Women must lift one another up. I have a really strong group of mentors and champions, and when I think about the critical points in my career, each of those journeys was championed by a woman.
The cybersecurity industry has become so essential and exciting. What is coming around the corner? What are the concerns we should keep an eye out for? How does one succeed in the cybersecurity industry? As a part of this interview series called “Wisdom From The Women Leading The Cybersecurity Industry”, we had the pleasure of interviewing Jameeka Green Aaron, Chief Information Security Officer (CISO), responsible for the holistic security and compliance of Auth0’s platform, products, and corporate environment.
She is a recognized industry and brings 20 years of experience to the role, with a career that has spanned a wide variety of industries, including aerospace and defense, retail, and manufacturing, at both Fortune 100 and privately held companies — including Nike, Hurley, Lockheed Martin, and the U.S. Navy.
Jameeka lives in Irvine, CA, and enjoys traveling, and all things outdoors; hiking, snowboarding, and lounging on the beach. She is committed to advancing women and people of color in Science, Technology, Engineering, and Mathematics (STEM) fields and has participated in the U.S. State Department’s TechWomen program and the National Urban League of Young Professionals. She currently sits on the board of the California Women Veterans Leadership Council, is an advisor for U.C. Riverside Design Thinking Program, and is a member of Alpha Kappa Alpha Sorority, Inc.
Thank you so much for doing this with us! Before we dig in, our readers would like to get to know you a bit. Can you tell us a bit about your backstory and how you grew up?
I grew up in Northern California, with my older sister as my champion and co-conspirator, splitting my time between Sacramento and Stockton California, where most of my family still lives. I have always been a tinkerer, when I was about eight, my parents nicknamed me McGeyvor after I fixed our broken VCR. They shipped me off to STEM camp shortly thereafter because I began taking everything that I could get my hands on apart and putting it back together. Having a brilliant older sister made me incredibly competitive, and in many cases put me ahead of the game. I wanted to be just like her, and I worked hard to keep up. Looking back, and thinking about what shaped who I am today, my sister, whom I am incredibly close with, and being encouraged to be curious, are a large part of who I am today. My sister and I both have careers that are similar to who we were as children, she’s a teacher and I’m a technologist.
Is there a particular book, film, or podcast that made a significant impact on you? Can you share a story or explain why it resonated with you so much?
I just finished Untamed by Glennon Doyle. I wish that I had read it sooner, it’s phenomenal. The last year has been so trying, and there were some really difficult topics that were covered in a thoughtful way. Glennon’s journey of allyship, made me think about how I show up as an ally. Also, the way in which she discusses grief and loss, was really touching, and resonated with me deeply because we lost my father-in-law on Christmas Eve of 2020, it left me reeling, and searching for ways to help my husband. Ultimately, I’ve come to understand that grief is an individual journey that we all must undertake, and that while I can be supportive, I have to allow the process to continue on its own timeline.
Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.
Cybersecurity wasn’t really an industry when I entered into IT in 1998. I came into tech via the U.S. Navy in what is now a legacy rating called a Radioman (RM). I became a Radioman because I had a woman recruiter, her name is Eva Ellis, she was a Radioman, and she said I reminded her of herself, and that’s where it all began. We transitioned to Information Technology Specialist (IT) around 2000 and I began working on Naval Networks. The day I entered the Security Operations Center at NAVCOMTELSTA San Diego, I knew I’d found my place. I’ve been in cybersecurity ever since.
Can you share a story about the funniest mistake you made when you were first starting? Can you tell us what lesson you learned from that?
One of my first jobs in the Navy was routing messages. We didn’t have email yet, and we did this by hand. This meant managing a high-speed printer called the TT624. You had to stay on top of this because messages came in around the clock. I believed deeply that I could manage anything at 18 and decided that multitasking this job should be easy. It was not, and I ended up with thousands of sheets of paper all over the place. It was a disaster. I also crashed several computers while troubleshooting them, accidentally brought down the network while patching systems, and pretty much every wrong thing a young technologist could do wrong.
Are you working on any exciting new projects now? How do you think that will help people?
I think my current job is the most exciting job I’ve had. Identity. We still live in a world where who we are, is our currency, which is why identity theft is so pervasive. At Auth0, we are protecting identity, while also ensuring secure access. What’s exciting is that innovation, technology and security have progressed to a point where we can leverage who we are as a means of identification, via biometrics, which is amongst the most secure methods of identification. We are creating new ways to ensure “Secure Access for Everyone”, with Adaptive Authentication, Bot Detection, Password Breach notification, Passwordless registration and Social integration, to name a few.
Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry seems so exciting right now. What are the 3 things in particular that most excite you about the industry? Can you explain or give an example?
Customer Identity and Access Management (CIAM) is exciting because we’re moving at or near the speed of innovation, leveraging a multitude of capabilities in one product. These are three of my favorites; passwordless registration, the ability to enrich and leverage social profiles and progressive profiling that provides powerful insights to enhance customer experience.
What are the 3 things that concern you about the Cybersecurity industry? Can you explain? What can be done to address those concerns?
- Security is often still an afterthought, and it shouldn’t be. It needs to be woven into the fabric of innovation. It has to be embedded within product and engineering pipelines.
- Ransomware. I believe a part of the reason that hackers are so effective is that we don’t share enough information within the CISO community regarding the challenges we face, and how we resolve those challenges. Ransomware shouldn’t be as successful as it has been, but with little visibility into those incidents, we are blind on how to fix vulnerabilities.
- Fear of innovation. We can no longer do things the way we’ve always done them. Cloud and IoT are here to stay, so we have to protect those technologies.
Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for? Can you explain?
Threats don’t change very often, with the exception of cloud, they’ve been the same for a long time and include:
- Social engineering
- Critical vulnerabilities within third party software/ vendors
- Cloud computing vulnerabilities — We need to ensure that we have strong defenses protecting cloud environments end to end. From storage configurations to API’s to the users.
What has changed is our workforce, specifically how we work and where we work. Organizations everywhere went into overdrive during COVID to enable a remote workforce, and essentially keep the wheels on the bus to the best of their ability. Now it’s time to go back and take a look at the technologies we’ve implemented and work with partners and vendors to ensure compliance and secure implementation.
Can you share a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?
I can’t share any specific examples, but what I can say is that multi-factor authentication and adaptive authentication are amongst the best technologies available right now. Managing identity, access and credentials would have prevented 95% of the breaches that I’ve been a part of, which were successful because of credential theft, credential stuffing or social engineering.
What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?
- A password manager with breach notification. Most people use the same password across various platforms, when a hacker gets your username and password from a breach, they use it everywhere (credential stuffing). Password managers give strong passwords, without the need to remember passwords. Breach notifications let you know that your passwords are compromised and that you should change them.
- MFA. Adding an additional factor of authentication is incredibly effective in preventing unauthorized access. I use MFA every day!
- Biometrics. My cellphone is my most critical device. I use biometric authentication to access it quickly and securely 200x a day!
As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a layperson can see or look for that might indicate that something might be amiss?
- Social engineering is still the most effective way to compromise a user. Unsolicited notifications and emails asking you to do something (click a link, download a file, etc) is a red flag.
- Pay attention to emails from services that you actually use asking if you’ve accessed accounts from a location that you are not in. This may be a sign that your account is attempting to be accessed by an unauthorized person.
After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?
How a breach is handled and the after actions depends on what industry you are in. Here are few general guidelines;
- What happened?
Confirm there was a breach and whether your information or data was exposed, accessed or exfiltrated. Understand the source of the issue and use forensics to analyze traffic to determine the root cause of an event.
- What are you going to do about it?
Contain. It could be as simple as educating an employee who accidentally sent out sensitive data, or in the case of a large-scale security breach, containment of the compromised system or application that may be responsible for the breach is critical
Mitigate. Identify the vulnerabilities that caused the breach and remediate as quickly as possible.
Bring in a third-party partner that specializes in incident response, gap analysis and remediation.
- Who has been impacted?
Customers are often less interested in what got you into this situation in the first place. They care about what you’re doing to make it right. Communicating with as much transparency as possible is an important step in rebuilding trust.
What are the most common data security and cybersecurity mistakes you have seen companies make? What are the essential steps that companies should take to avoid or correct those errors?
We forget about the little things, and they cost us big time. Yes, there have been compromises and breaches that are incredibly sophisticated, but that happens after the attackers have checked the most common (and easiest) methods of gaining access.
- Change management is as important as hardening and patching systems. System updates and configuration changes often require administrators to reset various configurations upon completion. Forgetting to do this can leave the doors open for attacks.
- Not managing permissions and access properly. Preventing lateral movement can be critical in minimizing a breach. Ensuring that only authorized users have access is critical, which includes; managing credentials of termed employees, using privileged accounts and leveraging technology to manage users access.
- Not having a business continuity plan that’s an actual business continuity plan. Don’t just create a plan and never test it out. Create a plan that makes sense for the industry that you’re in and understand exactly what your tolerance is for outages and downtime.
Let’s zoom out a bit and talk in broader terms. Are you currently satisfied with the status quo regarding women in STEM? If not, what specific changes do you think are needed to change the status quo?
No. The reason for this can be cloaked in data and statistics, but my experience tells me that in this case, the data doesn’t tell the full story. According to the U.S. Census, women have made gains in STEM, however those gains were not as big in computer and engineering occupations, which made up the largest portion (80%) of the STEM workforce. Women represented only about a quarter of computer workers and 15% of those in engineering occupations. Why? Because the environment is unwelcoming to women and we lack representation at all levels of leadership. It is incredibly difficult to persist, when you don’t see anyone that you can identify with in your organization. I know this firsthand, in 23 years I have never worked for a Black CISO, and all of my success is attributed to the women CISO and CIOs that I worked with and for. Our industry has to check its biases at the door. The grass grows where we water it, and we have to ensure that we create environments that everyone can thrive and succeed in.
What are the “myths” that you would like to dispel about working in the cybersecurity industry? Can you explain what you mean?
I think the biggest myth is that cybersecurity professionals are inflexible and difficult to work with, which comes with the territory, but is largely inaccurate. Cyber professionals have one of the most difficult jobs in the world, and yes of course we can be intense. However, we also have the responsibility of being partners in innovation, we sit behind the scenes of nearly every technological innovation on the planet, protecting your data, transactions and privacy. It’s important work, and we do the worrying so the consumers don’t have to.
Thank you for all of this. Here is the main question of our discussion. What are your “5 Leadership Lessons I Learned From My Experience as a Woman in Tech” and why? (Please share a story or example for each.)
- Women must lift one another up. I have a really strong group of mentors and champions, and when I think about the critical points in my career, each of those journeys was championed by a woman. First working for a woman CISO and CIO at Lockheed Martin, then being hired as a director at Nike, to being referred to my current role. The women who believed in me and gave me an opportunity to grow and succeed are the reason that I am a CISO today.
- Progress means moving forward or onward. I recognized very early that my career journey is my own, and I could chart my own path if I chose to. I looked for every opportunity to grow and learn; stretch assignments, short-term projects, tiger teams and lateral moves. I gained experience by always being open to new opportunities, sometimes the opportunity was a promotion, other times it was a lateral move that was too great to pass up or more recently it was an opportunity to move near my family at a time when I needed to be close to home. Whether onward or forward, they’re all progress.
- Be willing to go, where the tech resides. I am a California native, and yes California is my favorite place to live, but I’ve always been open to relocating in the direction of my dreams. I moved my family three times in six years, Southern California to Silicon Valley in 2012, Silicon Valley to Portland Oregon in 2016 and Portland to Southern California in 2018. During those six years I progressed from manager to CIO, and then CISO a few years later. With each of my moves came a unique opportunity, not only for my career, but to build an incredible network of friends and open a world of opportunities that I would have never experienced.
- The Hard Things. There are still a lot of things happening in the world that are unfair at best and absolutely ridiculous, if I’m being honest. The notion that women are not as good in STEM careers as men are, is in the ridiculous category. We have not done enough to bring nor keep talented women in the pipeline. In many cases it’s been the opposite, we’ve been driven out. While it’s incredibly challenging to thrive in a space where you know that you aren’t accepted, I believe in leaving when I am ready to go. When faced with the hard things, I get laser focused on the work and I rely on my Tribe to lift me up and keep me encouraged. It doesn’t make the hard things easier, but it does make them conquerable.
- Trust Yourself. Until recently, my resume came off as eclectic, this was intentional. It appeared that my plans for being well rounded were misunderstood, and yet I did not waver. My background is cybersecurity and Information Technology in the Military, Aerospace and Defense, Apparel, Retail, Manufacturing and now IDAAS/CIAM. My curiosity and propensity for learning and growing has taken me through various industries, none of them were an accident. I knew that each role, at each company, was an opportunity to expand and grow my knowledge. My cross-industry knowledge has become my secret weapon, I am a well-rounded CISO and CIO.
We are very blessed that very prominent leaders read this column. Is there a person in the world, or in the US with whom you would like to have a private breakfast or lunch, and why? He or she might just see this if we tag them 🙂
This is a hard question. There are tons of people that I’d like to meet and have a conversation with. Today I think it’s Kamala Harris. As a Northern California native, it’s been exciting to see someone who I’ve always known of and followed closely become Vice President of the United States. I don’t think I thought I would see this happen in my lifetime, I am incredibly proud. Especially because I understand all too well the fine line that Black Women must walk to be palatable to society. She’s done it and it’s thrilling to watch.
Thank you so much for these excellent stories and insights. We wish you continued success in your great work!