Did you enjoy school?
Yes and no. I enjoyed it when it was engaging, as I think many people do. Particularly when I was in college. When I began the coursework that was directly related to my major, I really began to blossom as a student and as a lifelong learner.
What qualifications do you have?
I attended community college in San Diego while I was serving in the Navy, I also certified CompTIA A+, Network + and MCSA. After community college I transferred and obtained my BSc in Information Technology from the University of Massachusetts at Lowell, and I earned my CISSP in 2009.
Has your career path been a smooth transition, a rocky road or a combination of both?
It’s been a little of both. Until recently, you could say that my career path and resume have been somewhat eclectic – but this was completely deliberate.
When I was starting out, the cybersecurity industry wasn’t really an industry. During my time in the US Navy, I first came into contact with technology as a career option in a rating called a Radioman (RM), which is now a legacy rating. Early in my naval career we were renamed Information Technology Specialist (IT). From there, my cybersecurity and IT experience developed across roles spanning the military, aerospace and defence, apparel, retail, manufacturing, and now IDaaS/CIAM.
To some, my curiosity and propensity for learning, and my plans for being well-rounded were often misunderstood. However, I knew that each role, at each company, was an opportunity to expand and grow my knowledge. I liked working in the military, and I like sneakers, and I like the community and innovations driven culture at Auth0. Today, I can say that my cross-industry knowledge has become my secret weapon, and I am now a versatile and adaptable security leader. I’m a modern CISO.
What is the best career advice you can give to others?
I would tell them that their career path is unique and can be whatever they make it. When you seize every opportunity possible to grow and learn, progress can be achieved in many ways other than simply receiving a promotion.
I’m especially passionate about guiding women to develop successful careers in the security industry. It’s still very male-dominated, and we urgently need more women in board-level and executive positions. I would recommend finding a strong mentor – or group of mentors – to support any woman navigating the critical points in her career. For me, it helped greatly to surround myself with a similar group of mentors and champions that I could lean on, and who provided solid opportunities to grow and succeed.
If you had to pick one mentor that had the biggest influence on you, who would it be?
Among my first bosses was a woman Chief Petty Officer, Chief Wheeler, who did her job with such grace and professionalism, that I believed this was the norm. Fast forward eight years, as I was being pinned by Chief Wheeler, as the solo woman, youngest and most junior in the group of 13 new Chiefs, I came to realise the magnitude of how much Chief Wheeler has impressed upon me. She had been very much a north star for my own career to that point and as I transitioned into industry, I realised that I would have to figure out this journey by myself, as there weren’t many other women here.
And to be honest, I’ve been inspired and influenced by nearly every leader I’ve had along the way. Good, bad or somewhere in between, we are heavily influenced by those who lead us. It is our own character that ultimately guides what kind of leaders we will eventually become.
From where do you draw inspiration?
Everywhere. I draw a lot of inspiration from people who march to the beat of their own drum. There’s something so spectacular and special about people who know where they are going, even if the rest of us can’t see it.
What is the biggest challenge you have faced to date?
As a woman of colour, I face many challenges and biases. I am continually asked to solve problems that I didn’t create, which is incredibly frustrating. I had to shift the focus many times from what people think of me to what they think of my work. Sometimes the conversations are hard, but people are listening and you have to be honest, and this is no easy task. I have had to find the courage to go on, even when I was heartbroken.
I try to remain focused on the work and rely on the support of my friends and family – or as I affectionately call them, my tribe – to keep me encouraged. This also includes a strong group of both mentors and champions, and in the critical points of my career, many of those journeys were championed by the presence of and sponsorship of women.
I’ve spent many years trying to break down barriers and creating a more welcoming and inclusive environment for other women in the STEM workforce. I have a strong commitment to equality, and have worked with various organisations that serve to uplift underserved communities.
From a work viewpoint what has the last 12 months been like?
The last year was arguably one of the most challenging times in security due to the pandemic and subsequent rapid technology adoption — from remote work to an acceleration of digital transformation.
I joined Auth0 a year ago, and I can honestly say that it has provided me with the most exciting job I’ve had so far. We live in a world where who we are is truly our currency, and that’s why identity has become such an important and fast moving space.
Auth0 protects digital identities across many sectors, without limiting convenient access to services, infringing on privacy, or compromising security. That’s exciting because innovation, technology, and security have all progressed to a point where we are creating new ways to ensure ‘Secure Access for Everyone’ – whether that’s adaptive authentication, bot Detection, password breach notification, passwordless registration, or social integration. The possibilities are endless.
Just two months into my role as CISO, Auth0 was acquired by Okta, and together we are creating the future of digital identity. This is one the most inspiring times in my career, and moving at the speed of innovation will be pivotal to that future. My team which includes, compliance, detection and response, and privacy, will need to move at a rapid pace to ensure our technologies enter the marketplace seamlessly and more importantly, securely.
What would you say are the biggest tech-based challenges we face today?
An ongoing challenge is that for many organisations, security is still seen as an afterthought. This leads to all sorts of issues and can mean that these organisations are not implementing the right technologies to successfully fend against attacks.
This is especially true for the public sector, given the large portfolio of online login processes the public undergoes when interacting with government organisations from local councils to healthcare to education. Understandably, transformation is relatively slow, but the sector has a responsibility to move towards streamlined and secure login experiences for citizens, and identity must play a central role.
Ransomware is another area that concerns me. I believe a part of the reason that cybercriminals are so effective is that we don’t share enough information within the CISO community regarding the challenges we face, and how we resolve those challenges. Ransomware shouldn’t be as successful as it has been, but with little visibility into those incidents, we are blind on how to fix vulnerabilities.
Lastly, I believe more attention needs to be given to “As a Service” solutions. This way, organisations can take time to understand what their team does well, and leverage software, infrastructure, or identity as a service, which is not only a good investment, but a decision that will move business forward at the speed of innovation. By finding the gaps and deploying collaborative solutions and partnerships to plug them, security teams will be freed up to focus on what they actually do well.
Give us a fact about you that most other people wouldn’t know.
I have wanderlust, and I travel often. When I’m not in the office, or even when I am in the office, because we are hybrid, I’m at the airport, heading to my next adventure. So much so, the Auth0 team has unofficially named me the ‘Carmen Sandiego’ of the group.