Women Reshaping The Cybersecurity Industry: Comcast’s Nicole Bucala On The Five Things You Need To Create A Highly Successful Career In The Cybersecurity Industry

An Interview With David Leichner

Be able to work quickly, in an organized fashion — the problems we are solving are highly dynamic, and they require sustained energy to solve.

The cybersecurity industry has become so essential and exciting. What is coming around the corner? What are the concerns we should keep an eye out for? How does one succeed in the cybersecurity industry? As a part of this interview series we had the pleasure of interviewing Nicole Bucala.

Nicole Bucala is a cybersecurity executive who specializes in launching innovative product lines and driving growth through strategic partnerships. She has held strategy and operations, strategic alliances and business development leadership positions at VC-backed startups as well as larger public and private-equity-backed global cybersecurity vendors, demonstrating a unique ability to bring order to chaos, and agility to process. She currently leads CTS’ Cybersecurity BU as Vice President and General Manager, where she is in charge of the overall development and commercialization of Comcast’s security data fabric platform. Prior to Comcast, she held senior leadership or executive roles at Zscaler, Illusive Networks and RSA Security. Before entering commercial cybersecurity, she founded and served as CEO of MIFCOR, an early-stage biotechnology startup, and began her career serving her country by conducting counterterrorism operations for the U.S. government. Bucala holds a bachelors of science from MIT, a Masters of Science from Georgetown Medical School and an MBA from Harvard Business School.

Thank you so much for doing this with us! Before we dig in, our readers would like to get to know you a bit. Can you tell us a bit about your backstory and how you grew up?

My father’s family immigrated to the United States from Europe following World War II, during which time, both of his parents were held by the Nazis in concentration and work camps, respectively. Both grandparents were liberated and proceeded to receive an education in Switzerland and England; following that, they came to the United States where they built a home and careers in aeronautical engineering and insurance. As a child of immigrants, my father instilled in our family the mentality that education was the most important thing we had; despite all the evils in this world, no one could take one’s knowledge away.

Is there a particular book, film, or podcast that made a significant impact on you? Can you share a story or explain why it resonated with you so much?

“Surely you’re joking, Mr. Feynman!” written by the legendary physicist Richard Feynman is one of the books that inspired me to think critically, creatively and positively about how to solve meaningful world problems with novel engineering approaches. Richard Feynman is an inspiration to people who want to challenge the status quo with data-driven, real-life applications of scientific logic and experimentation.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

My first job out of college involved working counterterrorism operations for the US Government. There, I learned the art of the possible when it came to the types of warfare one can inflict in the cyber space. I was inspired to migrate to the private sector where I saw an opportunity to move fast to innovate and address some of the most important problems in cyber defense.

Are you working on any exciting new projects now? How do you think that will help people?

“DataBee™, from Comcast Technology Solutions, is a security, risk and compliance data fabric and emerging technology solution I am bringing to market. DataBee brings together a wide range of disparate data sources from both security & non-security products into a common schema, where it is normalized and enriched. From there, analysts across enterprises can query this repository to get answers to the most complex of questions related to security, compliance, and risk questions.“

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry seems so exciting right now. What are the 3 things in particular that most excite you about the industry? Can you explain or give an example?

Cybersecurity is exciting because it’s so challenging and things change quickly. New inventions in the digital space frequently are accompanied by inadvertent vulnerabilities that could be exploited. In some sense, cybersecurity professionals are frequently in catch-up mode — and the very nature of the speed with which things change is what makes it so interesting.

What are the 3 things that concern you about the Cybersecurity industry? Can you explain? What can be done to address those concerns?

It’s hard for buyers to select the right products, and that leaves companies vulnerable to attacks. Several factors contribute to making this a difficult process, including:

1. There are literally thousands of vendors to choose from.
2. Many vendors have products that sound extremely similar, so it’s hard for buyers to know what’s right for them without conducting a lengthy trial process of many product offerings.
3. The above two factors make the buying cycle long. In addition, deployment processes for some of these products are also very long. During the buying and deployment windows, companies may remain vulnerable to new security threats.

Can you share how you are helping to reshape the cybersecurity industry?

The team at DataBee understands cybersecurity analytical products are only as good as the data on which those algorithms run. To date, there’s been more emphasis in the vendor community on developing and selling downstream analysis & reporting, rather than focusing on upstream data completeness, integrity and quality. We’re here to change that; we focus instead on revolutionizing the way security professionals think about data, and we are leading this movement with an architectural transformation designed to speed up time to value while lowering costs of data retention and analysis.

As products, devices and vehicles become connected, this is creating a new and emerging threat vector. How do you think manufacturers and their customers should prepare to be as safe as they can be?

Anytime there is digital innovation, new digital risk is created. The best way to stay ahead of the cyber criminal is to think like one. Producers of connected vehicles and devices should be developing with a security mindset, and it’s helpful for companies to have red-teams that can take offensive positions to game out situations to evaluate risk and build in safeguards against likely threat scenarios.

Can you share a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?

One of the things that is perhaps unique about security is that we security professionals don’t like to draw attention to ourselves. Publicizing breaches can actually attract more cyber criminals. To uphold the code of safety and integrity in our sphere, I like to refrain from speaking about specific breaches in the industry.

As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a layperson can see or look for that might indicate that something might be amiss?

A layperson should trust their gut. If you get an email or text message with odd spelling errors, that seems to be from a person you know but has an email address you don’t recognize, or has any other red flags, don’t respond to it or click on it or any links inside of it. Instead, immediately alert your security officer.

After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?

It really depends on the company and the situation. Generally speaking, one of the most important things any company can do is make sure that they are being responsive and transparent with their staff and their customers about any potential impact of a breach. Oftentimes, staff and customers are targeted by malicious hackers to gain network access, and so bringing staff and customers into the fold of awareness about an incident can ensure these people stay alert and do not fall victim to a phishing email, scam or other social engineering that a hacker could use to gain network access, elevate privileges and move laterally towards their target.

What are the most common data security and cybersecurity mistakes you have seen companies make? What are the essential steps that companies should take to avoid or correct those errors?

I would say that every environment and company is different. One thing that is common to all security, risk and compliance roles is the need to have the right data at their fingertips in order to make the right decisions. To date, many companies have focused on procuring AI/ML technologies and dashboarding technologies designed to render answers to key questions. However, these same companies are not simultaneously also focusing on making sure that the data feeding into the AI/ML and dashboarding technologies is complete, accurate and up to date. Without focusing on the integrity and completeness of the data upstream, companies are finding that, despite best of breed analysis solutions, they are still being left in the dark when it comes to cybersecurity.

Thank you for all of this. Here is the main question of our discussion. What are your “Five Things You Need To Create A Highly Successful Career In The Cybersecurity Industry?

1 . A desire to learn — the industry is always changing, and every experience brings new challenges and new learnings.

2 . Creativity — the dynamic nature of product development in security creates opportunities to do things that have not been done before.

3 . Passion — cybersecurity problems can be grave and challenging, so it’s important that people working to address these challenges care about the outcome.

4 . Think in a data-driven manner — this is a highly competitive industry where many decisions may present themselves, so having a rigorous, structured and quantitative outlook to decision making is key.

5 . Be able to work quickly, in an organized fashion — the problems we are solving are highly dynamic, and they require sustained energy to solve.

We are very blessed that very prominent leaders read this column. Is there a person in the world, or in the US with whom you would like to have a private breakfast or lunch, and why? He or she might just see this if we tag them :-)

Michal Braverman-Blumenstyk runs Microsoft Israel R&D and is an inspiration to women in cyber globally. I would love to learn about how she has pioneered her cybersecurity portfolio and navigated her career so successfully.

Thank you so much for joining us. This was very inspirational, and we wish you continued success in your important work.

About The Interviewer: David Leichner is a veteran of the Israeli high-tech industry with significant experience in the areas of cyber and security, enterprise software and communications. At Cybellum, a leading provider of Product Security Lifecycle Management, David is responsible for creating and executing the marketing strategy and managing the global marketing team that forms the foundation for Cybellum’s product and market penetration. Prior to Cybellum, David was CMO at SQream and VP Sales and Marketing at endpoint protection vendor, Cynet. David is a member of the Board of Trustees of the Jerusalem Technology College. He holds a BA in Information Systems Management and an MBA in International Business from the City University of New York.