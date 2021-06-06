Be true to yourself. When you bring your whole self to work, you bring your whole strengths as well. I am great at multitasking, and at work that is a wonderful skill to manage fire drills, switch context, and juggle multiple things as the same time.

As a part of my series called “Wisdom From The Women Leading The Cybersecurity Industry”, I had the pleasure of interviewing Pooja Kohli, VP, Product Management.

A product management leader with over 15 years of experience in the enterprise cloud, SaaS and AI/ML security space, Kohli is responsible for GTM, strategy, vision, positioning and execution for AI and ML based BlackBerry Unified Endpoint Security products around User Behavior and Analytics. Her day to day responsibilities include internal executive stakeholder management and alignment, portfolio wide prioritization, ensuring market fit through customer engagements, roadmap definition and execution. She leads a portfolio of products around secure communications used by top Fortune 100 companies for access to sensitive information within the company.

Thank you so much for doing this with us! Before we dig in, our readers would like to get to know you a bit. Can you tell us a bit about your backstory and how you grew up?

I grew up in Delhi, India. I am the older of two siblings and my dad is an engineer and my mom stayed at home. My family’s values have always been around strong education for all. As a young girl I was fascinated with science and math in everyday life. I ended up choosing Engineering in Comp Science as my college major and came to United States to pursue my Master’s in the field.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

I have become more passionate about security over time. In the last decade the explosion of cyber information has been prolific and observing how little folks understand the implications of lack of security measures has instilled a higher sense of motivation in me to make the world a safer place for us to interact in.

Are you working on any exciting new projects now? How do you think that will help people?

At BlackBerry we are always looking at how we can use AI in new and exciting ways to detect and respond to ever evolving cybersecurity threats. Cyberattacks are becoming very sophisticated, and the future belongs to the era of AI automatically stepping in and predicting and detecting potential threats to stop them from spreading. For instance, we are analyzing human and machine behavior using unsupervised AI models to know when accounts or endpoints are compromised. We are combining those signals with network-based behavior and models to detect that a threat might be moving to other parts in the organization as part of an ongoing attack. There are numerous ways to apply this kind of technology. We can use this to stop financial fraud, detect a botnet attack against a company or even detect nation sponsored attacks early on.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry seems so exciting right now. What are the 3 things in particular that most excite you about the industry? Can you explain or give an example?

The maturity of the use of AI is definitely at the top of the list for me. With the right models, training and technology we can stay one step ahead of the cyberattacks. With AI we can combine multiple signals with ease and with scale to stop threats earlier on. In the future, AI will be used to create this new breed of self-learning cyber defense products that predict and stop new attacks before they happen.

Another thing I am excited about solving is the mobile side. With all of us now using a smartphone, and with the advent of 5G, mobile is quickly turning into a blind spot for many companies. With more of our personal, enterprise and confidential information residing and being accessible on phones, and with several potential attack vectors on the phone, it is imperative for the cybersecurity world to pay more attention for solutions for mobile.

Another trend I am excited about is on the user side. All of our everyday controls are pretty outdated today. Techniques like passwords, MFA are being compromised every single day and only provide point in transaction protection. Using users as their own currency for authentication and protections is much harder to break and is continuous in its protection. We all have a unique footprint when it comes to usage and interactions online. Using those instead of static passwords which can be hacked and phished is something that I expect to see more of. This concept can be extended easily beyond users to machines and IoT endpoints and provide continuous behavior and protection besides the one-time protections that passwords and MFAs provide.

What are the 3 things that concern you about the Cybersecurity industry? Can you explain? What can be done to address those concerns?

Our world today is increasingly online and in turn sensitive company and individual data is also more readily placed, found and accessed online. Almost everything around us is connected. Hyperconnectivity presents for greater opportunities for threat actors to gain access to systems and gain information than ever before.

Cybersecurity skillsets are lacking from where they need to be. With every company and every person now being a target for a breach or attack, there just isn’t enough skilled folks to be on the defense everywhere. Having more awareness, appropriate and increased skill training will help. Lots of companies are offering outsourced security expertise. These managed security solutions can be a stop gap while companies ramp up on the hiring and training front.

Security Hygiene is also something I worry about. Many companies and products still don’t think about end-to-end security from the beginning. As a result, we are often playing catch up to security threats everywhere.

As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a layperson can see or look for that might indicate that something might be amiss?

There are several indicators of compromise we can be on the lookout for. Increased phishing attacks via emails or SMS from unknown senders to employees in the companies is a telltale sign. Many attacks start with a phishing attempt. There are several tools that can be implemented in the company to detect phishing. Looking at multiple failed login attempts across the company’s infrastructure is another indicator, that something like a botnet attack might be in process which is just trying several credentials to break into the systems. Also, looking at increased network activity especially to certain IPs and ports which are not known previously or outside the company.

If you have a good AV tool, and see an increase in activity across endpoints over several days/weeks/months, it will also warrant a deeper investigation.

In general, understanding the attack chain and looking for indicators of compromise over time and endpoints to show patterns is a good way to go about detecting whether something is amiss.

After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?

Quick response and remediation are key to control damage across the company’s health, data and brand.

The first step is to prevent the attack from spreading. Quarantining the systems, taking down network access, blocking affected users are all immediate actions that should be taken. This should immediately be followed by further analysis on the extent and source of the breach. If the breach was successful, there should be analysis on what data was exfiltrated and the implications followed by alerting the impacted users or organizations whose data might be affected to take further security actions. Bolstering the company’s security stance with good cybersecurity tools to put safeguards in place is something every company should be doing as a regular exercise.

Let’s zoom out a bit and talk in broader terms. Are you currently satisfied with the status quo regarding women in STEM? If not, what specific changes do you think are needed to change the status quo?

There is definitely room for improvement. Some things we can do are — encourage girls at young age to be interested in science and math along with having representation and strong role models for girls to see in their day to day lives. Companies across the board are striving for more diversity, especially at leadership levels and this will no doubt help with the retention of women in the industry as they will see viable growth paths for themselves. Establishing explicit mentorship and sponsorships programs for the advancement of women in areas of science and technology is another initiative that I could see making a big impact. There has been progress, but as an industry we still have a long way to go.

Thank you for all of this. Here is the main question of our discussion. What are your “5 Leadership Lessons I Learned From My Experience as a Woman in Tech” and why? (Please share a story or example for each.)

Take your seat and be your own advocate. Women often don’t raise their hands for opportunities or take credit for the work they do. Be heard by strongly voicing your opinions and be present at key decision making opportunities. I also encourage women to be more vocal about their accomplishments and ask for opportunities as opposed to waiting for them. I remember early in my career often not speaking up in meetings or proposing new ideas, thinking it is a silly idea or too obvious, only to painfully find those comments came back in later stages of the project as things we missed or had to address. Be true to yourself. When you bring your whole self to work, you bring your whole strengths as well. I am great at multitasking, and at work that is a wonderful skill to manage fire drills, switch context, and juggle multiple things as the same time.

We are very blessed that very prominent leaders read this column. Is there a person in the world, or in the US with whom you would like to have a private breakfast or lunch, and why? He or she might just see this if we tag them ☺

I would love to meet Michele Obama sometime. I see her as an agent of change and a great role model for women.

Thank you so much for these excellent stories and insights. We wish you continued success in your great work!