Everything depends on culture, and culture depends on people. Figure out how to evaluate and attract the best people. Leverage the team’s talent (they have great business ideas too!). Create growth opportunities for everyone
Get out of your team’s way. Your company is not about you. Your job is to get your team what they need to succeed
Live in the future! While your team tackles today, you should be thinking about what is next. Periodically, take the risk of updating the vision.
As a part of my series about “Lessons From Inspirational Women Leaders in Tech”, I had the pleasure of interviewing Justine Bone, CEO of cyber-security company MedSec, a vulnerability research and security solutions company focused on medical devices and healthcare systems.
Justine is a seasoned information technology and security executive with background in software security research, risk management, information security governance, and identity management. Her previous roles include Global Chief Information Security Officer at Dow Jones, a News Corporation company and publisher of the Wall Street Journal, Global Head of Information and Physical Security at Bloomberg L.P., CTO of Secured Worldwide, an NYC-based FinTech company, and CEO of security research firm Immunity Inc.
Justine began her career as a vulnerability researcher with Internet Security Systems (now IBM) X-Force and New Zealand’s Government Communications Security Bureau. She also has a background in the performing arts as an ex-dancer with the Royal New Zealand Ballet company.
Thank you so much for joining us in this interview series! Before we dive in, our readers would love to learn a bit more about you. Can you tell us a story about what brought you to this specific career path?
My path into the cybersecurity industry was a relatively lonely one, but to a certain extent, that was by design. When cybersecurity as a specialization went up on a noticeboard at my university, it was so new and interesting to me that I was tempted to take it down so it could be “mine” alone. I didn’t, but that helps explain a tendency to function as a lone wolf. This was three years after deciding to change careers from professional ballet to computer science — so I was certainly alone as the only artist of that kind anywhere near the comp sci labs.
Once I specialized in cybersecurity, I again chose the more unusual direction of focusing on computer offense, as opposed to what most perceive as the priority in security: defense. As I grew from the public to private sector, relocated from small-town New Zealand to New York City, and moved from serving large enterprises to entrepreneurship, the common thread has been an attraction to the path least taken and a certain confidence in acting alone.
Can you share a story about the funniest mistake you made when you were first starting? Can you tell us what lesson you learned from that?
Let’s talk about looking the part — something of a lost art in today’s super-casual tech-focused, remote workplace. There’s definitely something to be said for the old adage “dress for the job you want, not the job you have.” Coming from a background in professional theatre, this resonated with me. During my time at Bloomberg LP, I took this so seriously that I would be incredibly frustrated when I struggled to pull this huge effort together — dressing the part on top of the actual responsibilities of the job.
I will never forget one day I allowed myself to relax at the Bloomberg company picnic. It was hard not to — it was a huge weekend event for employees and their families, and a lot of fun. As we sat in the gardens my friend, an engineering project manager, made me a flower wreath and placed it on my head. Later, Bloomberg’s Global Head of Information and Physical Security (me) was introduced for the first time to the CEO’s wife. With flowers in her hair. I was mortified as I was definitely not looking the “part.”
Now, on reflection, I recognize the extra and usually unnecessary burden that many people — women in particular — face regarding dress codes. I hope that casual and remote workplaces help ease this burden. A pressure to “look the part” in specialized industries such as cybersecurity has also resulted in us turning away those that we need most — people with fresh skills and diverse profiles. Flowers in the hair might even be welcome at this point.
Can you tell us a story about the hard times that you faced when you first started your journey? Did you ever consider giving up? Where did you get the drive to continue even though things were so hard?
The hardest situations were definitely related to industry problems with diversity and inclusion. I am so glad we are talking about this now. Not only is it the right thing to do, but it’s also going to help the cybersecurity industry become more effective.
For me, within the day-to-day workplace, I am fortunate that these challenges have been minimal. My career thrived in large, fast-paced corporations that embraced transparency before transparency was a thing, and where executive leadership, for the most part, paid extremely close attention to company culture and inclusiveness. In later years, I had the opportunity to borrow from this, and set the tone for my own company culture — always with appreciation of the benefit that diversity brings.
The environments I had most challenges with were industry conferences and outside events. I remember being told by a peer in my industry “you only had that position at that company because you’re a woman.” This was deeply shocking and offensive, and I was rendered speechless, because I was so proud of the work I had done and the fact that I achieved it as a minority.
This adversity didn’t put me off, however — in fact, it fueled my drive to succeed. The haters need to be corrected, and the next generation of women behind me need to have an easier path, one where they can focus on their work just like their male peers, without such distractions such as being asked why they are there!
None of us are able to achieve success without some help along the way. Is there a particular person who you are grateful towards who helped get you to where you are? Can you share a story about that?
I am extremely grateful to my mentor and company CEO at Bloomberg LP and Dow Jones. Lex Fenwick is an absolute trailblazer when it comes to giving young people opportunities, fostering critical analysis, and addressing diversity head-on. The inclusiveness came with responsibilities — we all had plenty of chance to sink or swim. This in turn created a culture of creativity and innovation within very well-established companies.
Can you please give us your favorite “Life Lesson Quote”? Can you share how that was relevant to you in your life?
As a young girl studying ballet I went through a serious of intense examinations by the Royal Academy of Dancing — a prestigious U.K. organization who would send out extremely intimidating examiners, in front of whom you would perform. As young children we were exposed to intense scrutiny, judgement, and criticism, all in one 90-minute session.
As I tackled the understandable nerves leading up to these examinations, my mother would say to me “at the end of the day, all that really matters is that you tried your hardest.” This relieved a lot of pressure. I realized that my fear of failure could be tackled by knowing inside that I couldn’t give it any more than my very best shot, and as long as did that, I could be proud of myself no matter the outcome.
Learning this as a stress management technique was a good enough takeaway! However, in reflecting on the advice, I’ve realized it gives more than comfort. It also speaks to integrity and work ethic. If one “tries their best,” one can build the courage necessary to attempt something that others may not. That, in turn, gives the ability to take risks — something that has been very useful to me over the years. And finally, one cannot develop a better reputation for consistent success when it is based on a foundation of giving it your all.
We’d love to learn a bit about your company. What is the pain point that your company is helping to address?
MedSec is a medical device and healthcare cyber security company. We’ve committed to solving a vital problem — how to get healthcare providers, their regulators, and the medical device manufacturers that supply the providers to work together to protect patients from harm and hospital systems from attack. We strive to bring together all the required stakeholders to ensure the privacy and safety of the entire American healthcare system.
What do you think makes your company stand out? Can you share a story?
I could talk about our technology, MedScan — a hospital system for managing medical device cybersecurity — but instead I will highlight the people and company behind that platform.
From the beginning MedSec’s culture has been one of helpful disruption, because that is what we have needed in healthcare. Cybersecurity solutions that work well in other industries — banking, for example — do not work well in healthcare, because in healthcare we have additional responsibilities and requirements related to patient safety. Then layer onto that the basic human perspective that problems aren’t problems until something bad happens. This makes for some devastating scenarios that must be navigated with thought and sensitivity. You can’t tackle such sensitive issues with a technology-only or technology-first approach, it requires a communication-first approach.
MedSec is not in the business of selling tools, we are in the business of bringing stakeholders together. How do we do that? The diversity and empowerment internal to MedSec’s culture is reflected in our ability to participate holistically across our industry. We may have attracted the best and brightest experts in the medical device security industry, but they also know how to listen. And that’s the first thing we do with a client, we listen. We have some fairly aggressive, technology-first competitors out there, and we are beating them because we do something very simple: we listen first. Oh, and our technology is also great.
Are you working on any exciting new projects now? How do you think that will help people?
There is currently a growing momentum related to technology transparency that I am thrilled to be involved with. The initiative helps us understand what is inside a technology platform. An ingredients list, if you will, just like we can inform ourselves about what we eat. This is quite a challenge for many manufacturers, but it is the direction that regulators are taking to help us all understand and manage risk.
I am also excited to be working on emerging AI and its convergence with cybersecurity. AI is a new frontier for cybersecurity, presenting both capabilities and exposures.
What would you advise to another tech leader who initially went through years of successive growth, but has now reached a standstill? From your experience do you have any general advice about how to boost growth or sales and “restart their engines”?
A lot of technology company performance relates to who is helping the tech leader, and how they themselves are growing. Corporate boards may lack the diversity, and frankly the know-how, to help modern technology company leadership through such standstills, which is why diversity from the top down is so important.
In your specific industry what methods have you found to be most effective in order to find and attract the right customers? Can you share any stories or examples?
Unfortunately, in cybersecurity, a lot of resourcing is compliance-driven. Regulations and regulatory compliance are reactionary and at best present a minimum baseline to address security. To tackle resilience to modern day and continuously evolving threats, we must get ahead of a compliance-driven approach, but this takes vision and some risk taking on the part of security leadership. But when you can find them, those customers with such cybersecurity leadership are the best customers, because they are motivated to do more than simply check the compliance boxes.
Based on your experience, can you share 3 or 4 strategies to give your customers the best possible user experience and customer service?
Customers must be recognized as the centerpiece of an established company. Around this, everything flows. Well-maintained customer relationships bring customer retention. Unhappy customers are heard. Changing customer sentiment can be monitored. We pride ourselves on listening — with that knowledge, we can then evolve.
At scale, this becomes a data management project of significance. Applying machine learning to this allows us to execute even better. Customer service is the epicenter of an established company and a goal for small companies.
Unfortunately, in the cybersecurity industry, we experts traditionally put ourselves first. We hurry to explain the science of our discoveries, but this ego-centric and possibly arrogant approach is noticeable and may even contribute to some of the failures of our industry. Security can easily make systems unusable, and we are quick to lay blame on end users for security incidents. Cybersecurity companies that put the customer first, making customer service the most important unit within the organization, have proved themselves the winners over the years.
Here is the main question of our discussion. Based on your experience and success, what are the five most important things one should know in order to create a very successful tech company? Please share a story or an example for each.
- Perfection is not your friend.
- Technology is hard
- We must be agile, and we must move quickly to compete
- Take informed risks (and this from a cybersecurity expert!)
2. Everything depends on culture, and culture depends on people.
- Figure out how to evaluate and attract the best people
- Leverage the team’s talent (they have great business ideas too!)
- Create growth opportunities for everyone
3. Get out of your team’s way.
- Your company is not about you
- Your job is to get your team what they need to succeed
4. Develop and maintain a strong vision.
- A unique vision will require range
- Address ignorance head-on, especially your own
5. Stick to the vision.
- Repetitively communicate the vision
- Maintain a game plan for achieving the vision
- Minimize distractions from this execution
“Bonus” number six: live in the future! While your team tackles today, you should be thinking about what is next. Periodically, take the risk of updating the vision.
You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. 🙂
I would inspire consumer demand for cybersecurity. This extends well beyond privacy, which is unfortunately where people seem to stop paying attention. How many patients ask healthcare providers about the security of their medical devices? How many make decisions based on the answer? Same with automobiles, nuclear and water plants, your smart home, and beyond. If more people asked questions and acted on the answers, the resulting market influences would help raise standards.
(Regulatory requirements help raise standards, and violations help raise awareness, but at the end of the day, it’s end users and consumers who will be the game changers.)
Is there a person in the world, or in the U.S., with whom you would love to have a private breakfast or lunch with, and why? He or she might just see this if we tag them 🙂
Without a doubt Betsy Atkins, who broke the boardroom glass ceiling years ago. I just know I would have so much to learn from her, but she always (and rightly) says that you’ve got to bring something to the table when you ask for something, and I’m still fine-tuning what that thing is that I will bring.
Thank you so much for this. This was very inspirational, and we wish you only continued success!