As part of our series celebrating National Women's History Month, we've been interviewing women who are making a difference in the world of security. Earlier this month we spoke with CEO of Pondera International, Kristen Vanderame; Halvar Flake and Carrie Jung, who discussed their women-only reverse engineering competition and Stephanie Scheuermann of Ford Motor Company. Today, we sit down with Vice President of IT Security at URS Corporation, Karen Zwolski; who says that what drives her is the opportunity to make a difference and feel like she has contributed to the success of her company.
Want to learn more about Karen? The exclusive Q&A follows:
HB: Please introduce yourself and explain your role at your organization.
KZ: I am Karen Zwolski, Vice President, IT Security for URS Corporation. URS is a global company which provides engineering, construction and technical services in the areas of oil & gas, infrastructure, power and industrial projects for both private enterprises and governments. We have about 55,000 employees and locations throughout the world. I am responsible for guiding the company's development and implementation of security strategies.
HB: How did you get started in the field?
KZ: URS has not always had a dedicated cybersecurity team. Like many companies, security was just one of the many responsibilities of the IT staff. About ten years ago, various members of the IT staff recognized the need to focus more on security and made recommendations to management that we consider building a formal program. I had already spent many years working in various roles in technology and demonstrated a particular interest in security, so I was asked to draft a plan for launching a security program. I wrote the plan and then organized a workshop inviting IT managers from around the country to participate and hear my plan. It was well received, and I eventually started working full time in security and started the formal security program for URS.
HB: What interests you most about your career?
KZ: The opportunity to make a difference and feel like I have contributed to the success of the company.
HB: How would you recommend someone enter the field of cybersecurity?
KZ: It may sound trite, but hard work and education is key. You have to first build a strong foundation in information technology. Then read, read, and read some more! Educate yourself about the threats, try to identify the areas where there is the most need in terms of defense, and practice your trade (on your own time if necessary). Try to understand how you can help your company or any organization to mitigate risk and protect the business. Learn how to evangelize security and raise awareness for how you can help the business.
HB: Are there any special challenges associated with being a global company and dealing with cybersecurity issues?
KZ: Yes, there are. There are many different business drivers, cultures, regulations, and privacy laws that impact how you approach and manage security. Gaining trust among your peers and management that you recognize the differences and can adjust accordingly is an important factor in advancing security.