Cybersecurity breaches, increasingly common at large organizations, are at best embarrassing and at worse, a dangerous breach of customer data and internal knowledge. This wide range and frequent nature of hacks is why the fairly recently-created role of a Chief Information Security Officer is growing more and more critical at businesses. One study found that the appointment of a CISO reduced the cost of a breach by $7 per record stolen.
Delta was one such large entity to recognize and address the threat. In 2017, the global airline added Debbie Wheeler as CISO to head up counter-hacking efforts.
Wheeler is a former financial services IT security leader for over two decades. Prior to Delta, she served as the CISO at Fifth Third Bank, Ally Financial and Freddie Mac.
“Delta is a company known for making investments to take care of its people and its customers. This really matters when you’re talking about the world I work in every day,” Wheeler explains.
Wheeler shared more about how her past experience prepared her for her role at Delta, how every day is a different challenge in the information security field, and what it’s like to be a woman in a male-dominated industry.
How did your experience in security in the financial space prepare you for this role at Delta?
The Financial Services industry tends to have a matured approach to information security due to the nature of threats experienced, and the relentlessness of attacks leveled at that sector. I spent 20 years working in information security roles in that sector — the experience enabled me to see a wide variety of threats, threat actors, technology and techniques used to thwart attacks, ways to remediate vulnerabilities and security teams; all of which have been invaluable in my career path.
Why was this position exciting to you?
Delta is a company known for making investments to take care of its people and its customers. This really matters when you’re talking about the world I work in every day. On top of that, my role at Delta provides an opportunity to experience a very different industry sector, yet apply my years of experience and knowledge in security to the challenges facing this sector. I’ve always been very attracted to roles that provide me with an opportunity to mature security organizations while learning new things — Delta gives me that opportunity.
What does your day-to-day look like? What departments and areas do you oversee?
Every day in security is unique; no two are alike as threats are constantly changing, the actors are constantly changing, and we’re challenged every day to keep up with the ways technology is being used by both our business as well as by threat actors.
I oversee security governance, risk and compliance; identity and access management; security architecture; threat monitoring and intelligence; security assurance — this includes vulnerability assessments, application security assessments, red/blue teaming, penetration testing, incident response and forensics. I indirectly oversee the network security engineering and security operations components.
What has been your experience as a women in a male-dominated industry? Have you ever experienced challenges because of this and how have you overcome them?
Like any career field, I have had both positive and negative experiences. I liken it to being a male nurse in a field typically dominated by women: you can be successful, because at the end of the day it comes down to how well you know your subject matter and how well you execute your role.
There will always be people of both genders that throw stones in your path. What I have learned is that if you want to succeed, you stick to it – you cannot let others, who may be narrow-minded or have preconceived ideas about the right role an individual should play, determine or pigeonhole you. You define who you are. You decide what you will and won’t do to pursue a career field you enjoy and are passionate about. Over time, others will adjust their thinking and hopefully be inspired by your passion and tenacity.