Like many others we have observed first hand the positive changes in the cybersecurity community being enabled by Mari Galloway. In this OODAcast we look beyond those changes to find out what makes her tick, revealing lessons applicable to professionals in any stage of their career.
Mari is the CEO and a founding board member for the Women’s Society of Cyberjutsu (WSC), one of the fastest growing 501c3 non-profit cybersecurity communities. WSC is dedicated to bringing more women and girls to cyber and does so by providing its members with the resources and support required to enter and advance as a cybersecurity professional.
Mari is a practitioner herself with an academic background in technology, multiple certifications, and, more importantly, years of direct hands on experience in mitigating risk and enabling the smooth functioning of enterprise operations.
She began her cyber career with Accenture where she excelled as a Network Engineer, and also worked at several government agencies, in the casino industry, and now in the cybersecurity platform community. Her experience spans network design and security architecture, risk assessments, vulnerability management, incident response and policy development.
Mari is also the inaugural ISC2 Diversity Award winner for 2019.
In this OODAcast we discuss:
The Women’s Society of Cyberjutsu and how businesses and individuals can get involved. We also discuss the niche of technical hands-on experiences that WSC focuses on.
The Wicked6 Cybergames eSports event during Blackhat and Def Con, which turned cybersecurity into a spectator sport.
Her background and how she seeks to find balance between academic training (which she continues), training/certifications (which she pursues with vigor). This discussion brings out a character trait that also applies across her work and leadership of WSC, persistence.
The foundational story behind WSC. The society was started out of a need for more hands on training. The fist workshop was a fast track to linux mastery session. Other workshops followed, including sessions on reverse engineering. WSC has now expanded nationwide as a community and offers a wide range of courses including sessions that help young girls learn and grow and also help those who already have a career.
As an example, she mentions Recorded Future was just brought on as a sponsor, which lets them support the cause and also gives them exposure to great upcoming talent.
Mari’s approach to leadership and decision-making (her approach at WSC and as a practitioner is a collegial one, but focused on results and benefits to others).
Her view of the cyber threat today and in the near future (which includes more of the social engineering and phishing threats that play to our emotions). Ransomware and insider threats are also still growing.
Organizations in competitive environments should continually look for ways to gain advantage over their competitors. The ability of a business to learn and translate that learning into action, at speeds faster than others, is one of the most important competitive advantages you can have. This fact of business life is why the model of success in Air to Air combat articulated by former Air Force fighter pilot John Boyd, the Observe – Orient – Decide – Act (OODA) decision loop, is so relevant in business decision-making today.
In this business model, decisions are based on observations of dynamic situations tempered with business context to drive decisions and actions. These actions should change the situation meaning new observations and new decisions and actions will follow. This all underscores the need for a good corporate intelligence program. See: A Practitioner’s View of Corporate Intelligence
This post dives into actionable recommendation on ways to optimize a corporate intelligence effort. It is based on a career serving large scale analytical efforts in the US Intelligence Community and in applying principles of intelligence in corporate America. See: Optimizing Corporate Intelligence
Cognitive Bias and the errors in judgement they produce are seen in every aspect of human decision-making, including in the business world. Companies that have a better understanding of these cognitive biases can optimize decision making at all levels of the organization, leading to better performance in the market. Companies that ignore the impact these biases have on corporate decision-making put themselves at unnecessary risk. This post by OODA Co-Founder Bob Gourley provides personal insights into key biases as well as mitigation strategies you can put in place right now. See: An Executive’s Guide To Cognitive Bias in Decision Making
We strongly encourage every company, large or small, to set aside dedicated time to focus on ways to improve your ability to understand the nature of the significantly changed risk environment we are all operating in today, and then assess how your organizational thinking should change. As an aid to assessing your corporate sensemaking abilities, this post summarizes OODA’s research and analysis into optimizing corporate intelligence for the modern age. See: OODA On Corporate Intelligence In The New Age
This post discusses standards in intelligence, a topic that can improve the quality of all corporate intelligence efforts and do so while reducing ambiguity in the information used to drive decisions and enhancing the ability of corporations to defend their most critical information. See: Useful Standards For Corporate Intelligence
Broadly speaking, a weapon is anything that provides an advantage over an adversary. In this context, data is, and always has been, a weapon. This post, part of our Intelligent Enterprise series, focuses on how to take more proactive action in use of data as a weapon. See: Data is a Weapon
Fine Tuning Your Falsehood Detector: Time to update the models you use to screen for deception, dishonesty, corruption, fraud and falsity
The best business leaders are good at spotting falsehoods. Some joke and say the have a “bullshit detector”, but that humorous description does not do service to the way great leaders detect falsehoods. Bullshit is easy to detect. You see it and smell it and if you step in it it is your own fault. In the modern world falsehoods are far more nuanced. Now more than ever, business and government leaders need to ensure their mental models for detecting falsehood are operating in peak condition. For more see: Fine Tuning Your Falsehood Detector: Time to update the models you use to screen for deception, dishonesty, corruption, fraud and falsity