Women Reshaping The Cybersecurity Industry: Anne Baker Of Adaptiva On The Five Things You Need To Create A Highly Successful Career In The Cybersecurity Industry

An Interview With David Leichner

Never underestimate the power of sponsorship. Having that sponsorship from people who are in senior leadership positions is critical and some of that takes intentionally reaching out and fostering relationships and getting to know people. I encourage anyone in cybersecurity or tech in general to start forming relationships by asking questions and learning. Be curious about others and learn from those who are making an impact.

The cybersecurity industry has become so essential and exciting. What is coming around the corner? What are the concerns we should keep an eye out for? How does one succeed in the cybersecurity industry? As a part of this interview series we had the pleasure of interviewing Anne Baker.

As CMO, Anne Baker heads Adaptiva’s marketing initiatives worldwide, leading growth programs and driving market awareness of the company’s autonomous endpoint management products. She brings to the company more than 25 years of technology marketing experience at high-growth companies. During her career, she was head of worldwide partner programs at multibillion-dollar analytics and AI company Teradata where she drove go-to-market activities with AWS, Google, and Microsoft as well as the hundreds of partners in the Teradata ecosystem. As general manager of partner marketing at the AI-powered contract intelligence company Icertis, she led the global partner marketing team that spearheaded co-marketing campaigns with companies including Accenture, Adobe, Deloitte, Microsoft, and SAP.

Thank you so much for doing this with us! Before we dig in, our readers would like to get to know you a bit. Can you tell us a bit about your backstory and how you grew up?

My backstory is like so many other women who pursue technology careers: someone believed in me and encouraged me to pursue it. Growing up as a young girl in New York, I knew that I loved math and was trying to figure out what I wanted to do with it. My father was an engineer and he encouraged me to look into engineering as a career. That was nearly 30 years ago, when there were even fewer female engineers than there are now. I am grateful that my parents never hesitated to encourage me to explore traditionally male-dominated fields of study and always pushed me to dream bigger and pursue any career that interested me.

Studying engineering laid the groundwork for what has become decades of exciting work in the technology industry. It made me feel confident to explore and credibly discuss technology innovations in the areas of cybersecurity, AI, and more.

I also feel fortunate that I applied those learnings at companies both big and small. These varied experiences working at rocketship growth companies like Adaptiva and Icertis or large publicly traded organizations like Teradata provided me with a breadth of perspectives and skills. From seeing the rigor, processes, and professionalism of large enterprises to diving into the speed, agility, and innovation of high-growth startups and organizations, I am grateful for the breadth of experiences tech has afforded me.

Is there a particular book, film, or podcast that made a significant impact on you? Can you share a story or explain why it resonated with you so much?

I love movies! They showcase not only the challenges we face everyday but also the dreams that we hope to aspire to. Seeing strong, multidimensional female characters on screen is so important for young girls. Watching a woman be a NASA programmer in Hidden Figures or defeat an Alien on the big screen shows us that women can be smart, strong, and fearless.

In my case, I loved the television series Wonder Woman as a child and I still thoroughly enjoy the new Wonder Woman movies as an adult. Watching women lead with resiliency and confidence on the screen always inspires me to be just as tenacious in my own life — although maybe without the lassos or invisible planes! That’s one of the reasons I got involved with MXW Ventures, a venture fund led by women in technology that is creating movies that promote inclusivity and diverse voices in film. If we see it on the screen then we can believe there is a path to achieve it in real life.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

I didn’t necessarily set out to pursue a career in cybersecurity. Even when I started at Adaptiva it was originally more focused on IT operations than cybersecurity. But as the industry evolved, we saw security operations and IT operations begin to work closely together, and Adaptiva’s product line evolved with it. I started researching and learning about the different trends in the cybersecurity market, particularly around endpoint security. Adaptiva sent me to a Gartner security and risk management event in D.C. and the amount of innovation happening in this space fascinated me. The challenges that security teams face with the amount of breaches, vulnerabilities, and exploits coming from adversaries is incredible.

I remember being inspired at that event about how technology can be used to stop the crimes and negative ramifications caused by cyberattacks and help society as a whole. I am grateful to have the opportunity to work on products and solutions that secure our world.

Are you working on any exciting new projects now? How do you think that will help people?

About 90% of attacks we see today are starting at the endpoint. A lot of investment in the past was focused on identifying those potential vulnerabilities. Now enterprises are shifting from finding to fixing those vulnerabilities at scale. Automation is key to solving that problem, and Adaptiva’s new OneSite Patch product is integrating with leading vulnerability management products like CrowdStrike Falcon Exposure Management to remediate those endpoint vulnerabilities before attacks happen. No one else has connected vulnerability and patch management in an autonomous way prior to this so it’s an exciting project to work on. Giving our customers the ability to quickly prioritize the vulnerabilities that are the most critical and automatically fix them fundamentally revolutionizes the way companies can manage their threat exposure risk.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The cybersecurity industry seems so exciting right now. What are the 3 things in particular that most excite you about the industry? Can you explain or give an example?

There is so much to be excited about in the cybersecurity industry. Number one, there’s a ton of opportunity to automate things that are still being done manually today. The fact that IT operations teams are still having to search the internet for patches for Windows OS and 3rd party applications, manually configure those patches, and then decide how to roll them out means there is a ton of room for efficiency improvements. Automation is going to be the next major step in cybersecurity evolution. The ability to automate those painful manual Security and IT operations tasks is exciting and the potential efficiency gains are great. Look for major advancements happening in the autonomous endpoint management space.

The second key area is the speed factor. Adversaries are getting faster across the board and endpoint vulnerabilities are proliferating at an alarming rate. There were more than 26,000 known vulnerabilities identified in 2023. The mean time to exploit those vulnerabilities was just seven days. The need to move quickly is becoming more and more critical. We need to find ways to enable companies to accelerate their response times to vulnerabilities. Companies should not just react to these vulnerabilities, but get super proactive about how they stay on top of them and prevent them from becoming a huge breach. Every cybersecurity leader needs to be evaluating ways that they can be proactive and respond faster.

Thirdly, AI is evolving and people are finding new ways to apply it to all sorts of different projects and problems. Cybersecurity, in my opinion, is one of the areas in which AI can be the most effective. Using AI to gather information and user sentiment data to better inform decisions can be a powerful way to aggressively pursue speed and automation with the confidence that we are doing so safely.

What are the 3 things that concern you about the cybersecurity industry? Can you explain? What can be done to address those concerns?

Three things that concern me about cybersecurity are 1.) the slow pace with which organizations are managing their risk exposure levels, 2.) the disconnect between Security and IT teams, and the 3.) skill and hiring gap that exists in the space.

To unpack all this, first, we have to respond faster as an industry. This idea of waiting around for certainty before acting that I’ve heard some tech companies and even analyst firms assert is ludicrous — especially when you look at the speed at which adversaries are growing and attacking. Taking a month or more to roll out a patch for a 3rd party application is simply not acceptable when breaches are jeopardizing customer data and customer experience, and costing companies upwards of $100M as well as huge brand reputation penalties. This is why Gartner forecasted that 90% of companies would be adopting patch automation tools by 2025 and listed continuous threat exposure management as one of the top cybersecurity trends for 2024. We have to be faster as an industry and more proactive rather than reactive.

Second, Security and IT teams need to work more closely together. Traditionally, security teams find all the vulnerabilities and then toss them over the wall to IT to fix them. They need to work more tightly. Fortunately, technology has the power to bridge that gap and connect those two teams to make sure endpoint risks are addressed quickly. There are still a lot of companies where Security teams are sending Excel spreadsheets and reports of vulnerabilities over to IT and waiting weeks to see those vulnerabilities remediated. We need a world where humans set the strategies and rules for identifying and resolving vulnerabilities, and then software takes care of the rest. That is the only way we can achieve compliance at scale.

Third, it still takes a lot of people working aggressively to tackle these security challenges — unfortunately, we have a huge employment and skills gap in cybersecurity. According to a ISC2 Cybersecurity Workforce study, the cybersecurity industry still needs four million people to effectively address the risks we have today. And those risks are only going to grow as AI and other technologies make exploitation at scale even easier. We need to find ways to train and hire a wide and diverse group of people to address the new and unexpected vulnerabilities and challenges that lie ahead for us.

Can you share how you are helping to reshape the cybersecurity industry?

Gartner coined this term, “autonomous endpoint management,” and that is where Adaptiva is focused. We are committed to innovating in this space by uniting the AI, machine learning, automation and other technology that’s needed to continually manage and protect endpoints in a way that doesn’t require a ton of manual intervention. We believe autonomous endpoint management is the only way to achieve the speed and scale organizations need to tackle cybersecurity challenges. Adaptiva and our products are dedicated toward ushering in this new era of autonomous endpoint management by automatically delivering patches, software, configuration changes, and vulnerability remediations based on each company’s unique business rules. We are already seeing a surge in adoption for more autonomous products by leading innovators. I predict the mass market will follow en masse over the next two or three years.

As products, devices and vehicles become connected, this is creating a new and emerging threat vector. How do you think manufacturers and their customers should prepare to be as safe as they can be?

With the internet of things (IoT), everything is connected and there are real risks associated with everything becoming an endpoint for attack. It will become more and more critical for manufacturers to reduce risk and safeguard not only their organizations but the people using their products. As more and more products connect to the internet and are potentially penetrable by adversaries and bad actors, it becomes a real responsibility for the manufacturer and, in some cases the employer, to make sure they have the ability to protect the users who are benefiting from their products. There’s a whole story around IoT that we’re barely scratching the surface on. Candidly, most organizations have yet to harden security for their employee desktops, let alone the entire IoT that now presents itself as a huge potential attack surface. Collectively, as an industry, we have so much work to do here.

Can you share a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?

Adaptiva’s OneSite Patch product proactively prevents attacks from happening by securing the endpoint and remediating vulnerabilities before they can be exploited. However, when attacks happen before a patch can be applied, we also offer the Endpoint Health product. That product allows companies to create automated workflows to solve compliance issues. For example, within a matter of hours of the announcement of the Log4j threat, Adaptiva jumped into action and created a brand-new custom health check using their Endpoint Health workflow authoring tool. Once the workflow had been created, customers could leverage the new Log4J health check to quickly and easily, using the Adaptiva OneSite Platform, check each one of their global endpoints and identify any endpoint that had the affected version. Without Adaptiva, IT teams would be forced to research and create PowerShell scripts, which could take hours or days to complete. It really is all about responding faster, and Adaptiva helps companies accelerate when it matters most.

As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a layperson can see or look for that might indicate that something might be amiss?

I spend more of my days thinking about prevention as opposed to response, but things that would concern me about my endpoint security would be:

• Unusually slow performance of my computer
• Locked out of multiple user accounts
• Insufficient bandwidth availability
• Several invalid login attempts from multiple locations, particularly outside the network

After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?

The company needs to see if there are patches available or things that can be done to immediately prevent the breach from causing additional issues. We have a metadata team who continuously scour the internet for new Windows OS, 3rd party applications, and driver patches. That way the minute a vulnerability is exposed or identified, customers have the ability to roll that out and react quickly. Time is critical in these scenarios.

Companies get in trouble when they leave things for too long while they’re analyzing it — that’s when they get exploited and the damages can really skyrocket. I encourage transparency as much as possible in these situations, both internally and externally. Companies that aren’t being transparent when breaches happen can damage their brand far beyond anything that the breach itself might do. Being transparent and super aggressive about reacting quickly to stifle the impact of those breaches is critical.

What are the most common data security and cybersecurity mistakes you have seen companies make? What are the essential steps that companies should take to avoid or correct those errors?

I can’t believe that in 2024, somewhere around 60% of devices are patched for a critical exploit within 14 days of that patch being rolled out. That is mind blowing in terms of the great risk a company is absorbing by leaving vulnerable endpoints exposed for weeks and potentially ready to be exploited. I know people are scared to move quickly and break things, but it’s so much worse to patch too slowly than too aggressively. It is critical that companies look for ways to automate and get rid of all these manual processes that are just putting their businesses further in danger.

A lot of this is psychological. Many people are so worried about rolling something out and having it go wrong, and then losing their job or being singled out for making a mistake, that it’s causing them to be incredibly cautious about patches and updates. I worry they hear stories like Alaska Airlines grounding their entire fleet due to a bad software rollout and it scares them from acting and makes them progress even slower. But that is the entirely wrong approach and is exactly what the adversaries want you to do. You need to move fast, but have guardrails in place to balance speed with control.

What are your “Five Things You Need To Create A Highly Successful Career In The Cybersecurity Industry?

1. Develop a fundamental curiosity about the space and a hunger to learn. Being inquisitive, learning and trying to educate yourself about all the different areas of cybersecurity is critical. There are a lot of wonderful free resources on the internet, such as LinkedIn Learning, that you can tap into now to get smarter on this space. I also encourage people to explore the new cybersecurity scholarships that Microsoft and the Women in Cloud (WIC) organization recently rolled out together.

2. Gain a breadth of work experiences at companies big and small. At a small company, you get to do more things in cybersecurity than you normally would. You can go deep and get smart and try a lot of things quickly. But it’s also interesting to work at a big company where you see how things can be done at scale and the level of rigor that goes into doing things at a high quality. Having both those experiences gives you a unique perspective.

3. Fall in love with data. In cybersecurity, more than any other area, we should trust the data. Reports and insights should be as real-time as possible because that should be what influences your decision-making process. Embracing tools, reports and analytics, and having all that information readily available at your fingertips, can help you make more informed cybersecurity decisions.

4. Never underestimate the power of sponsorship. Having that sponsorship from people who are in senior leadership positions is critical and some of that takes intentionally reaching out and fostering relationships and getting to know people. I encourage anyone in cybersecurity or tech in general to start forming relationships by asking questions and learning. Be curious about others and learn from those who are making an impact.

5. Make a concerted effort to do market research. When you’re deep in the pace of the day-to-day hustle and there’s so much going on, it can be hard to take the time to look around and see what is happening externally. I force myself to carve out some hours every week to do market research and keep myself current. Whether it’s analyzing the competition or just reviewing the websites and content posts of companies that are thought leaders in the cybersecurity space, it’s critical to keep your ear toward them so you’re not only looking inside your four walls. All of us in cybersecurity need to be continuously innovating and raising our game to the next level.

We are very blessed that very prominent leaders read this column. Is there a person in the world, or in the US with whom you would like to have a private breakfast or lunch, and why? He or she might just see this if we tag them :-)

Well if Oprah reads a lot about cybersecurity in her spare time then she gets the first invite because I grew up watching her interview hundreds of the most fascinating people and I am sure she has some terrific stories to share.

But if I could choose two individuals in technology who might actually consider this offer, the first person I would love to have breakfast with is Snowflake’s CMO Denise Persson. She helped to take a tiny company all the way up to billions in revenue and a juggernaut of growth. She grew the business by focusing on doing things at scale through automation. The creativity of Snowflake’s marketing has been something that I refer back to as a northstar for me in terms of what I want my technology marketing efforts to look like. I admire her career progression and what she’s done at that company in particular.

The other is one of the founders of CrowdStrike, George Kurtz. We’ve all seen the rocketship trajectory of that company. The amount of innovation that their leadership team has done so quickly has been fascinating to watch. George is interesting to me in terms of his technical acumen, his proactivity in identifying the next big thing in security, and his ability to get his teams aggressively innovating in that area. All of CrowdStrike’s competitors examine their execution and try to be fast followers. I know he came from an American racing background too. He likes fast cars and he is driving CrowdStrike to accelerate against the adversaries in a very similar way. I’m impressed with the pace of innovation that he has shown at that company, and I think it’s what really sets them apart. I’d love to hear a little bit of the insider tactics and strategies that he used to get there.

Thank you so much for these excellent stories and insights. We wish you continued success in your great work!

About The Interviewer: David Leichner is a veteran of the Israeli high-tech industry with significant experience in the areas of cyber and security, enterprise software and communications. At Cybellum, a leading provider of Product Security Lifecycle Management, David is responsible for creating and executing the marketing strategy and managing the global marketing team that forms the foundation for Cybellum’s product and market penetration. Prior to Cybellum, David was CMO at SQream and VP Sales and Marketing at endpoint protection vendor, Cynet. David is a member of the Board of Trustees of the Jerusalem Technology College. He holds a BA in Information Systems Management and an MBA in International Business from the City University of New York.