Compliance in Cybersecurity: Coming Full Circle with Gina Rocha

As National Cybersecurity Awareness Month comes to a close, we’re wrapping up our Women in Cybersecurity blog series with Rackspace Managed Security Manager of Compliance and Risk Management Gina Rocha.

As part of our blog series on cybersecurity this month, we published a post by Daniel Clayton, senior director of Rackspace Security Operations, who described how compliance does not equal security. So we sat down with Rocha to better understand how compliance does fit into an organization’s overall security posture. In the process, we learned about a cool connection she shares with her father.

Tell us a little about what you do. 

We’re the group that keeps your business off of its financial regulator’s radar! My team works with customers whose businesses process credit cards (PCI), store healthcare data (HIPAA) or manage personally identifiable information (GDPR and others). We provide the configuration hardening and monitoring, patching and user access monitoring and file integrity monitoring with reporting necessary to help businesses meet Regulatory standards.

Right now I oversee a team of six, but we’re looking to expand. We’ve got three open positions!

So what is the difference between security and compliance?

Security is designed to protect against threats in your environment, while compliance assures you’re meeting regulatory requirements in those environments. Security threats will always outpace compliance requirements, so having the two work together from both sides is essential to the grand security picture. Compliance alone isn’t enough to keep an organization secure, and security doesn’t check off boxes for compliance.

Security is the practice of protecting digital assets, whereas compliance applies that practice to meet regulatory requirements. We help companies by providing necessary evidence that they in fact meet those regulations. This is especially beneficial as we support the customer in their active audits and supplemental documentation needed.

Another thing we do at Rackspace, and I think this makes us a bit of a unicorn, is that we’re also able to help the customer understand and remediate where the gaps are. A lot of companies can create reports, but don’t provide the “why” to gap that are found. Our team provides the insight and interpretation of the data to fix it. We assess the servers in scope and figure out how to fill the gaps, while ensuring the latest patches are in place with version controls applied.

How did you get your start in the compliance business?

My father was a big influence, and interestingly, his work and mine recently connected.

After a stint in active duty with the United States Air Force, he worked in civil service at what was then Kelly Air Force Base here in San Antonio, as an aerospace engineer. He was always tinkering on cars, TVs and computers. So, we grew up with a very computer minded outlook. He bought me a Rockwell calculator, the first Atari 5200, then later a Tandy laptop from RadioShack. All that piqued my interest in computers off the bat. I still have that Tandy – one of my favorite memories.

Gina Rocha still owns the RadioShack Tandy laptop that first piqued her interest in computing.

I earned a bachelor’s of business administration in management, with a master’s of business administration in general business, both from the University of the Incarnate Word. I started out in banking as a customer service manager, and later moved into banking compliance. My compliance career further led me into the oil and gas industry. Later, I worked as a consultant for ten years, and then I was recruited by Rackspace to be a senior software licensing compliance manager.

You mentioned that your father’s work and yours recently connected. Can you tell that story?

Sure — it still gives me chills! After my father left active duty, he joined the civil service at the Kelly AFB Material Command Center. As part of the team, which included a well-known engine manufacturer, he led the development of F100 and T56 engine development programs. I still have one of my dad’s old Oxford shirts, with the company’s logo and rendering of the T56 engine on it.

Fast forward to today, that company is one of my customers! We provide our Compliance Assistance offering for their systems, among other managed services. I told them my Father was instrumental in helping launch the programs we’re now protecting, and it was a humbling moment for me. The added bonus is that we have such a great rapport with this company, they’re just so amazing to work with.

So it really did all start with my dad. To this day my mom teases me, “My gosh, if your Father hadn’t bought you that Tandy laptop…”

What advice would you give women interested in the field?

What I like about IT compliance is that it’s so diversified — the environment is always changing, and there’s always something to learn.  Women are definitely still a minority in the field, but there’s an opportunity to make an indelible footprint.

I think a lot of companies are beginning to understand that having more women in the workforce helps advance the business, especially when these roles are in leadership. You get a different lens and a different perspective.

There is so much opportunity! My team is looking to expand right now. Check out our available security and compliance-related jobs.

Robert Sawyer heads up product marketing for Rackspace Managed Security, an industry-leading offering delivering rapid detection and remediation of advanced cyber threats. He has more than 15 years experience in the IT industry, in roles ranging from portfolio marketing to development, test automation and infrastructure management. He’s worked in over a dozen programming languages and might still be able to write Hello World in one of them. Follow him on Twitter @rsawyer42 for tips on hoops, guitar and raising four rowdy boys.


Please enter your comment!
Please enter your name here