device that uses biometrics for security, connects to the internet and email, and stores music in addition to normal phone functionality!

5 . Read the News — I get a lot of my news online, but however you get it, I find that its helpful to see the overlap of technology and digital security, with current events around the world. My favorite examples are in pop culture, like when cyber bots impacted concert ticket availability 😊

We are very blessed that very prominent leaders read this column. Is there a person in the world, or in the US with whom you would like to have a private breakfast or lunch, and why? He or she might just see this if we tag them :-)

I’d be interested in meeting Kevin O’Leary and talking about the show Shark Tank. I’m a frequent user of several products that took off from that show — The Bouqs flower subscription, Bombas socks, and the kitchen Scrub Daddy.

Thank you so much for these excellent stories and insights. We wish you continued success in your great work!

About The Interviewer: David Leichner is a veteran of the Israeli high-tech industry with significant experience in the areas of cyber and security, enterprise software and communications. At Cybellum, a leading provider of Product Security Lifecycle Management, David is responsible for creating and executing the marketing strategy and managing the global marketing team that forms the foundation for Cybellum’s product and market penetration. Prior to Cybellum, David was CMO at SQream and VP Sales and Marketing at endpoint protection vendor, Cynet. David is a member of the Board of Trustees of the Jerusalem Technology College. He holds a BA in Information Systems Management and an MBA in International Business from the City University of New York.