Women Reshaping The Cybersecurity Industry: Comcast’s Shena Seneca Tharnish On The Five Things You Need To Create A Highly Successful Career In The Cybersecurity Industry
An Interview With David Leichner
Be curious. To be successful in this field, you need to be constantly thinking of the different ways that a bad actor could take down a corporate network. You must consider what employees and customers are accessing, what technology they’re using, who they’re talking to, and all the other aspects that could impact an organization. It’s also important to think about what technologies support a business and what is important to an organization. Curiosity is key.
The cybersecurity industry has become so essential and exciting. What is coming around the corner? What are the concerns we should keep an eye out for? How does one succeed in the cybersecurity industry? As a part of this interview series we had the pleasure of interviewing Shena Seneca Tharnish.
Shena Seneca Tharnish is VP of Secure Networking and Cybersecurity Solutions for Comcast Business. She joined Comcast Business in 2017 after serving as SVP, Enterprise Network Infrastructure at PNC Bank for five years in Pittsburgh, PA, and as a senior leader at The Home Depot, Inc. for twelve years in Atlanta, GA. Shena has over 24 years of experience in Information Technology — leading and managing network engineering and application development services. Prior to joining The Home Depot, Tharnish worked as a network consultant with carriers MCI WorldCom and Concert Communications (BT/AT&T), designing wide area networks for businesses.
Thank you so much for doing this with us! Before we dig in, our readers would like to get to know you a bit. Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.
My journey to pursuing a career in cybersecurity was rather unique. I went to a performing arts high school and specialized in dance. While in the Empire State Ballet Company, where we toured around New York state, I got to witness what it was like to be a professional ballerina. I loved to dance, but when I saw how difficult this life was on the dancers, their bodies, minds, and wallets, I realized it wasn’t for me.
Once I graduated high school, I was encouraged to go in a technical direction. I enjoyed math and science and decided to pursue a field that suited my interests and provided more financial stability. I was accepted into the Rochester Institute of Technology and started off as an undeclared engineering major before enrolling in their telecommunications engineering technology program, which was a first at the time. I was very excited by the promise of getting into the growing telecommunications industry.
Upon graduation I was on a path to a career in telecommunications, which evolved into networking and security. Later in my career, I remember specifically becoming interested in cybersecurity while I was working in the financial industry. The U.S. financial sector was heavily targeted by DDoS attacks starting in 2012, threatening our economy. The nature of the attack and the severity of it was alarming to me, and has stuck with me ever since. That experience showed me that cybersecurity is something that will always be important — and I wanted to continue to be a part of it.
These experiences led me to Comcast Business, where I now serve as the VP of Secure Networking & Cybersecurity Products, leading a team of product and program management professionals that address common network and security challenges with targeted solutions and services for businesses of all sizes.
Are you working on any exciting new projects now? How do you think that will help people?
We are constantly working on adapting secure networking and cybersecurity to the evolving digital landscape. With heightened expectations for digital services, there are new pressures on business leaders and the IT infrastructures supporting them. Companies of all sizes need to provide secure, reliable digital experiences to users everywhere. In this context, the network has become the new competitive edge.
However, these demands also bring new challenges. As companies leverage more cloud technologies and public Internet services, there are new cyber security risk exposures that arise in today’s highly distributed enterprise environments. So, security strategies must evolve in parallel, especially as organizations adopt emerging technologies.
I am energized to be leading a team that helps guard enterprise digital assets against malicious attacks — no matter where they are connected.
The Cybersecurity industry seems so exciting right now. What are the 3 things in particular that most excite you about the industry? Can you explain or give an example?
I am excited that more women are getting into cybersecurity and the field of technology in general. Today’s leaders are paving the way for those now entering the profession. While we have come a long way in the tech industry, it is still crucial to encourage women to be curious and not shy away from a male-dominated field. The cybersecurity industry is always growing, and we welcome women that are excited to be a part of it.
Another facet of the industry that I am particularly excited about is technological advancements, like AI and ML, that are helping solve problems faster. AI is quickly evolving, and the benefits of AI to cybersecurity are immense. AI is extremely useful in helping organizations improve their security posture through analysis and detection. Whether it be analyzing threats or reducing response times, these technologies are going to help us keep up with the continuously evolving threat landscape.
Architectures like Zero Trust cybersecurity are also on the rise and provide exciting new opportunities for the industry. Zero Trust frameworks help reduce the impact of breaches by requiring all users, inside and outside of the organization, to be authenticated before accessing documents or data. By eliminating implicit trust and moving away from location-centric models, Zero Trust provides a more fine-grained security plan and helps shift the mindset around cybersecurity.
All of these factors are constantly evolving to improve the industry. It’s proof that even as cyber threats evolve, we will continue to find new ways to combat them. At Comcast Business, we are working to address these needs, starting with the network. Through an effective network foundation, security management processes, and integrated advanced security solutions, organizations can better protect key systems, data, and people.
What are the 3 things that concern you about the Cybersecurity industry? Can you explain? What can be done to address those concerns?
First and foremost, the volume of cyberattacks is increasingly becoming a concern. Between the number of devices people have and the volume of data these devices contain, there is no shortage of targets or opportunities for hackers. With the addition of technologies like the cloud or Internet of Things (IoT), there are also more entry points for hackers to exploit. While advancements in technology are exciting for consumers, they provide new vulnerabilities and opportunities for cybercriminals that we must be aware of.
Second, the bad guys are really good at working together, while the good guys are not yet as collaborative. Hackers are collaborating and sharing information, so their speed to impact is faster than what we’re doing to defend networks from devastating attacks like ransomware, denial-of-service, phishing, and spoofing. The private and public sectors need to collaborate more effectively to protect Americans and safeguard our nation’s digital assets.
Third, business leaders are increasingly facing the threat of cybersecurity today, all while trying to fill a talent gap that is needed to combat it. This is a perfect storm. To address the shortage of cybersecurity talent, enterprises must upskill internal IT resources through third-party security education and certification programs and through widespread internal cybersecurity training. Offering training on the company’s dime will make employees more willing to jump into the field. Another approach is using specialized third-party vendors or managed security service providers (MSSPs) who can assume some aspects of a company’s security duties.
Can you share how you are helping to reshape the cybersecurity industry?
We’re helping businesses of all sizes take a multi-layered approach to protect global networks against fast-changing and malicious attacks. Our full range of global secure networking solutions provides connectivity, security, and application control, as well as threat monitoring and response for single and multi-site customers.
We have also placed a bigger emphasis on cybersecurity for small-to-medium-sized businesses. While many small businesses believe themselves to be safer than enterprises, they are not. In fact, Comcast Business’ 2022 Small Business Cybersecurity Report estimates that companies with fewer than 100 employees are three times more likely to experience a cyberattack than enterprises. This is likely because many small businesses often don’t have the resources to support a cybersecurity team.
By following several simple steps, like securing endpoints, applying security patches, and deploying firewalls, small businesses can keep their defenses current amid a growing wave of cyber threats.
After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?
In the event of a cyberattack, time is of the essence. The next steps will depend on the type of attack. An incident response plan will help guide businesses on what steps to take and outline who is responsible for each action. A plan should include a team with clarified roles, specific procedures for each kind of attack, and documentation during the process. It is vital to contain the cyberattack and reduce or limit the blast radius to protect sensitive information.
In all cases, IT experts should be notified so they can take the appropriate steps to stop the attack and prevent it from occurring again.
After an attack, businesses should evaluate their current cybersecurity plan and fill in any weak spots. It is crucial to understand the different types of attacks, like DDoS, ransomware, phishing, and clickjacking, to recognize them and protect against them.
What are the most common data security and cybersecurity mistakes you have seen companies make? What are the essential steps that companies should take to avoid or correct those errors?
One of the most common mistakes companies make is assuming that they simply need one cybersecurity product for protection. However, without numerous layers to a cybersecurity plan, organizations are not considering every possible threat. I like to think of a vehicle in this scenario — the tires, hard exterior, seat belts, and air bags all combine to provide protection to drivers and passengers. Similarly, it is crucial to have a complex protection plan for cybersecurity, with multiple layers and steps to prevent an attack, thus providing defense in depth.
Another mistake is denying that it could happen to them. Everyone is a target for cyber-attacks and therefore every business must have a plan in place. Understanding the threat landscape is the first step toward protection.
Businesses must also identify their key assets and look for any weak spots in order to protect devices and data. It is important to know what specifically is at risk to take steps to protect it. For example, profit is a big motivator for cyberattacks. Hackers can make money by selling stolen credentials, customer data, financial information, and intellectual property. If the network houses any of this data — and there’s a good chance that it does — it must be well-protected.
Once companies are aware of these threats, they can then work toward protecting their network access, educating users, implementing the right tools, and creating a comprehensive cybersecurity plan.
Thank you for all of this. Here is the main question of our discussion. What are your “Five Things You Need To Create A Highly Successful Career In The Cybersecurity Industry?
1 . Be curious. To be successful in this field, you need to be constantly thinking of the different ways that a bad actor could take down a corporate network. You must consider what employees and customers are accessing, what technology they’re using, who they’re talking to, and all the other aspects that could impact an organization. It’s also important to think about what technologies support a business and what is important to an organization. Curiosity is key.
2 . Understand business and what bad actors are after. It is crucial to know where the crown jewels are at any given company. Focus your attention on major intellectual property, what drives the business, and what drives revenue. Understanding this aspect of business allows you to determine where to focus your attention and cybersecurity investments.
3 . Understand networking as well. Networking and security go hand in hand now, so you need to have a deep understanding of networking and technology as a whole.
4 . Know your value and hold your seat at the table. This is especially true if you’re a woman breaking into the industry. There are so many female role models that I look up to, and we are now seeing females in CISO positions and other highly regarded roles. You have to be willing to take the steps, and you can make it in this industry.
5 . Be a mentor. It’s important to look for mentors and to be willing to help others in the industry — specially to attract new talent. That’s why I’m always finding opportunities to mentor others, including women who are interested in the cybersecurity field.
Thank you so much for joining us. This was very inspirational, and we wish you continued success in your important work.
About The Interviewer: David Leichner is a veteran of the Israeli high-tech industry with significant experience in the areas of cyber and security, enterprise software and communications. At Cybellum, a leading provider of Product Security Lifecycle Management, David is responsible for creating and executing the marketing strategy and managing the global marketing team that forms the foundation for Cybellum’s product and market penetration. Prior to Cybellum, David was CMO at SQream and VP Sales and Marketing at endpoint protection vendor, Cynet. David is a member of the Board of Trustees of the Jerusalem Technology College. He holds a BA in Information Systems Management and an MBA in International Business from the City University of New York.
