Caroline Wong is Vice President of Security Strategy at Cobalt.io, a published author on security metrics, and an active Office of the Cloud member. She's leading Office of the Cloud's next event: a cloud security happy hour on March 23, 2017 (click here to RSVP).
Caroline, what initially attracted you to working in cloud tech?
I’ve worked in the information security industry for more than a decade now, and during the last several years I’ve focused on application security. As technology evolves and businesses innovate, I think it’s extremely important to question traditional ways of thinking when it comes to securing applications that are hosted in the cloud.
I see more and more organizations choosing to leverage the cloud for managing their technology infrastructure, and this is resulting in a major shift in the entire information security sector. The application layer remains a primary point of control for both developing new software as well as introducing new vulnerabilities, and as an industry we have got to be creative and effective in developing modern solutions for securing applications and data.
What accomplishment are you most proud of in your career?
In 2011, I published a textbook with McGraw-Hill on Security Metrics. In 2012, my book was #6 on the RSA best seller list, and in 2013, my book was #1 on the list.
What future innovation are you most excited about?
I am excited about what the crowdsourcing means for application security. I crowdsource my transportation when I ride Uber or Lyft, I crowdsource my lodging when I stay at an Airbnb, and I even crowdsource my clothing design when I shop at Betabrand. Crowdsourced application security has been proven to work with public bug bounty programs, and it is disrupting the traditional application security penetration testing space, too. There is a major talent shortage going on right now in information security, and a crowdsourced penetration testing platform can provide organizations with access to quality global talent, allowing application security practitioners to more effectively test and secure their web applications, mobile applications, and APIs.
What can our industry do better to recruit and retain women in tech leadership roles?
I think that visibility is huge, and a blog like this one helps a lot. When I was a young girl thinking about what I wanted to do for a career, I didn’t know what the life of a technology executive was like, so I couldn’t dream about doing it myself. I thought only about doing the things that I could see in my daily life. I went to school, so I thought about being a teacher. My dad was a lawyer, so I thought about practicing law. I went to the doctor, so I thought about studying medicine. My dad encouraged me to study electrical engineering and computer science because he knew that technology would be the way of the future. I am grateful for his influence, and the life that I have today because of my technology skills. I want girls and women to know what it is really like to work in tech leadership, so that they can want it too.
What advice do you want to share for women in earlier stages of their cloud tech careers or how to get involved
Learn everything you can, and pay attention to how you feel. Take advantage of industry groups, meetups, webinars, seminars, and conferences. Introduce yourself to people you meet and inquire about what they do, and how they got to where they are today. Look up job descriptions for the role you want in 5 years, and work hard to put those requirements on your resume today.