Women Reshaping The Cybersecurity Industry: Kate Bolseth Of Fortra On The Five Things You Need To Create A Highly Successful Career In The Cybersecurity Industry

An Interview With David Leichner

Don’t get overwhelmed. Get going. There will always be more work to be done than hours in the day, but you can’t let that stop you. Work with your team to ruthlessly prioritize projects, create a solid plan, and start executing today.

The cybersecurity industry has become so essential and exciting. What is coming around the corner? What are the concerns we should keep an eye out for? How does one succeed in the cybersecurity industry? As a part of this interview series we had the pleasure of interviewing Fortra CEO Kate Bolseth.

Kate joined Fortra in 2015 and was responsible for setting strategy and overseeing execution of all operational functions until her 2019 appointment as CEO. Prior to joining Fortra, she held numerous C-level and executive roles at companies including Jingit, Amcom Software — now Spok, and HighJump. Throughout her career, Bolseth has championed product vision and execution, improved time to market for product solutions, improved operational excellence and delivery, and helped drive financial growth and profitability.

Thank you so much for doing this with us! Before we dig in, our readers would like to get to know you a bit. Can you tell us a bit about your backstory and how you grew up?

I knew early on in life that my career would see me using technology to help people. My father was an engineer and my mother had a degree in psychology, and both helped mold and had a positive influence on my career.

I used to work with my father in the basement fixing motherboards and that’s when I realized that I had a very analytical and problem-solving mindset. This combined with learning how to understand and work with different types of people from my mother helped shaped who I am as a leader today.

After receiving my B.S. in Quantitative Methods and Computer Science from the University of St. Thomas in St. Paul, MN, I set out to do my part to help change the software and technology world for the better.

Throughout my career, I’ve helped companies grow by championing product vision and execution, driving sales, improving time to market for product solutions, improving operational excellence and delivery, and driving significant financial growth and profitability.

This eventually led me to joining Fortra in 2015 where I’ve transitioned between several roles, including Chief Operating Officer, before becoming CEO in 2019.

Is there a particular book, film, or podcast that made a significant impact on you? Can you share a story or explain why it resonated with you so much?

The Slight Edge — it’s not that it was groundbreaking, more so that it promotes doing the things that get you to success and the concept of compounding results. It’s the little things that seem inconsequential adding up.

Are you working on any exciting new projects now? How do you think that will help people?

Our vision at Fortra is to simplify security for our customers and we’re working on a very exciting project to integrate our cybersecurity solutions onto one platform. We’ll combine capabilities, share threat intelligence, and automate processes to make security management easier for our customers. This is important when customers are struggling with the sheer volume of security alerts they handle on a daily basis and have a shortage of skilled resources to manage them. We’re developing the platform alongside our customers to ensure they get the first-class experience they’ve come to expect from Fortra and we can’t wait to extend its introduction to the wider community starting in the Fall of 2023.

What are the 3 things that concern you about the Cybersecurity industry? Can you explain? What can be done to address those concerns?

It’s concerning that the industry still has a workforce skills gap of 3.4 million people, but we welcome the newly announced National Cyber Workforce and Education Strategy that seeks to raise the bar for cybersecurity and help employers expand and diversify their workforces. Education has a role to play at every level, especially college-level programs and internships, and vendors need to work with these institutions to ensure students are equipped with the skills they need so they can ramp up quickly when they enter the workforce.

The lack of skilled resources makes it difficult for organizations to manage their cybersecurity effectively so the sooner the industry can close the workforce skills gap the better. But we can’t wait around for those jobs to be filled. As vendors have to relieve this burden by making our software solutions more effective and efficient. Organizations have too many security tools — many of which are not being used to their full advantage. Working with vendors that can offer a portfolio with a wide breadth of solutions along with interoperability and integrations will provide much needed time saving advantages to customers.

Phishing continues to be a major concern for the industry. According to research, 36% of data breaches involve phishing attacks. Initiatives such as Terranova Security’s Gone Phishing Tournament offers organizations the chance to benchmark their resilience to phishing attacks against global standards. It’s an exciting event and also a good way to build a robust cyber-aware culture.

The Cybersecurity industry seems so exciting right now. What are the 3 things in particular that most excite you about the industry? Can you explain or give an example?

There are many reasons to be optimistic about cybersecurity right now and I agree, it’s exciting. For one, we’ve made so much progress together as an industry in sharing best practices, resources, experiences, and intelligence, and we’re seeing a real shift in the landscape driven by this collaboration. Working together has sped up the rate of innovation in our defense against adversaries, making it harder for them to be successful, and the industry is so much stronger for it. Our recent collaboration with Microsoft and Health-ISAC to stop cybercriminals from abusing security tools is a great example of this in practice.

Another exciting achievement is the change in the way security is now perceived. Compared to decades ago, security is now top of peoples’ minds when designing and implementing new products and technology — it’s no longer an afterthought. “Secure by design” is now central to development processes. In fact the entire organization is more security conscious across the board and this makes us stronger against those who threaten to destabilize our economies for monetary or political gain. It feels like the tide is starting to turn.

The third thing I find exciting is how the education system is embracing cybersecurity. We are seeing an increase in teaching cybersecurity fundamentals at the grade school level as well as colleges and universities working with the security community to create curriculums. I expect these to not only help address the workforce skills shortage but by driving awareness early it will help create a stronger security culture.

Can you share how you are helping to reshape the cybersecurity industry?

There are three pillars that represent who we are at Fortra as a positive changemaker for cybersecurity — problem solver, proactive protector, and relentless ally. We are reshaping the industry by bringing leading solutions into one best-in-class portfolio. In doing so the organizations we work with can create a stronger line of defense from a single provider. Our team of experts stay ahead of the ever-evolving threat landscape and collaborate with customers to ensure the solutions we provide reduce risk while also support business productivity.

As products, devices and vehicles become connected, this is creating a new and emerging threat vector. How do you think manufacturers and their customers should prepare to be as safe as they can be?

To make connected products safer and reduce the risk of cyberattacks, manufacturers are integrating defense mechanisms into the design process from the outset. Using the “security by design” approach I mentioned earlier, potential risks and vulnerabilities can be minimized at an early stage. Customers also need to be proactive in making sure they understand the security implications and continuously check for software updates to ensure their version is current. We are also seeing a lot of manufacturers look to us for help in securing not only their organization, but their entire supply chain too.

As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a layperson can see or look for that might indicate that something might be amiss?

Organizations should encourage employees to spot and report the following suspicious activity:

• You receive an email asking for personal information, to download some software or click on a link or QR code — your corporate email should have a function where you can report phishing and other suspicious emails.
• Your computer is running really slowly all of a sudden — this could be a sign of malware or a computer virus and should be reported to IT.
• Customers are asking you about emails you didn’t send or calls you did not make — this could be business email compromise or voice phishing, and cybercriminals may have illegally obtained your customer details.
• Vendors are asking if you’ve changed your bank account details — this could be cybercriminals trying to defraud. Make sure customers know to verify these requests through other means.
• Someone external has detailed information the company has not yet released — this could be the result of a data leak.
• You receive an email from company leadership urgently needing you to purchase gift cards and provide the information to them immediately.

After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?

1. Stay calm
2. Activate your Incident Response plan which should include your stakeholders (internal and external), their roles and responsibilities, containment and eradication plans, and communication plan.
3. Once you are back to normal business operations you should also do a full investigation of the incident. Often this is done though a 3rd party that specializes in Digital Forensics and Response (DFIR).
4. Analyze the learnings from the investigation to understand how to prevent or minimize the chances of this happening again.
5. Create a plan to implement learnings.

What are the most common data security and cybersecurity mistakes you have seen companies make? What are the essential steps that companies should take to avoid or correct those errors?

I’ll keep this one to a top three:

• “Checkmark compliance” — This is where an organization does the bare minimum to meet compliance requirements. Doing the bare minimum to achieve compliance typically leads to complacency which leads to breaches. Being compliant doesn’t mean you are secure. However, if you are secure then you will be compliant. This is an important shift of focus.
• “Set it and forget” — This is where an organization invests in purchasing and deploying security tools but doesn’t invest in ongoing management. Security tools require constant tuning to eliminate false positives, improve efficacy, and gain actionable insights.
• Patching Program — The top ransomware exploits use about a dozen vulnerabilities that were introduced more than four years ago. The patches for these vulnerabilities have been around for years. Organizations need to maintain a disciplined patching program which includes alignment between security and IT.

Thank you for all of this. Here is the main question of our discussion. What are your “Five Things You Need To Create A Highly Successful Career In The Cybersecurity Industry?

1 . Collaboration. Building a career in cybersecurity is not an individual endeavor, it’s a team sport. Whether that’s working with a mentor, an internal team, or with peers throughout the industry to make a difference in our space. I mentioned earlier that as an industry, working together can speed up the rate of innovation in our defense against adversaries, making it harder for them to be successful. Our recent collaboration with Microsoft and Health-ISAC to stop cybercriminals from abusing security tools is a great example of this in practice.

2 . Agility. In cybersecurity, new challenges are popping up every single day. You and your organization need to be able to pivot, reprioritize, and keep things moving — all while ensuring your customers are always your number one priority. The Log4j vulnerabilities from 2021 is an example that I think almost everyone in the cybersecurity industry can relate to.

3 . Don’t get overwhelmed. Get going. There will always be more work to be done than hours in the day, but you can’t let that stop you. Work with your team to ruthlessly prioritize projects, create a solid plan, and start executing today.

4 . Stay informed. It’s critical to balance getting work done with keeping up on all the latest trends — not only vulnerabilities but also solutions. Spend time reading the latest news and content, connect with customers and prospects to learn about their biggest cybersecurity challenges, and network with peers in the industry. Our customers truly drive what we do, and connecting with them is not only one of our biggest assets, but it’s one of my favorite things about my job.

Thank you so much for these excellent stories and insights. We wish you continued success in your great work!

About The Interviewer: David Leichner is a veteran of the Israeli high-tech industry with significant experience in the areas of cyber and security, enterprise software and communications. At Cybellum, a leading provider of Product Security Lifecycle Management, David is responsible for creating and executing the marketing strategy and managing the global marketing team that forms the foundation for Cybellum’s product and market penetration. Prior to Cybellum, David was CMO at SQream and VP Sales and Marketing at endpoint protection vendor, Cynet. David is a member of the Board of Trustees of the Jerusalem Technology College. He holds a BA in Information Systems Management and an MBA in International Business from the City University of New York.