With National Cybersecurity Awareness Month upon us, we’re reviving a popular feature we launched during last year’s activities here at Rackspace, our Women in Cybersecurity blog series.
For our latest edition, we’re featuring Christina Galligan, director of Cybersecurity Operations at Rackspace. She oversees both the Customer Security Operations Center, or CSOC, and the Internal Security Operations Center, the ISOC. Her customer facing teams focus on Rackspace Managed Security, which offers proactive threat detection and rapid remediation. Internally, her teams do constant security monitoring, threat intelligence, vulnerability assessment and penetration testing.
We sat down with Galligan to talk about her journey from federal auditor to director of cybersecurity operations, and what cybersecurity trends she’s watching.
What drew you to cybersecurity?
I was always into technology as a kid — fascinated by gadgets like video games and the latest tech. I was always trying to keep up. My dad was also an early adopter of technology, so I was exposed to it in childhood. I remember being 8 or 9 when my parents were upgrading to a new Gateway, so I negotiated to have their old Mac, one of the very early all-inclusive versions, put in my room.
It wasn’t a direct path, but I liked the order and elegance of systems — like double entry bookkeeping in accounting, which is where I started my professional career. No one I knew was taking computer science courses; there just wasn’t a lot of diversity in those programs at the time. And I found accounting really interesting. After college, I became a federal auditor.
How did you go from federal auditor to director of cybersecurity at Rackspace?
After a few years as an auditor, I found myself drawn back to technology. I took a position as a consultant working with controls-based cybersecurity, evaluating U.S. Federal government systems.
I went back to school, earning an MS in Computer Information Systems from Boston University, with a concentration in network security. After that, I became an analyst for the National Vulnerability Database under the NIST, the National Institute of Standards and Technology. I later began doing attack and penetration testing for civilian and military networks in support of national security initiatives.
A former colleague who had moved to Rackspace recommended me for a senior security architect position. From there, I moved into supporting internal security, building out our vulnerability assessment and cyber threat intelligence offering.
How did you get to where you are today?
A lot of my career growth has come from me identifying security challenges, then being able to articulate the value proposition that successfully prompts investment.
As the cybersecurity landscape was changing and evolving, I identified some areas where Rackspace didn’t yet have a well-defined perspective. First it was in building out our vulnerability assessment and penetration testing teams and then developing a cyber threat intelligence capability. A few months ago I was given the opportunity to become the Director for Cybersecurity Operations.
What advice would you give women looking to get into leadership within cybersecurity?
Honestly, the opportunities I see are not gender specific. The best advice I’d give anyone looking to advance in their career is to hone the ability to tie security to business outcomes and objectives. Making security matter at the board level is still a challenge. Sure, when there’s an incident, it’s easier, but long-term investments, and committing to doing the harder things; someone has to be able to translate that into a business case.
Another part is recognizing opportunities, like I did when I arrived here. Some of the best career advice I ever got was that you must be being willing to ask, very specifically, for what you want. Here’s an example: I was up for an annual review and compensation evaluation, and I had a certain number in mind I thought I was worth — but I never said anything. You must articulate your value, then ask for what you want.
What trends are you seeing in cybersecurity?
A big one is more automation, to make things more efficient. By automating repeatable work, you’re then able to spend time and resources looking at more high priority items. For example, we had a team of four utilizing a certain vendor’s tools, running a series of processes weekly for a couple hundred customers. That was not scalable — if we had several thousand customers, how many people would we need?
We had a couple people on my team observe for a couple weeks, then write automation for it. Now it’s run by one person and it takes maybe an hour a week, whereas before those four people were working four and a half days executing the process manually.
Another trend I’m seeing is that businesses are paying attention to reputational integrity. Basically, what’s trending on Google about a business is what customers see. For example, for Rackspace, it’s vitally important that we continue to discuss security, establish a market-leading perspective, and communicate to customers about security matters. We have to be careful with our reputation because that is all we have, we cannot give it up. You can create a better product, but if your reputation is shot, it doesn’t matter.
Another thing we’re constantly seeking to improveis a reduction in what we call dwell time, or how long an adversary remains in a system once it gets in. Our value proposition is based in part on how quickly we can detect, respond, contain and eradicate the adversary. Within our managed security offering, customers sign off on pre-approved actions — they agree ahead of time that we will perform certain actions once we detect a threat. That saves precious time.
This is where the Rackspace offering is a true differentiator; because we work with customers to manage their infrastructure, we’re well positioned to react holistically and quickly across all of a customer’s infrastructure.
As one of the leading providers of modern IT as a service, Rackspace continues to invest in technology and expertise to serve the rising need for multi-cloud security through a robust portfolio of managed security services, including Proactive Detection and Response, Compliance Assistance and Privacy and Data Protection, plus our recently launched Quickstart Solutions.