This month we continue our cybersecurity career spotlight series with Karolyn Maloney! Karolyn is the Vice President of Cyber Risk at Teladoc Health. In this role, she is responsible for understanding her organization’s top cybersecurity risks and determining how to reduce the impact or chances of those risks occurring. Karolyn has previously served as Head of Vulnerability Management, Identity and Access Management, Software Security, Data Protection, and Incident Response and has experience with Financial Services, Healthcare, and Retail organizations. As you can see, Karolyn has worked across industries and in various cybersecurity functions. What we love most about Karolyn is her passion for growing future leaders and mentoring those who are early in their career. She has also educated hundreds of students on staying safe online!

Thank you, Karolyn, for sharing your insights and for all you do to grow the cybersecurity community - especially with the next generation!

‍

1.  How did you get into cybersecurity?

My first job was in a rotational program, which allowed me to try different roles in technology. I had a rotation in Security Architecture, which is a function that plans and designs systems to be secure. I didn’t know much about security but the role was oriented toward program management, which I had skills in. Little did I know, this experience would unlock a passion for cybersecurity. The rest, as they say, is history.

‍

2.  Describe your current role and a day in the life at work for you.

My current role is focused on cyber risk management, which gives me the opportunity to look across cybersecurity and cyber-related areas to determine where there may be risk of bad things happening. I need to understand how risk is mitigated, which means to reduce the chances of the risk occurring or reduce the impact to the business if the risk occurs, and prioritize improvements. I enjoy the broad view across cybersecurity and getting to work with different teams to understand, treat, and monitor risk.

‍

3. You've worked in various cybersecurity roles, both technical (e.g., cybersecurity operations) and non-technical (e.g., cybersecurity risk management). What are the key differences and what advice do you have for those considering pivoting from one to the other?

It’s been a while since I have had my “hands on keyboard” with technical solutions. However, I’ve had many opportunities to lead technical teams – such as Security Operations, Vulnerability Management, and Application Security. I understand technical concepts and can do technical design; but, more importantly, I surround myself with great people with deep technical knowledge.

Early on, I thought often about the right career path for me. It helped to write down the things I enjoyed doing, and my list was aligned to leading and managing teams. So, I’ve focused on developing the skills to be successful in leading different functions.

It’s important to know that going down one path doesn’t mean you’re stuck there. Cybersecurity offers many types of roles and it is possible to change career pathways within the field.

‍

4.  You’ve also worked in different industries. What are the differences and similarities in cybersecurity that you see across industries (e.g., healthcare vs. financial services)?

I’ve worked in healthcare, retail, and financial services and, in my experience, all cybersecurity organizations have a common characteristic: security is critical to the success of the company. But, not all companies are equal from a cybersecurity perspective. Some are further along in their cybersecurity program than others, even within the same industry. And some industries, like financial services, have more scrutiny from government regulators. At the end of the day, a priority for all companies, in any industry, must be on the ability to monitor for, detect, and respond to potential cybersecurity threats to protect their business.

‍

5.   Finally, what advice do you have for those considering a career in cybersecurity?

Take the leap! As I mentioned, there are many different types of roles within cybersecurity, and we continue to see more cybersecurity jobs than there are qualified people to fill them – and that’s not changing in the near future.

Not quite convinced? Consider this:

- Do you enjoy writing? Great!  There are roles in cybersecurity to develop policy and procedure documentation, as well as writing security communications.

 - Are you program or project management oriented?  Most cybersecurity organizations need people to drive successful execution of security solutions.

 - Do you have more of an analytical mind?  Roles within cybersecurity operations focus on analyzing security events to determine if something bad is happening.

 - Are you a numbers whiz and love analyzing data?  Perfect. Security tools generate a lot of information, and cybersecurity teams need data scientists or analysts to help find cybersecurity threats that may be hiding in the environment.

 - Do you like a technical challenge where you have to find something that could be wrong?  Application security, adversarial testing (in other words, hacking for good!), or vulnerability management may be right for you.

These few examples show the variety of roles that you can find within cybersecurity. As you consider your own interests, take advantage of organizations, such as Project Cyber, that offer education, workshops, and mentorship to help you on your cybersecurity journey!

‍