Embracing Challenges: Featuring the Perspectives of Symantec Women in APJ – Part One

Achieving global gender equality depends on the empowerment of women. Only when we are willing to systematically address attitudes, laws, and policies will we start to see tangible change. As a global company, Symantec has a profound opportunity to lead the charge toward global gender equality and further women’s empowerment in all aspects of our organization – from our employees to our customers to the countless communities we are involved in. Together we will empower women across the globe. 

Tapping into the knowledge and expertise of current female leaders will help carve a new path for women everywhere. With this in mind, we’ve asked some of Symantec’s incredible women leaders in the APJ region two questions: 

  • What advice would you offer your younger self?
  • What do you see as the biggest opportunities and challenges for young women today?  

We think that women all over the world – and people of all genders – will find their answers insightful and inspiring. This is part one of a three-part series. 

Sally Robson – Senior Manager, Information Security, Australia
My advice to my younger self would be to embrace challenges, and intentionally take on things that I would instinctively shy away from. I have learned that whatever the outcome, so much can be gained from pushing myself beyond my comfort zone – uncovering strengths, exposing my vulnerabilities, and perhaps even shining a light on opportunities I would have never considered. For me, when my mind says, “No, don’t even consider it”, I say “yes”, because this is the only way I have been able to truly grow and develop deep insight into who I am. 

I have learned that whatever the outcome, so much can be gained from pushing myself beyond my comfort zone.

Young women today have lots of exciting opportunities. Children are exposed to fields such as STEM from a young age, participation regardless of gender is normalized, and career pathways are gender neutral. Finding a network of like-minded individuals has never been easier with our connectedness through social media. Industry associations and a variety of networking, support, and resource groups are key to supporting anyone (of any gender) on their professional or personal journeys. Finding a mentor, sponsor, or someone who you can bounce ideas off can help you to navigate challenges and see opportunities that you might miss.  

People always talk about maintaining a healthy work-life balance, but personally I find this concept rarely achievable. As a mother, it has taken me a long time to identify and focus on what is vitally important to me, and carving out time to nurture and grow these things is always a work in progress. For women – and I speak from experience as a mother – it can be challenging to balance a career and personal life. There is considerable pressure to keep on top of everything, to keep it together even when you feel like you are drowning. Too often, the things that are truly important are overshadowed or de-prioritized by work demands. 

The important things can also play second fiddle to what you think is expected of you, or what you expect of yourself. My advice is to sit down and work out what your priorities are, learn to set boundaries between work and your personal life, and discuss what they are to your manager and peers. And, where possible, find out and leverage any support structures that are in place at work (i.e., flexible work arrangements) to give you and your family the best opportunity to find a balance. 

Debbie Sassine – Senior Manager Enterprise Marketing, Australia
When I finished up university and first entered the corporate world, I knew I was different. I grew up in a low socio-economic area on the outskirts of Western Sydney in a migrant Lebanese family. I was certainly not a clone of my manager or my work colleagues, and I would often hold back on ideas or suggestions because I felt they weren’t good enough or too different from the status quo. To my younger self, I would say don’t hold back – different is good and your perspective matters. Speak up and don’t just lean in, but step in whole heartedly. Over the years, I learned that having a different perspective meant that as a business we could solve problems faster and reach better conclusions. For me personally, it meant career progression, respect and trust by peers, and a pathway for a better future. 

Over the years, I learned that having a different perspective meant that as a business we could solve problems faster and reach better conclusions.

I see tremendous opportunities for young women in the workforce today. When I entered university some twenty years ago, my building block did not have a female restroom. My first job in a corporate office did not offer a breastfeeding room, and when I had my first child, almost seventeen years ago, my manager at the time told me that I wouldn’t need a promotion anymore because I was going on maternity leave. I’m pleased to say things have changed for the better since then and women are now more enabled to balance and juggle the workload of having a career and family. It’s not perfect but I think there is certainly a heightened awareness and much more corporate investment in ensuring the same opportunities are offered to all individuals regardless of their race, gender, religion, and sexual orientation.  

Technology has presented women with more opportunities in remarkable ways. For example, having the ability to meet via WebEx means people can work from home and with flexible hours, not just to raise children but also to keep up with the demands of life outside of work. This has enabled women to stay in the workforce for longer and to not pause their careers while they care for their families. 

The challenge for young women today – and in fact for all of us – is ensuring we have enough fuel in the tank to keep us engaged in the workforce for the long haul. Whether it’s sporting commitments, caring for someone you love, illness, or pursuing a lifetime passion, we are pushing the boundaries of what we can do in one day and one lifetime. Don’t underestimate the importance of caring for yourself – physically, mentally and spiritually – so when the time comes to give more, you’ve got fuel in the tank to be your best self!

Stay tuned for part two and three of our Symantec Women in APJ series in the coming weeks. 

About the Author

Anastasia Kiteri

HR Manager, Australia & New Zealand

With over ten years experience in HR, I offer the depth of generalist HR and Consulting experience necessary to successfully partner with my clients to offer sound professional advice and support.

Tuning DLP for Success

When deploying Data Loss Prevention, so much depends on a strong start. 

Crafting the right policies early on creates business confidence in the tool and builds momentum for your data protection program.

I’ve now used DLP over several years – both at Symantec and prior to that for Symantec clients. In this blog post, I want to share some tips on how to get off the mark in a way that inspires confidence and outline some unconventional use cases.

Build business confidence

Strong business engagement is the foundation of a successful data protection program.

Any new program should start with the business units most highly-engaged in the security program, with policies co-designed to protect their most valuable data.

An issue that commonly arises during early phases of DLP deployments is writing too many or overly broad rules before your program has reached maturity. Once you’re aware of the power and possibilities of the platform, it’s only natural to want to make as much use of it as possible.

You have to resist that temptation.

What you don’t want is a volume of alerts and false positives too large to effectively manage. The risk is that the noise erodes business confidence in the effectiveness of the program.

Once you’re aware of the power and possibilities of the platform, it’s only natural to want to make as much use of it as possible.

In the initial phases of deployment, I have typically focused our efforts on creating polices in two areas: (i) data that needed to be protected due to legal and regulatory requirements, such as credit card and social security numbers, and (ii) intellectual property, such as source code. It takes some discipline to keep other minor use cases – often demanded by other teams – at bay while you get these basics sorted. As a starting point, leverage your organization’s existing data classification standard to understand what the business considers the most important categories of data to be protected.

Another key to building confidence in your DLP deployment is to establish at the outset the right resourcing and processes to triage and respond to alerts.  We discuss this in more detail later in this post.

It’s also worth spending time to develop your reporting framework upfront. Your reporting needs to continually demonstrate the value of the program. Think beyond reporting the number of data incidents detected or prevented, which is what the tool will natively deliver you. Focus on outcomes – how has DLP driven changes and improvements to business processes? That’s what your peers and executives want to hear.

Tune Continuously

When starting out, using simple keyword matching policies can generate value quickly. From that point you can look to features like Exact Data Matching and Indexed Document Matching to help limit the number of false positives.

Exact Data Matching works by indexing a structured data source, for example, a database of employee records. A fingerprint is created for that data source and linked to a DLP policy that detects for it. Indexed Document Matching works in a similar way but involves indexing specific documents.

But DLP is not a set-and-forget solution. After the initial rollout phase, continuous tuning is key.

As you get a more complete understanding of your data and the impact of specific rules and polices, it’s important to continually modify and refine rules to get more precise, as well as introducing new rules to cover a broader range of identified risks and use cases.

Block or Monitor?

DLP plays a key role in protecting data, but it’s not a panacea for every data loss scenario.

At Symantec, we get the most value from using DLP to prevent the risk of accidental or negligent data loss, which often makes up for the larger share of data leakage in organizations. An ideal use case is detecting when an employee sends an email containing sensitive information to someone outside the organization – which is more often than not unintentional (i.e. “fat finger” errors in email address fields).

Another key consideration when configuring DLP is whether to block activity that breaches a DLP policy, or simply to monitor it. In obviously high-risk scenarios – for example, an identified insider threat risk – it makes sense to activate blocking rules using Endpoint or Network Prevent. By equal measure, configuring DLP to block activity requires highly precise policies to avoid disrupting legitimate business activity and triggering user complaints. In large organizations it may require a service (either an individual or a team) be assigned to respond to these complaints and, where necessary, unblock legitimate activity in a timely fashion.

At Symantec, we typically configure any new DLP policies in monitor mode, at least initially. This gives us visibility of processes or behaviors in the organization that could result in data loss, without adversely impacting the business. We are also biased towards configuring Symantec DLP to issue notifications to users about the risks of a data transfer, such that we can allow them to decide whether to proceed with the transfer based on their assessment of the risk.

Triage Model

Another key question to ask is how you will manage DLP alerts in a timely manner. It’s vital to establish a well-thought out process that meets your risk, compliance and regulatory obligations.

At Symantec, we established an alert triage model that outlines clear standards for triaging DLP alerts, including response and resolution timeframes in line with regulatory requirements such as GDPR, and we clearly laid out the roles and responsibilities for responders.

We set different resolution timeframes based on whether an alert is a suspected false positive, appears to relate to the employee’s own data, or is suspected as being a data incident. Alerts relating to customer or personal information trigger an engagement with our privacy team for further investigation.

Ultimately, we found that responding to alerts and continuous tuning didn’t suit the skills required of the modern SOC analyst – which increasingly pivot toward proactive hunting of threats.

We’ve defined simple categories of alerts in Symantec DLP like ‘New’, ‘Under Review’ and ‘Resolved’. Too many alerts in the “New” or “Under Review” state make a good case for us to consider how we’re resourcing the triage function or how we might refine our policies to reduce false positives.

We’ve considered a number of options for who should manage the triage function. Should it be within our Security Operations Centre (SOC), set up as a separate compliance function in our security team, or should it sit with responders in the business units? We weighed up the pros and cons of each.

Ultimately, we found that responding to alerts and continuous tuning didn’t suit the skills required of the modern SOC analyst – which increasingly pivot toward proactive hunting of threats. We felt that a centralized compliance function for DLP alerts worked most efficiently for our organization and drove the continuous improvement we wanted from the program.

Our responses processes for any DLP alerts relating to personal information are also integrated with our global privacy team. This team takes the lead role in managing major privacy incidents and ensuring our compliance with key data protection regulations such as GDPR. Naming standards offer a simple way to streamline this process. We distinctly label any DLP policy that deals with personally identifiable information, which helps our responders know that an alert potentially constitutes a disclosure under GDPR.

Awareness in Disguise

Finally, and somewhat unconventionally, we’ve come to see value in Symantec DLP as a security awareness tool.

First, DLP alerts provide a rich source of data on events that might lead to data loss. Our awareness team uses this data to identify and refine training needs.

But more importantly, a core principle of our education programs is that learning experiences be contextual to a user’s workflow. We want to teach staff in the moment.

Symantec DLP supports this by identifying high-risk behavior at the very moment that it occurs. We operate on the principle that most staff want to do the right thing and are simply trying to be productive. When an employee accidentally sends an email containing sensitive data to an external recipient, the tool can not only be configured to detect this behavior but also to automatically send the employee a message that enrolls them in in-the-moment training about data classification and handling. This creates a powerful, contextual learning experience.

We’re looking at other opportunities to integrate awareness messaging into our rules and policies, rather than just using DLP to generate alerts for the triage team to process.

DLP is highly versatile, but its successful implementation as a security solution rests on building the right processes to manage alerts, continuous tuning and demonstration of its value back to the business.

[embedded content]

About the Author

Matt Donlon

Symantec Data Protection Lead

Matt has global responsibility for Symantec’s data protection controls that help ensure proprietary and customer data is safeguarded against unauthorized disclosure and loss.

Science Fiction Writers Helping Imagine Future Threats

The French army is going to put together a team of science fiction writers to help imagine future threats.

Leaving aside the question of whether science fiction writers are better or worse at envisioning nonfictional futures, this isn’t new. The US Department of Homeland Security did the same thing over a decade ago, and I wrote about it back then:

A couple of years ago, the Department of Homeland Security hired a bunch of science fiction writers to come in for a day and think of ways terrorists could attack America. If our inability to prevent 9/11 marked a failure of imagination, as some said at the time, then who better than science fiction writers to inject a little imagination into counterterrorism planning?

I discounted the exercise at the time, calling it “embarrassing.” I never thought that 9/11 was a failure of imagination. I thought, and still think, that 9/11 was primarily a confluence of three things: the dual failure of centralized coordination and local control within the FBI, and some lucky breaks on the part of the attackers. More imagination leads to more movie-plot threats — which contributes to overall fear and overestimation of the risks. And that doesn’t help keep us safe at all.

Science fiction writers are creative, and creativity helps in any future scenario brainstorming. But please, keep the people who actually know science and technology in charge.

Last month, at the 2009 Homeland Security Science & Technology Stakeholders Conference in Washington D.C., science fiction writers helped the attendees think differently about security. This seems like a far better use of their talents than imagining some of the zillions of ways terrorists can attack America.