Lucia Milică Stacy - Managing the Evolving Threat Landscape

Cyber Vanguard
Written By Michael F. D. Anaya | Founder
Lucia Milică Stacy
Up and to the right graphic

Critical Stats

LinkedIn: https://www.linkedin.com/in/luciamilica/

Started their cybersecurity journey in: 2005

Most passionate about: User Behaviour and Data Security

Favorite zero-day: Stuxnet

Favorite song: “The Best” by Tina Turner

Introduction

Lucia is a seasoned technology executive with over 20 years of experience driving strategic initiatives and operational excellence across diverse technology domains. With a deep passion for cybersecurity, she has held leadership roles in data privacy, information security, risk management, and IT governance. She also knows her whiskeys! Whether it be a Scotch, Irish, American (bourbon and rye), or Japanese whiskey, she can give you a lesson on all their unique flavor profiles. This was particularly impressive to me, as I am still on the hunt for the ultimate whiskey and New York cheesecake pairing! True story.

Lucia is a cyber vanguard!

We selected Lucia because she is a cyber vanguard! A recognized thought leader, Lucia is frequently sought after as a speaker at industry conferences and events. She actively contributes to the cybersecurity community through her involvement with organizations like the National Technology Security Coalition and the Department of Health and Human Services.

Lucia holds a Master of Science in Information and Cybersecurity from the University of California, Berkeley, as well as advanced degrees in Business Administration and Law.

Without further ado, we asked Lucia our standard set of 5 questions to rule them all, and here are her responses:

Five questions to rule them all!

1. What is the biggest problem we are dealing with in cybersecurity?

People and data represent two of the most significant intrinsic risks within any organization. The intricate web of interconnected data systems we rely upon and the human element creates a complex and vulnerable landscape. This interconnectedness has given rise to systemic risk, where the failure of one component, like a critical supply chain vendor, can cascade through the entire system. That failure may have been caused by someone clicking on a bad link or a sophisticated nation-state actor deploying a zero-day… or both! My point is that we are so interconnected to one another that any critical failure in this system could impact multiple organizations within it. Recognizing and mitigating this systemic risk is paramount for Chief Information Security Officers and board directors.

2. How can we address critical failings within our interconnected data systems?

Security has become a people challenge, and the data we generate and share is the new reconnaissance tool for threat actors. Credentials hold a lot of value for these actors. They enable them to access sensitive data, which is their new currency. As such, credentials are targeted as they are critical in a threat actor’s monetization strategy.

Unsurprisingly, the number of attacks increases when credential dumps become available. With those credentials, threat actors can employ automation to enhance password stuffing. They also use algorithms to substitute common variations for leaked passwords or cross-reference passwords from multiple dumps. Every individual is an attack vector and one of the most vulnerable targets within our ecosystem.

To answer your question, we must understand our users’ behaviors and how each of us engages with technology and data. This is where user training and the deployment of cybersecurity countermeasures go hand in hand. As defenders, we can prioritize the risks posed to organizations and optimize our mitigation strategies and controls based on risks more likely to lead to systemic failures.

Content by decodingCyber

Like our content? Let us do the same thing but for you. Interested? Let’s chat!

3. What are three actions a CEO can take to protect their company from cyberattacks?

A few things come to mind. A CEO can:

  1. Make cybersecurity a strategic imperative or non-negotiable company-wide goal. Setting the tone at the top will drive the message that cybersecurity is a team sport and everyone’s responsibility, not only the responsibility of the security team.

  2. Provide the cybersecurity leader with a seat at the executive table and a forum for collaboration on cyber risk exposure. This will ensure that the executive leadership to whom they report does not control or dilute the cyber leader's message.

  3. Categorize cyber risk as a business risk. Once you do this, I advise you to regularly meet with your cyber leader to understand how they enable the business to run securely and seek guidance on the ever-changing threat landscape and its potential impact on the bottom line. 

4. What are the best resources for learning more about cybersecurity?

Here are three for you:

  1. Given the quality of its specialized training, the SANS Institute is one of my favorites.

  2. I highly recommend the UC Berkeley School of Information Masters in Cybersecurity for a more robust graduate program.

  3. LinkedIn Learning is also a great, inexpensive resource.

5. What is one piece of advice for those wanting to pursue a cybersecurity career?

I will keep it short and sweet - Don’t be afraid to raise your hand and take on new challenges that push you outside your comfort zone.

Here's looking at you, kid. Now, get out there and share this article!

Are you looking to go to a persona page?

Cyber 101 | The Solopreneur | SMB | BoD

Michael F. D. Anaya | Founder

I’m a techie who’s been in cybersecurity for over two decades. My passions are being a top-tier dad, helping others, speaking in public, and making cyber simple. I am also partial to cheesecake and bourbon, but not together… well, come to think of it, it might be a killer combo! TBD.

https://www.mfdanaya.com
Next

Charlotte Edwards - Insights on the Cybersecurity Landscape