“The future is a boardroom with more security-aware business decisionmakers”

This series aims to demystify careers, challenge stereotypes, and inspire connections. Today we talk with Diana Kelley, Cybersecurity Field CTO at Microsoft.

Stephanie Lio
Apr 25, 2019 · 7 min read
Being a radio DJ taught Diana Kelley about being comfortable with public speaking. (Source: Getty Images)

Diana Kelley wears a lots of hats. As Microsoft’s Cybersecurity Field CTO, Diana brings over twenty-five years of cyber-risk and security experience to provide advice and guidance to CSOs, CIOs and CISOs at some of the world’s largest companies. In addition to her work at Microsoft, she serves on the ACM Ethics & Plagiarism Committee, is an Industry Mentor at CyberSecurity Factory, and guest lectures at Boston College’s Master of Science in Cybersecurity program. Diana is also the CTO and a Director of the non-profit Sightline Security, a member of the RSA US Program Committee for 2018–2020, an IEEE “Rock Star of Risk” in 2016, a frequent keynote speaker at major conferences, and is co-author of the book Cryptographic Libraries for Developers.

Diana Kelley wears many hats, including being the Cybersecurity Field CTO at Microsoft. (Source: Microsoft)

Diana, how would you summarize what you do?

If someone wanted to have your job one day, what qualities would they need to be successful?

This is ZeeBee, WZBC’s resident cat that Diana eventually took home. (Source: Diana Kelley)

He told me, “If you do your next monologue and you’re nervous, it will suck. If you’re not nervous, it might suck, but it also might be good.”

“If you’re not nervous, it might suck, but it also might be good.” (Source: Giphy)

We must emphasis the mindset of learning more than anything else in this industry.

What are you excited be learning right now?

Identity is becoming the new control plane. (Source: Microsoft)

What seismic shifts and trends are on your mind lately?

We have great capacity to access all the data wherever and whenever we want, in our work and personal lives, but this transformation also means that platform providers have to make sure there’s security built into the experience. We need to innovate on identity-centric protection, as identity becomes the new control plane.

How can security professionals better partner with their business counterparts to enable innovation, in a secure way?

Instead of just saying “no, we can’t do it”, explain “we could lose business and here’s why.”

Don’t just say no, explain how security risks impact the business. (Source: Giphy)

The future is a boardroom with more security-aware business decisionmakers.

“I always want to give audiences my very best.” (Source: NBC News)

Your role requires significant travel. What travel tips or rules do you follow to make life easier for yourself?

Going back to your DJ roots, if you had your own podcast or radio show, what would you cover?

Diana’s dream podcast may be about her dogs. (Source: Diana Kelley)
She loves her doggos. (Source: Diana Kelley)

Lastly, please settle a debate: Is a pop tart a ravioli?

Microsoft Cybersecurity

Stories from the frontlines of security, compliance, and…

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store