Diana Kelley has impressive credentials, having held high-profile cybersecurity roles at organizations including Microsoft, IBM Security and KPMG, as well as co-founding Cybrize and the consultancy SecurityCurve with her partner, Ed Moyle. She devotes much of her spare time to volunteer work in the cybersecurity community and is an elegant and informative communicator, making her a sought-after keynote speaker.
What would be your DREAM job if you weren’t an infosec professional? (And you can’t say anything IT Security related!)
When I was in college, I dreamt of having a little farm, wandering in the fields with my dogs and goats, writing poetry. I was an English major and writing a lot of poetry at the time.
If you could work with any client on any project, who and what would it be?
It would be what I’m working on now – supporting small and medium businesses while also helping train up the next generation of cyber talent.
What was your route into cybersecurity?
I went into editorial roles after college but was always the go-to ‘tech guy,’ so it was natural for me to move into a tech support role. From there, I worked my way up to building and managing a global network – and when a malicious actor got on that network, I pivoted to focusing exclusively on cybersecurity.
If you could change one thing about the information security sector, what would it be?
Using language that is scary and off-putting to people outside of security. When FUD (fear, uncertainty and doubt) leads the tone, many people shut down and stop listening. However, when we educate and engage people, they feel empowered and understand how their actions can increase or decrease the risk for themselves and their organizations.
What one piece of advice would you give to someone starting in the information security industry in 2022?
Ask yourself why you want to do this work and what you really love to do. Most of us default to SOC analyst or threat hunter when we think of a cybersecurity career, but we also need graphic designers, lawyers, policymakers, psychologists and writers – there are so many facets to cyber. Find your best fit.
Quick-fire Q&A:
- What’s the most misunderstood thing about information security? That we can prevent all breaches. Infosecurity is a balance, and there is no such thing as 100% secure.
- What’s your biggest professional regret? Lots of people still don’t know how important cybersecurity is in keeping people and the planet safe.
- What’s the most important lesson you’ve learned? Be humble.
- Tell me something about you that our readers will be surprised by. I have a chipped tooth because I was slam dancing in the pit at an all-ages Black Flag show and an enthusiastic participant stage dove onto my head.
- What’s your guilty secret? I listen to Bo Burnham’s ‘Inside’ on repeat when I’m stressed out.
Bio: Diana Kelley is the CSO2 (chief strategy officer/chief security officer) and co-founder of Cybrize. She also serves on the boards of Cyber Future Foundation, WiCyS and The Executive Women’s Forum (EWF). Diana was cybersecurity field CTO for Microsoft, global executive security advisor at IBM Security, GM at Symantec, VP at Burton Group (now Gartner), a manager at KPMG, CTO and co-founder of SecurityCurve and Chief vCISO at Salt Cybersecurity.