CISO Leaders : Tammy Moskites, CIO & CISO, Venafi

“Storing certificate information on Blockchain Technology is another way to thwart hackers”

Your current role as CIO and CISO at Venafi means that you are working in the cyber security industry in a major way. Do you eat your dog food or do the staff already get the importance of information security?

Venafi takes security very seriously – and my team deeply understands the importance of information security, but with the ever changing threat landscape, there are always improvements to be made. In my position, I have a dual role to not only protect Venafi but also protect our employees and customers, and I take that role very seriously. As for eating our own dog food – yes we do. We are a Venafi customer!

We are seeing enterprises shift into a Digital world from analogue. How do you see the CIO and CISO role changing? Is this fast enough??

We now have massive amounts of data at our fingertips, and the IT industry is evolving faster than ever. Cyber security has transformed from what most viewed as an IT issue to a central business concern, and the CIO and CISO roles are shifting in response. If we’re to keep up the pace and adopt emerging technologies, security needs to be a priority and CIOs and CISOs need to work together to mitigate risk in organizations across industries and throughout government.

The pace of change is quickening. What do you do to stay up with digital developments?

With the rise of DevOps and explosion in mobility, the IT world is rapidly evolving, and it’s essential for CISOs and CIOs to continue to develop their craft. I am always meeting with my peers, industry experts, attending tradeshows and discussing hot button issues with my peers, customers and teams to stay up on the latest threats, trends and industry developments. I also have to rely on those that are smarter than me (aka – My IT/Security team) to keep me informed! J

Trust is a key concept in cyber security. How do you define trust and what’s your view on managing this asset?

In today’s world, trust cannot be blindly granted - period. Threats are constantly increasing in both frequency and sophistication and an innocent email can prove deadly to the everyday enterprise. Just like any other asset – you cannot protect what you don’t know you have. For an organization to effectively mitigate risk and improve security, managing trust is key. It’s essential that IT managers implement multi-factor authentication, manage access and revoke and grant privileges accordingly – not just UserID’s and Passwords, but elevated access like privileged access, as well as keys and certificates.

What’s your view on digital certificates and how these assets in the future would be stored on Blockchain Technology?

Digital certificates and cryptographic keys provide the foundation of trust on the internet. The average organization has over 24,000 keys and certs and most of them don’t know where they all are and how to protect them (unless they use Venafi). The reality is that you can’t surf the web safely today unless their keys and certificates are properly secured.

Storing certificate information on Blockchain Technology is just another way enterprises can take steps to thwart hackers. Since blockchain databases are distributed and encrypted, they are harder for hackers to attack and the security and privacy of data is successfully maintained. With encryption now being used by hackers to hide malware in plain sight, secure technologies like this will be important moving forward. Though it’s important that organizations recognize there is no “silver bullet” when it comes to security, securing keys and certificates is a good start.

When you are stuck with a difficult problem, where do you go for advice and guidance?

I’m lucky enough to work with a fantastic team of incredibly talented individuals, and I often look to them as a sounding board when I run into issues and need another perspective. Also, the CISO community is very close and I have an awesome rolodex of colleagues with whom I collaborate with regularly. If you can’t collaborate with the people you work with and fellow CISOs, how can you expect your company to succeed?

Read more: SINET targets Sydney debut to channel Australia's “hunger” for commercialising security innovation

In your role as CIO and CISO – which of these two is the one that you enjoy the most? Why??

It’s hard to separate one from the other. I have 30 years of experience within IT. From managing helpdesks, desktop support, and Identity Management to Production Control and Capacity planning -- I have touched many sides of IT. If I combine that with the last 20 years focused primarily in security/compliance, it was natural for me to take on the role of both CISO and CIO. In the past, security did not necessarily lie within the purview of a CIO, but over the last several years our threat landscape has finally transformed cybersecurity into a C-suite conversation, so my roles tend to overlap and intermingle. It is all about business enablement – I love what I do every day – so instead of which one – I would rather just say “I LOVE MY JOB”.

What’s your view about attracting more female talent into Cyber Security. How can this be achieved?

This is a major issue - and one that is near and dear to my heart. We absolutely need to make the effort to attract more female talent to the cybersecurity field. However, generally speaking, we just simply need more qualified cybersecurity pros to fill the jobs -- both men and women! The National Cybersecurity Institute at Excelsior College estimates that nearly 2 million global cybersecurity professionals will be needed by 2017, and we cannot ignore half the population if we want to fill that talent shortage. Recent initiatives like Girls Who Code are a step in the right direction, but we need to implement similar programs to break the stereotype that women aren’t fit for STEM fields. To build a workforce, we need to build a talent pipeline and that starts with education. I encourage and challenge all security professionals to volunteer their time at local schools and universities to educate them as to what makes up this awesome field of Security!

Read more: ​RSA Conference: Symantec hones focus following Veritas separation

What is the one most important attribute that you must see to select a new staff member to your team?

Actually I have two – and neither of them are technical! Passion and Fit. I will never hire someone without a passion and integrity for doing the right things right and for the right reason. In the tech and security industry, it’s easy to get lost in the noise, and I need my team to rise above the rest and strive for success for themselves, their team and their company. And in order for the success to be accomplished they must be a good fit with the rest of the team and always keep in mind that we are just a part of the much larger team.

Finally what’s the last thing that you do on a Friday evening as you leave the office? Why??

Considering I am usually at about 30,000 feet on most Friday afternoons, I consider my office time is while I am on an airplane! I usually make a check list of items (on a paper calendar…) what I need to do over the weekend and for the following week – then honestly? -- I just grab my bags and get home…with a big smile on my face! With being on the road 90% of the time, I really look forward to the opportunity to spend time with my husband, family and friends. Not to mention -- we just added a new puppy to the family, a Rotti named York who has just melted my heart!

Join the CSO newsletter!

Error: Please check your email address.

Tags cybersecuritydatafemale cioBlockchaindigital worldCISOvenafiCIOpriviledged IT accesshelpdesksdigital devicespasswords

More about TechnologyVenafi

Show Comments

Editor's Recommendations

Solution Centres


View all events Submit your own security event

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Media Release

More media release