Women and non-males are in various important cybersecurity roles. They're writing secure code, they're researching malware, they're educating end users, they're studying in school, and sometimes they're in important government positions like my last subject, Heather Butler. Gwen Betts' job is a bit different. She approached me on Twitter, telling me how she's been enjoying my previous interviews and my other articles and blog posts on cybersecurity. She expressed an interest in being interviewed, but she wondered if I'd be interested, as her role isn't an obvious cybersecurity one. She leads Customer Experience at Komand, a startup. But I know almost as well as she does how the ways that customers interface with technology is a key information security area that absolutely cannot be ignored. It was an honour to interview her. Kim Crawley: So Gwen, please describe what you're currently doing professionally. Gwen Betts: Currently, I'm the Director of Customer Experience at a security orchestration startup called Komand. It's a fancy way of saying I head up both product design and marketing. The title itself is borrowed from the e-commerce world and centers on the concept that the entire brand experience should be intertwined and thought of holistically. I'm a huge proponent of alignment across the organization, whether that's product and marketing or security and everyone else. I try to distill CX (customer experience) concepts in what we're doing at Komand in both the product and how we communicate with our audience and customers. KC: I think that actually gives you an excellent perspective on cybersecurity matters. It reminds me of when I wrote about UX design-related security vulnerabilities. GB: I read that article, actually! I was excited that other people in the space were actually talking about UX in security measures. KC: In CX, do you often need to educate customers to be more security minded? GB: In the cybersecurity space, no. But outside the space, definitely. Even small things like passwords (stronger passwords, not sharing them, not reusing them, etc.) can make a huge difference, but many outside of security don't even think about it. They assume it's taken care of for them. People are generally receptive, and it's also about explaining the real risks, not fearmongering, you know? KC: Considering that UX and CX aren't often considered in cybersecurity, what are some security misconceptions you believe people often have? GB: The customers I work with now are security folks, so I think they get it quite a bit more. But a common misconception with many products is that security measures are just baked in. I think security folks are bit more skeptical of this, which is understandable and good, but the expectation now more than ever is that security is baked in. KC: How did you get into your industry? GB: I actually got into this space when I joined Komand. I was hire number two as the first designer. Our founder has been in security for quite some time, and she knew we needed a design-first approach. So, I came on board to design the product from the ground up with good UX in mind. Not only is security now an expectation, but so too is good design. Prior to Komand, I was always aware of cybersecurity and its broad influence on the work that I did in digital. I also realized how security isn't always taken into consideration outside of the security community. I felt like I had an interesting opportunity to bridge the gap between not just design and security but the broader UX community and security, as well. KC: What are some things you've learned about cybersecurity in your current role? GB: So, so much. First, the community is an impassioned group. There are a ton of great people just trying to help. When I started, I just wanted to learn as much as possible. I read lots of articles, books, SANS ebooks – you name it. I also went to meet-ups, grabbed coffee and struck up Twitter conversations just to learn more about people and what drove them. Second, it's incredibly complex. I know everyone says it, but there is no silver bullet when it comes to security. From a marketing perspective, we also need to be careful not to sell silver bullets. We have to be weary of fearmongering, too. Ultimately, it's about balance. KC: I think that's commendable. You've done a lot of self education. GB: Thanks! I'm trying. There's still so much more to learn, but I don't think I'll ever be done learning. That's part of the fun. KC: Does any particular matter stand out in your mind? GB: We need to stop blaming users for the things they do. In the design world, it's easy to say "user error," but maybe the error is actually on the product itself. Sure, there's education that employees or end users need, but if you look at the current state of social engineering, even your seasoned pros are falling victim. We definitely need to have empathy for those who fall prey. KC: Are women more common in your area than in usual cybersecurity positions? GB: No, shockingly. We're a small team now, but other organizations, marketing and UX teams for security products are still predominantly male, too. There are outliers, of course, but that's just what I see. KC: How do you think we can encourage more women in your area? How can information security benefit from more women in a variety of roles, including your customer-focused position? GB: That's such a loaded question with no easy answer. But I can think of a few things. First, we need to make the company culture one where women want to be and can succeed. As a woman in cybersecurity, I also feels it's my job to bring other women up with me. While not currently mentoring in security, I do mentor a handful of women designers and actively encourage them to come to the security space. In a way, it's a green field for designers that want to make an immediate impact. KC: That's excellent. Good for you! Is there anything else that you'd like to say? GB: People of every background use digital products, yet the predominant stereotype for security folks is "nerdy guy." If we bring in more women, more POC, and more diversity, we'll bring in different perspectives and create more inclusive products for everyone, including security measures and how we approach design and implementation of these measures. KC: It was great talking to you. Thank you, Gwen!
About the Author: Kim Crawley spent years working in general tier two consumer tech support, most of which as a representative of Windstream, a secondary American ISP. Malware-related tickets intrigued her, and her knowledge grew from fixing malware problems on thousands of client PCs. Her curiosity led her to research malware as a hobby, which grew into an interest in all things information security related. By 2011, she was already ghostwriting study material for the InfoSec Institute’s CISSP and CEH certification exam preparation programs. Ever since, she’s contributed articles on a variety of information security topics to CIO, CSO, Computerworld, SC Magazine, and 2600 Magazine. Her first solo developed PC game, Hackers Versus Banksters, had a successful Kickstarter and was featured at the Toronto Comic Arts Festival in May 2016. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.