Caroline Wong is the Vice President of Security Strategy at Cobalt. Caroline’s close and practical information security knowledge stems from broad experience as a Cigital consultant, a Symantec product manager, and day-to-day leadership roles at eBay and Zynga. She is a well known thought leader on the topic of security metrics and has been featured at industry conferences including RSA (USA and Europe), OWASP AppSec, and BSides.
Caroline was featured as an Influencer in the 2017 Women in IT Security issue of SC Magazine and has been named one of the Top Women in Cloud by CloudNOW. She received a 2010 Women of Influence Award in the One to Watch category and authored the popular textbook Security Metrics: A Beginner’s Guide, published by McGraw-Hill in 2011. Caroline graduated from U.C. Berkeley with a B.S. in Electrical Engineering and Computer Sciences and holds a certificate in Finance and Accounting from Stanford University Graduate School of Business.
How did you get to become an expert in cybersecurity?
In college, I studied Electrical Engineering and Computer Sciences at U.C. Berkeley. During my junior year, I did an internship at eBay in IT Project Management. When I graduated I wanted to work for eBay full time, but there was a hiring freeze in the IT department. I was recruited for an entry-level position on the Information Security Team helping with PCI and SOX compliance. A couple years later I worked with the CISO to create eBay’s first security metrics program and in 2011 published a book on the subject with McGraw-Hill.
What areas of cybersecurity are you most passionate about?
I’m most interested in how executives make decisions about cyber security investments for their organizations and how security professionals can work effectively with engineering teams to develop products that are built with security in mind.
Which cybersecurity influencers influence you?
Outside of cybersecurity who else influences you?
What are going to be the key developments in the industry in the next 12 months?
There are three massive shifts that will impact cybersecurity in 2018. The first two have to do with the changing technology landscape, and the third has to do with data protection policy and enforcement.
DevOps – Web apps are becoming more complex, cloud apps are increasingly API driven, and code is being deployed faster and faster. Automated security tools can only do so much. Strong security talent is in high demand, and the market is demanding a way to deliver manual security testing in a cloud-based platform model.
IoT – Software in every appliance, building, and vehicle means that security needs to be there too. Security research and breaches will continue to demonstrate how vulnerable these “things” are unless proper security controls are implemented.
GDPR – European data protection legislation is going to be enforced this year, with organizations that don’t comply at risk of significant financial penalties.
If a brand wanted to work with you, what activities would you be most interested in collaborating on?
Podcasts, webinars, blogs, and whitepapers.
What would be the best way for a brand to contact you?
Direct email to firstname.lastname@example.org