Biggest Challenges Faced by a Head of Cybersecurity and Engineering at a Commercial Insurance Company
Malia's biggest challenge as Head of Cybersecurity & Engineering is securing adequate budget and resources, a common struggle in the underfunded cybersecurity field; this challenge motivates Malia's pursuit of an Executive MBA to better communicate the financial and reputational risks of insufficient cybersecurity investment to non-technical leaders, framing it as "money saving efforts" rather than solely technical concerns.
Executive Leadership, Communication, Financial Risk Management, Cybersecurity, Resource Allocation
Advizer Information
Name
Job Title
Company
Undergrad
Grad Programs
Majors
Industries
Job Functions
Traits
Malia Mason
Head of Cybersecurity & Engineering
Commercial Insurance Company
University of Pittsburgh class of 2011
EMBA UCLA class of 2023
International Relations & Affairs
Insurance
Product / Service / Software Development and Management
Disabled, Took Out Loans, Worked 20+ Hours in School, Veteran, LGBTQ, First Generation College Student
Video Highlights
1. Malia's biggest challenge is securing adequate budget and resources for cybersecurity, a common issue in the industry due to its understaffed and underfunded nature. This highlights the importance of understanding and communicating the financial and reputational risks of insufficient cybersecurity investments.
2. Her experience at Disney emphasizes the high-pressure nature of the field and the significant reputational consequences associated with security breaches. This underscores the career demands and stresses faced by cybersecurity professionals.
3. Malia's pursuit of an Executive MBA at UCLA to improve communication with non-technical executives demonstrates the importance of strong business and communication skills in cybersecurity leadership roles. This is crucial for effectively advocating for necessary resources and explaining the value of cybersecurity investments.
Transcript
What was your biggest challenge in your current role?
The economy is in flux, and cybersecurity in general has historically been understaffed and under-budgeted. That has been the biggest thing for me.
I would love to have the budget I had at Hulu, where it seemed like we had an infinite budget. Whatever I wanted, I got. That's a significant problem in the security industry: we always have to talk about ROI.
We aren't tied directly to sales or any revenue-generating process. However, we are tied directly to preventative controls, or the reputational damage and impact if a company suffers an attack.
I think about Disney; that was the most stressful job I ever had. Every day I thought, "What if Disney gets attacked while I'm here?" That would follow me throughout my entire career. Disney is such a huge, well-known brand that an attack would make news and spread like wildfire. That would be extremely stressful.
Companies need to think about that kind of scenario. That's why I'm currently getting my Executive MBA at UCLA: to figure out how to better communicate with non-technical executives and leaders. I want to explain the value of investing in cybersecurity, specifically regarding resources, tools, budget, and getting more headcount and support.
I aim to show how these investments are directly tied to saving money. This includes preventing future ransomware attacks, saving money on cybersecurity insurance, and avoiding reputational damage or data loss from attackers.
As I advance in my career, I'm trying to figure out how to better communicate not just the technical risks, but also the financial and reputational risks to non-technical leaders. I believe that's a challenge we all face in the cybersecurity industry, and it's something we're still discussing and struggling with today. That's the biggest challenge.