Mentor people and help them to grow — when we hire people, we want to build a diverse team — different national origins, different races and sexes. It’s an amazing experience interacting with people and learning from them. We are all working toward the same vision, so everyone does their best to make the company successful. It’s partnership between our employees and our customers to make them successful.
The cybersecurity industry has become so essential and exciting. What is coming around the corner? What are the concerns we should keep an eye out for? How does one succeed in the cybersecurity industry? As a part of this interview series called “Wisdom From The Women Leading Cybersecurity Industry”, we had the pleasure of interviewing Aimei Wei.
Aimei Wei, Senior Vice President Engineering and Founder of Stellar Cyber, has over 20 years’ experience building successful products and leading teams in data networking and telecommunications. She has worked for both early-stage startups (including Nuera, SS8 Networks and Kineto Wireless), as well as well-established companies like Nortel, Ciena and Cisco, and she enjoys building a product from its initial design to its final launch. She has an M.S. in Computer Science from the Queen’s University in Kingston, Canada and an undergraduate degree in Computer Science from the Tsinghua University of China.
Thank you so much for doing this with us! Before we dig in, our readers would like to get to know you a bit. Can you tell us a bit about your backstory and how you grew up?
I grew up in a small town in western China. When I was young, I was interested in science and math. I got interested in computers as I entered college and it was a very new idea at the time.
Is there a particular book, film, or podcast that made a significant impact on you? Can you share a story or explain why it resonated with you so much?
One of the books that made an impact on me was Principals. One of the things I learned was that when there’s pain, there’s an opportunity for improvement. So you grow through pain. I also read books by people who became entrepreneurs later in life, so I learned that it’s never too late — you can start on your journey every time.
Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.
I always had a passion and desire to work in a startup while I was working at Cisco Systems. Now with my kids grown up, I saw my husband launch Aerohive Networks and I thought I should take my turn and try this myself.
Can you share a story about the funniest mistake you made when you were first starting? Can you tell us what lesson you learned from that?
I have learned along the way all the time. We named the company before we knew the business model, so we had to change the name. And in the beginning, we focused too much on saving money rather than on investing in productivity — giving people the right tools so they can be more productive. The time you lost through low productivity was more expensive than the money you saved.
Are you working on any exciting new projects now? How do you think that will help people?
Besides fulfilling features customers want, we try to solve problems they haven’t thought about yet. We try to balance between meeting customer requests and building a long-term platform that truly enables customers to be efficient and stay ahead of hackers, rather than always reacting.
Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry seems so exciting right now. What are the 3 things in particular that most excite you about the industry? Can you explain or give an example?
One thing is the move to the cloud and the changes in the IT environment — the attack surface is huge now, so cybersecurity becomes more important. In the old days everything was on paper, and it was hard to steal information but now everything’s online, so it’s much easier for hackers to make a huge impact. Also, you can’t use a single tool to solve this problem — you need a platform that covers every aspect of your environment, and you can’t do it with rule-based systems, you need AI and machine learning.
What are the 3 things that concern you about the Cybersecurity industry? Can you explain? What can be done to address those concerns?
There’s a shortage of cybersecurity expertise because demand has grown so much. Previously, only large companies were vulnerable, but now businesses of all sizes are vulnerable. There aren’t enough people to manage cybersecurity, and those that are managing it are overworked. Also, they are using siloed tools, and they can’t keep up with all of the alerts. Our platform uses automation to correlate alerts and reduce the number of security analysts needed or to make their jobs much easier and more rewarding.
Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for? Can you explain?
Traditional tools won’t prevent major hacks like the SolarWinds exploit. Our XDR platform can catch anomalous behaviors quickly so you can stop attacks sooner. For example, we correlate weak signals like someone logging in at a weird hour or a change to Active Directory and use AI to correlate those signals to alert you to an attack underway.
Can you share a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?
In many cases, security analysts aren’t aware of a breach until there’s something about it on a threat intelligence feed or in the public news. We have several customers who used our system to discover widespread breaches before they were even on those feeds or news, so it’s further proof that we alert customers to issues much more quickly than other systems.
What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?
We use our own Stellar Cyber platform to correlate and analyze data from a variety of tools and sources, including our own sensors. Together we can quickly discern any attack or attacker activity and shut it down.
As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a layperson can see or look for that might indicate that something might be amiss?
Well, people should watch for links or attached files they don’t recognize and not click on them. Also, they should watch for phishing attacks where they are asked to verify account information or their Social Security number. They should also use good security practices like strong passwords and multiple authentication factors, like logging in and having the site send you a verification code to enter as a secondary authentication.
After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?
First, organizations need to learn from their mistakes and vulnerabilities and address them. Second, each failing is a stark reminder that companies need a new approach to security since traditional means alone mean getting further and further behind in the battle with attackers. The old silo approach to security leaves too many gaps, creates too much work for security teams and takes too long to discern attack activity.
What are the most common data security and cybersecurity mistakes you have seen companies make? What are the essential steps that companies should take to avoid or correct those errors?
First, identify the gaps in understanding your attack surface and infrastructure.
Second, consider the quality and amount of security alerts — are they productive, or do they drag down the security team?
Third, determine if your various tools and security systems are collaborating to produce critical awareness, or do they essentially operate independently?
Let’s zoom out a bit and talk in broader terms. Are you currently satisfied with the status quo regarding women in STEM? If not, what specific changes do you think are needed to change the status quo?
We have improved a lot, but there’s still room to improve. I think we should start exposing girls to STEM earlier so they understand what the opportunities are. Computer science is a problem-solving skill that can be very interesting to young people, so the industry should encourage that.
What are the “myths” that you would like to dispel about working in the cybersecurity industry? Can you explain what you mean?
People think this is a male-dominated field, but a lot of women can be successful in this field because of their strong attention to detail. Because it’s a problem-solving environment — you’re like a detective, and it’s interesting. WOMCY and other organizations are helping women to build careers in cybersecurity.
Thank you for all of this. Here is the main question of our discussion. What are your “5 Leadership Lessons I Learned From My Experience as a Woman in Tech” and why? (Please share a story or example for each.)
- Lead by example.
- Hire people that have the same passion and motivation you have, and build relationships with employees so you work as a team.
- Be decisive — promote key principles and reinforce them through action. You have to balance between different needs, like building a new feature and implementing a broader vision — you have to balance according to available resources.
- Listen to people and their ideas, so you validate them and get insights you might not have thought about.
- Mentor people and help them to grow — when we hire people, we want to build a diverse team — different national origins, different races and sexes. It’s an amazing experience interacting with people and learning from them. We are all working toward the same vision, so everyone does their best to make the company successful. It’s partnership between our employees and our customers to make them successful.
We are very blessed that very prominent leaders read this column. Is there a person in the world, or in the US with whom you would like to have a private breakfast or lunch, and why? He or she might just see this if we tag them 🙂
It would probably be someone like Kevin Mitnick or another famous hacker, to learn how they think.
Thank you so much for these excellent stories and insights. We wish you continued success in your great work!