💡 Name: Jadee Hanson
💡 What she does: She’s the CIO and CISO at Code42.
💡 Noteworthy: As CIO and CISO at Code42, Jadee Hanson leads global risk and compliance, security operations, incident response, and insider threat monitoring and investigations. She brings more than 17 years of experience in information security and a proven track record of building security programs. Before Code42, Jadee held several senior leadership roles in the security department of Target Corporation.
Key Insights
⚡ The world of security is always changing. Technology is rapidly changing and evolving. And cloud security is following along. Jadee explains what this means for the security industry. She says, “For security practitioners, we’ve always had to be really good at being resilient and adaptable. So, in our world, things always change. Technology is changing, the risk landscape is changing, and threat actors change. And as the cloud has become more prevalent, we had to flex our resilient and adaptable muscles and learn something new. And I would argue that the fundamental controls that we need to have in place for the cloud really haven’t changed. What’s changed is the ‘how’; it’s the ‘how we meet those controls,’ and that’s it.”
⚡ Bad actors use cloud services as much as security practitioners. Bad actors are early adopters when it comes to cloud security. Jadee talks about this significant challenge for security practitioners. She says, “One thing that has really surprised me is that when you think of the cloud movement, there are so many features and functionalities within a cloud architecture. We know this as security practitioners, but bad actors also know this, and they know this very well. So I think my biggest surprise is to see bad actors and bad APT groups use cloud services, just like we do every day.”
⚡ Let your people be the heroes of the organization. When building security teams, it’s essential to let them be heroes and give them exciting opportunities to grow. Jadee explains, “I think it’s really all about the people. So my advice would be to find really great people who deliver quality work, continue to challenge them, and give them really interesting opportunities. It’s funny. Lots of security practitioners aren’t really motivated by tons of money. They’re motivated by interesting opportunities. I also think it’s really important that you don’t make them adversaries in the organization.”