Welcome to Speed Data: Quick Conversations With Cybersecurity Leaders. Like speed dating, our goal is to capture the hearts of CISOs with intriguing, unique insight in a rapid format for security professionals pressed for time.
Today's episode features Hannah DeWane, Cybersecurity Governance, Risk, and Compliance Specialist at Varonis. Hannah shared a sneak peek into her day-to-day world of security audits, saving the day for our customers, information technology, and her favorite topic, the wonderful world of risk management.
Hannah DeWane’s passion for defending against cyberattacks and threat actors may be what drew her to the world of cybersecurity, but an unexpected bonus was just how much she enjoyed the protection and value customers receive from her ace cyber skills.
“Coming from an IT background, I was interested in the attack side of cybersecurity — incident response, investigations, and understanding different cyberattacks and how to combat those threats,” she said. “As I’ve been in the security department, my passion has shifted more toward how we can bring value to our customers through our cybersecurity program.”
It’s fitting, then, that Hannah acts as the Cybersecurity Governance, Risk, and Compliance Specialist for Varonis, responding to customer inquiries and providing detailed information and updates.
“One of our top priorities is making sure that we answer all of our customers’ questions around Varonis’ security program,” she said. “We’re always continuously trying to improve our security program.”
GRC: The golden trifecta
Hannah is also responsible for Varonis’ security awareness program, bug bounty and vulnerability disclosure programs, external security audits, third-party risk management, and compliance. But Hannah’s favorite topic to explore is risk management.
“Risk management is the foundation of GRC,” she said.
Every company is different, and each business has to identify their critical assets and the major risks to their organization, and then they can tailor their security program around those risks.
Hannah DeWane, Cybersecurity Governance, Risk, and Compliance Specialist at Varonis
Hannah recognizes, however, that the best security postures emphasize all three aspects of GRC: governance, risk, and compliance.
“All three of them are very important — compliance is important because it’s about adhering to the cybersecurity program and certain laws and regulations, and governance is critical because it’s about the security culture and adhering to ethics,” she said. “All three work really well together and complement each other.”
A twist of fate
Hannah’s passion for cybersecurity is apparent; her face lights up when she talks about the challenges and payoffs of cyber. “There’s always something new to learn,” she said. “I think that’s very rewarding — the idea that you’re always learning something new, and you can take your career in whatever direction you’d like.”
It’s hard to imagine Hannah working in any other field, but before she caught the IT bug, she planned to pursue a career in legal.
“When I was in college, I thought about going to law school or teaching,” she said. “I took a part-time job on campus doing break-fix repairs for student computers, so that’s where I first found my passion for working with technology, and I started to go that direction and get more interested in the IT side.”
The rest, as they say, is history, and law school’s loss turned out to be Varonis’ gain.
