#InfoSecSuperwomen: Christy Wyatt

March 08, 2018

She is an eager beaver, always on her toes; Christy Wyatt is one of those #InfoSecSuperwomen who have made a place for themselves in the information security world that is still struggling to attract enough talent. Christy, who was recently announced as the finalist in the Security Champion of the Year category in Women in IT Awards, has already made it in the Inc. Magazine’s list of Top 50 Women Entrepreneurs in America. She was declared the CEO of the Year by the Information Security Global Excellence Awards in 2015, ranked among the top 100 women leaders in STEM in 2012, and has been among the “Most Influential Women in Wireless” several years in a row.

The CEO of Dtex Systems is a sought after name in the blue-chip of cybersecurity industry. Her masterstroke with regards to the acquisition of Good Technology by Blackberry is no less than history. Christy who has held leadership positions across both consumer and enterprise at Citigroup, Motorola, Apple, Palm and Sun, opened-up about her gumption in cybersecurity, Artificial Intelligence, and gaps in cybersecurity strategy.

Dtex is into cybersecurity innovation. Please share your views on the kinds of innovations we will get to see in cybersecurity in the near future, including AI?

There has never been a more tumultuous time in our industry.  The lines between hackers, hobbyists, and nation state attackers are continuously blurred with security leaders having to scramble to defend against an ever-evolving slate of attacks. A CISO today has no idea if valuable data is being taken to make a national statement by someone with a vested interest, or purely for the market value. Because of this, one of the more interesting trends we’ve been seeing is the focus on the vulnerable insider or employee – as a potential root cause of any of the three scenarios above.

As we move forward, however, and AI becomes a critical tool for both hacker as well as defender, the “why” will matter increasingly less. The ability of each side to fulfil their mission will rely on visibility and the agility. The CISO needs to focus on lightweight, high-fidelity data collection to be able to identify and respond to new risks in real time – coupled with transparency and rapid learning. Analytics engines running in batch mode to cope with massive amount of heavy, unfiltered data, will not scale to meet the challenge.

Dtex Systems was launched in Australia but it is now headquartered in Silicon Valley. Any reason in particular?

Australia continues to have a vibrant security community – but as we see with many other Australian startups, it became necessary for Dtex to move to Silicon Valley in order to connect with the talent and funding pool needed to grow and scale a business.

We were thrilled this year to be able to re-enter the Australian market, which is one of the more mature and forward-thinking at present.  It remains a high-growth business opportunity and area of focus for Dtex, and we will continue to invest.

How much would you rate Australia’s Cybersecurity infrastructure and workforce, on a scale of one to ten?

Unfortunately, you cannot look at any of these items as static. The only constant in the world of security is change and increasingly, our success both as vendors and defenders will be dependent on our ability to adapt – and how we respond to both the market and risk.  We have found, in working with Australian partners, customers and technologists, that there is a depth in both security understanding and ability.  And some of the most forward looking CISO’s that we have had the honor to work with have been within Australia.

The recent cyber breaches across the world show that there are gaps in the cybersecurity strategy. Where do you think the major faults are? Is the world really working on improving it?

Cyber is a world of change.  If the last decade has taught us nothing else, it is that whatever you fear today is not going to be what you fear tomorrow. The risk landscape is continuously evolving.  If I look at extremely mature industries – like financial services or the public sector, they have become much more aggressive in evaluating and embracing new technologies. Evaluation and procurement cycles that were previously measured in months, in some areas, have been cut in half.

This adaptability and capacity to absorb new technology is what is going to keep the enterprise immune system strong. The inverse is the enterprise’s ability to cycle out old, or underperforming technologies. This is an area where I believe there is more work to do.

What are your views on a collaborative cybersecurity platform for the world?

Ideologically, I am a believer that strength comes from transparency and collaboration. Practically speaking, however, this is much harder.  I think the concept of openly sharing data is entirely achievable – but a centralized, global cyber immune system is much less practical as every country has its own definition of ‘risk.’  We can all agree on the identity of an individual – but what the US deems to be a risk, may not be consistent with the view in China. I do believe we should invest in global information-sharing capabilities, which can still go a long way to providing a platform for creating compatible cyber systems.

Former ASIO boss David Irvine recently sent out a warning on Australia’s ‘relatively weak, uncoordinated’ cybersecurity infrastructure. How much do you agree with that?

I think it’s important to recognize that David Irvine ran ASIO and ASIS up until 2014 – and since that time, the Australian cybersecurity market has matured significantly. However, I would tend to agree with his suggestion that a ‘single Commonwealth-led cooperative agency’ could help to break down silos and present a more coordinated approach to combating cybercrime.

It’s also important to note that the Australian Government has recently taken steps towards a more centralized approach by consolidating its cyber teams, including those of the DTA (Digital Transformation Agency) and the ASD (Australian Signals Directorate). This demonstrates a major shift towards the consolidated approach recommended by David.