Jameeka Green Aaron - The Value of Authentication and Leadership

Critical Stats

LinkedIn: https://www.linkedin.com/in/jameeka/

Started their cybersecurity journey in: 1998

Most passionate about: All of the things!

Favorite zero-day: Log4j

Favorite song: Blackbird (The Beatles and Beyonce)

Introduction

Jameeka has over 20 years of experience in information technology and cybersecurity. She is a versatile leader, successfully leading teams as a CISO and CIO across various industries, including aerospace and defense, apparel, retail, and manufacturing at Fortune 100 and privately held companies and many spaces in between.

She brings extensive experience in business engagement audits (global), compliance, cybersecurity (vulnerability, risk and identity management, zero trust, and cloud security), mergers and acquisitions, and divestitures. She does it all!

Jameeka is a cyber vanguard

We selected Jameeka because she is a cyber vanguard! Yes, she has seen it all, but she also speaks her mind and shares insights with many organizations as a board member and advisor. A cybersecurity leader who effectively shares insights empowers others to make informed decisions. This collaborative approach fosters a culture of security awareness across the community, ultimately strengthening the overall cyber defense posture for all those who listen. And we at decodingCyber want to honor that communal approach with this award!

Without further ado, we asked Jameeka our standard set of 5 questions to rule them all, and here are her responses:

Five questions to rule them all!

1. What is the biggest problem we are dealing with in cybersecurity?

We still have a lot of work to do in the realm of authentication, both human (logins) and non-human identities (programmable access credentials like API keys, OAuth tokens, service accounts, and SSH keys). The current state of access-based authentication still allows for far too many identity-based attacks. Unless we do more, they will continue to be a vast and ever-evolving threat vector for attackers to exploit.

2. How can we enhance access-based authentication?

We must collectively move away from identity access being seen as our weakest link in cybersecurity to our first line of defense. If identity access is the first line of defense, we must invest our time and tools to ensure identity access or Identity and Access Management (IAM) is a top priority. We must proactively test our IAM solutions, determine weaknesses, and then fortify them, all before a bad actor even knows we exist, let alone mount an attack.

3. What are three actions a CEO can take to protect their company from cyberattacks?

Three actions a CEO can take to protect their company are:

1. Empower their Chief Information Security Officer (CISO) - Listen to their CISO and take time to understand the risks being communicated. Many risks require cross-functional collaboration and investment to resolve or mitigate. Giving your CISO the capability and support to reach across the company to other business functions can transform your company into one well-fortified against cyber threats.

2. Play an active role in cybersecurity mitigation - I recently conducted a cybersecurity tabletop exercise with the most engaged senior leadership team (including a CEO) with whom I’ve ever done this exercise. This level of engagement created clarity and focus, allowing for rapid decision-making and execution. Guess who led the discussion and brought a wonderful energy to the exercise: the CEO. That should tell you something.

3. Recognize that cybersecurity is a team effort - While leadership must set the overall strategy, every employee plays a crucial role in safeguarding our data and systems. Only by working together can we create a strong defense against cyber threats.

4. What are the best resources for learning more about cybersecurity?

There are a few that come to mind.

1. Peers - I learn more from my peers than anywhere else. CISOs share a lot of great information, and it’s often already vetted and proven effective.

2. On-the-job training (OJT) - I’m still a practitioner and have learned much of what I know from OJT. Let me say this: there’s nothing like leading amid an incident or outage to enhance your learning of cyber threats, mitigation measures, and the importance of good communication practices. 

3. Free stuff - There are a lot of free courses available directly from many of the vendors we all use. I always browse offerings from:

   • Amazon Web Services

   • Coursera

   • EC Council Cybersecurity Exchange

   • CISA (Cybersecurity and Infrastructure Security Agency)

5. What is one piece of advice for those wanting to pursue a cybersecurity career?

I would say, “Be a practitioner.” I still see many people hoping to gain entry into a career in cyber by “alphabet souping” themselves with certifications. When assessing if someone is a good fit for a role, I rarely look at certifications. I lean more towards understanding if the person can do the job… like actually do the job, not if they have the certs that say they can (in theory) do it. My team and I spend a lot of time threat hunting, diagnosing, and troubleshooting, which requires a level of understanding that can only be gained in the field. Don’t get me wrong, I have quite a few certifications, but I got them while doing the work.

How many times do I have to teach you: just because something works doesn’t mean it can’t be improved… which is why you should share with interview with others!

Are you looking to go to a persona page?

Cyber 101 | The Solopreneur | SMB | BoD