Women Reshaping The Cybersecurity Industry: Mona Ghadiri Of BlueVoyant On The Five Things You Need To Create A Highly Successful Career In The Cybersecurity Industry

An Interview With David Leichner

Cybersecurity can be isolating and lonely sometimes, and often can be draining. Bringing others with you creates relationships that you can rely on when things are tough.

The cybersecurity industry has become so essential and exciting. What is coming around the corner? What are the concerns we should keep an eye out for? How does one succeed in the cybersecurity industry? As a part of this interview series we had the pleasure of interviewing Mona Ghadiri.

Mona Ghadiri is cybersecurity and product management expert specializing in Security Operations, Managed Detection and Response (MDR), and Microsoft Security, Compliance, and Identity (SCI) solutions. She is a Microsoft Security Most Valuable Professional (MVP) award recipient and serves as the Director of Product Management for Microsoft at BlueVoyant, the 2023 Security MSSP of the Year in the 2023 Microsoft Excellence Awards. She holds an MBA from the University of Illinois at Urbana-Champaign.

Thank you so much for doing this with us! Before we dig in, our readers would like to get to know you a bit. Can you tell us a bit about your backstory and how you grew up?

I have three sisters (including a twin!) and grew up in Illinois. We lived in a bilingual household where we spoke English and Farsi — my dad is from Iran, something I culturally treasure to this day and pass on to my own kid. I graduated from Grinnell College with a double major in Anthropology and History and I have an MBA from the University of Illinois. I grew up always having a computer nearby because of my dad, and I have never said no to a challenge. This is how I ended up close to computers after a 5 year stint in manufacturing engineering, where I got into Lean manufacturing and the Toyota system as a project engineer/program manager/process engineer in injection molding working on refrigerators, cars, and bottle caps at various points. That’s for a whole other interview!

Is there a particular book, film, or podcast that made a significant impact on you? Can you share a story or explain why it resonated with you so much?

I love the movie Monsters Inc. The premise that something that scares us gives others power is so real, especially in cybersecurity. But similar to Monsters Inc., laughter and excitement are even more powerful.

It made a huge impact on me because as a woman either in manufacturing or in cybersecurity, there is plenty to be scared of or worried about, but excitement is infectious. I remember that when I get anxious before a big presentation.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

This is going to sound corny, but the Matrix. The idea of taking the red pill or the blue pill and being a hacker and interacting with something invisible on the internet was wild, and falling into this whole other world…it blew my mind. To be clear, cybersecurity completely lived up to my expectations of being an entire other world and invisible things on the internet are absolutely worth being worried about.

Are you working on any exciting new projects now? How do you think that will help people?

Yes! Cybersecurity is undergoing monumental change. Even in the 7 years I have been in cybersecurity, endpoint monitoring and detection has changed substantially. An individual analyst can’t scale. We can’t investigate fast enough. Time is finite. I am working on building cybersecurity services that help attack both the talent gap and the investigation speed gap. It will help people be focused on battling other humans who are trying to take things or be destructive or disruptive.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry seems so exciting right now. What are the 3 things in particular that most excite you about the industry? Can you explain or give an example?

1. Every day is different. New tools, attack methods, and groups are engaging in creative and destructive tasks. I am excited about the ability of good guys to keep up.
2. I am excited about cloud security advancements in AI for cybersecurity, like Security CoPilot. Security Copilot will transform Security Operations.
3. I am excited about Microsoft consolidating cyber technologies into meaningful signals and directive intelligence. There isn’t another company out that has moved so swiftly and certainly into a $20 billion cybersecurity company.

What are the 3 things that concern you about the Cybersecurity industry? Can you explain? What can be done to address those concerns?

1. Its not diverse enough!
2. Diversity comes by providing diverse opportunities to learn the material. College or certifications or YouTube classes may all deliver the same end outcome. Who is to say which is better? It’s more about what is best for you, but we need to be encouraging folks to do something other than doomscroll.
3. The teams we have who are currently focused on cyber outcomes are bifurcated. We are still siloed in these different teams and groups between compliance and cybersecurity and identity and end user computing.
4. Cybersec_rity is missing without u
5. Kidding but serious…there aren’t enough people who believe cybersecurity is in their job description. End user awareness training is getting better, but it is still pretty dry. The cybersecurity industry is full of creative and talented people. There has to be something better out there training wise.

Can you share how you are helping to reshape the cybersecurity industry?

I came into cybersecurity from manufacturing. I bring a different outlook to Security Operations Centers (SOCs) by thinking about cybersecurity through the lens of the Toyota Process. There is a “just in time” component to cybersecurity delivery, the same as in a manufacturing plant making plastic bottle caps. Enriching EVERY alert is too expensive and takes too much time. Inspecting every bottle cap at 3600 caps a minute is impossible. We need better automation and inspection lines. I’m helping build them.

As products, devices and vehicles become connected, this is creating a new and emerging threat vector. How do you think manufacturers and their customers should prepare to be as safe as they can be?

As much as they want you to connect, be savvy about what should be segmented. Keep your work life and home life separate — using different profiles or separate devices can help, even if it feels clunky.

Can you share a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?

We were developing a new workbook for a customer looking for known evidence of Indicators of Compromise (IOCs). Within hours of deploying the workbook, we had a particular IOC in this case, an IPs attacking Ukraine Honeypots campaign. When reviewing the logs, we noted that the source has been blocked thousands of times — but then in the last day, allowed on a high port.

We were able to cross verify with threat hunting and determine the blast radius. This kind of detection capability is unique to MDR services like ours. We have to look both inside and outside for the bad actor evidence when we escalate SOC alerts, and use non-traditional ways to determine bad actors outside of detection alerts firing.

As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a layperson can see or look for that might indicate that something might be amiss?

1) Watch your alerts…I know we get so many push notifications, but double check which ones you allow and don’t allow.

2) Also, make it a point to check your bank accounts and credit cards on a regular basis. If they contact you, verify it’s actually them!

3) If you are contacted and notified you were part of a breach, don’t ignore it!

After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?

Check if you have cyber insurance and hire a company with a lot of experience that you trust for your incident response retainer.

What are the most common data security and cybersecurity mistakes you have seen companies make? What are the essential steps that companies should take to avoid or correct those errors?

Not reviewing access on a regular basis. How and where we provide access to corporate resources changes every single day. Essential steps to correct these errors are to review how much access is given to whom and decide whether they need that long term or not in a way that matches how fast the organization is moving.

I’ve also seen companies treat cybersecurity as a Friday afternoon activity. I cannot stress enough that this world really is like the Matrix. Once you start seeing it, you can’t unsee it. Periodic assessments are just not enough. Continuous monitoring is the new standard because that is how fast bad actors are moving.

Thank you for all of this. Here is the main question of our discussion. What are your “Five Things You Need To Create A Highly Successful Career In The Cybersecurity Industry?

1 . Be bold.

Cybersecurity is a place where new or different thinking is needed and welcome. My background in manufacturing makes me think about problems and design differently than someone with a background in computer science. We need all kinds of thinkers.

2 . Choose your choices.

The person on the other side of the computer is making choices every day. Own the choices you make.

3 . Treat others as you would like to be treated

No one wants pontification where pleasant conversation can happen. If you believe there is something to learn from you, there is something to be learned from everyone else.

4 . Participate in product feedback

The tools we use need feedback from their users to improve. Being part of product development is part of being a good cyber citizen. To some, that means bug bounties, to others that means vendor product design sessions. We all have a role to play in making things better in our industry.

5 . Bring others along with you

Cybersecurity can be isolating and lonely sometimes, and often can be draining. Bringing others with you creates relationships that you can rely on when things are tough.

We are very blessed that very prominent leaders read this column. Is there a person in the world, or in the US with whom you would like to have a private breakfast or lunch, and why? He or she might just see this if we tag them :-)

I would love to have a private lunch with Ada Lovelace, though she is long departed. If I was to choose someone today, it would be someone like Debbie Wheeler or Mary Gallighan.

Thank you so much for these excellent stories and insights. We wish you continued success in your great work!

About The Interviewer: David Leichner is a veteran of the Israeli high-tech industry with significant experience in the areas of cyber and security, enterprise software and communications. At Cybellum, a leading provider of Product Security Lifecycle Management, David is responsible for creating and executing the marketing strategy and managing the global marketing team that forms the foundation for Cybellum’s product and market penetration. Prior to Cybellum, David was CMO at SQream and VP Sales and Marketing at endpoint protection vendor, Cynet. David is a member of the Board of Trustees of the Jerusalem Technology College. He holds a BA in Information Systems Management and an MBA in International Business from the City University of New York.