Ann Barron-DiCamillo, Vice President, Cyber Threat Intelligence & Incident Response, American Express
Having spent time in both the public and private sector, Ann Barron-DiCamillo has a unique outlook on the way the greater cybersecurity community should work together. Currently serving as the Vice President of Cyber Threat Intelligence and Incident Response at American Express, she is busy finding the “low hanging fruit” in which the company can improve its cybersecurity posture as well as introducing new ways for analysts to automatic security processes. By getting rid of the easy stuff and making the harder stuff simple, she is allowing that fosters innovation allows for agility in addressing the fluidity in the cyber landscape. It’s something she learned during her time in government as director of the U.S. Computer Emergency Readiness team.
Can you talk about the biggest challenge you’ve faced in your career?
I think the biggest challenge I’ve faced is something that happens all too frequently across government, which was “to do more with less.” This crystallized during times like sequestration and other budget constraining events. But cyber operations didn’t decrease because of these events, so accomplishing the mission despite having reduced staff or budgets became an exercise in creativity. I had the privilege to work with some amazingly skilled cyber operators that were true patriots putting in the effort to get the job done despite these extenuating circumstances. We used the downtown normal network activity to creatively identify adversary activity – truly turning lemons into lemonade!
What would you say to young women who are thinking about a career in technology or related fields? What’s the best advice you could offer for success?
I always say embrace new work opportunities or experiences as they come to you – they might be quite outside of your ‘job duty’ but these are the kinds of events that can lead to a new and exciting career opportunities you hadn’t considered.
Also, I’d say get experience, exposure or knowledge in the five foundations to become an effective cyber analyst or operator:
- Computer basics, including how computers work to virtualization and networking
- Linux fundamentals
- Windows fundamentals
- Programming including Python, HTML, Java
- Security basics from buffer overflows to SQL injections to the basics of finding anomalous network activities
Starting with a Linux box and going from there can cover all of these areas, including spinning up a virtual Windows instance, and grow in skills and knowledge as you move out.
Why is it important to you to empower women and other minorities to join more technical and technology-related fields?
We have big issue in training effective candidates to fill the massive pipeline of needed positions in the cybersecurity space. Women are significantly under-represented in this space. If we can increase year-over-year the number of women getting into the field, we can begin to chip away at the scarcity of effective resources in our field. The women I’ve had the honor to work with in cybersecurity bring a unique and enriching perspective to the field. We need more diverse perspectives to continue to be effective with the changing landscape of cyber.
Photo by Lydia Kearney Carlis for C-Suite Pics