Dr. Margaret Layton (Meg) has been working in the IT industry for over two decades. In 2001, she joined a start-up company that was acquired by Symantec, and she has since been working in various roles within the company, both on products and working on the intelligence that fuels the front-line responders. She is Director of Engineering for the Cyber Security Services business unit, working with a talented team of software engineers and security professionals building tools for our defenders in cyberspace. Meg has a Doctorate of Information Assurance from the University of Fairfax. She also holds a Master of Science degree in Telecommunications and Computing Management from Polytechnic University in New York, which is now a part of NYU; and a Bachelor’s of Art in Political Science from Albertus Magnus College. Meg maintains several certifications in the Cyber Security realm that she is passionate about, including both the CISSP and CSSLP certifications from ISC(2), and GIAC certifications for Incident Handling, Forensic Analysis, and Penetration Testing. She is CNSS 4011 and 4012 certified. In her role as Director of Engineering, she also holds Agile certifications. She lives in Virginia with her husband and children, and volunteers as a Technical Mentor for local CyberPatriot organizations, as well as serving as Adjunct Professor for colleges, teaching courses in Information Security, including Computer Forensics and Risk Assessment.
If you had to choose one event that led you to work in information security, what would it be and why?
Meg Layton: There’s probably a couple of different things that led down the path. When I tell of my start, I often discuss the influence of working in telecom during the dotcom era and working in Africa while learning security. Security in a developing country is much different than what happens in the U.S.
However, if I had to consider the defining “Here I am and I should stay here” would be the Nimda virus outbreak in 2001. It was what I like to call “the other date in September” that year. I was working in a government facility which was still on severe lockdown. My job was to monitor early versions of SIEM alerting and contact the contractor if I saw anything unusual. There were a lot of delays getting through security in the morning because I forgot that I had my husband’s fishing rods in the van, and metal tubes are suspicious to facilities on lockdown.
I got to my desk, put down my things, checked my screens (it looked fine) and went to get coffee. By the time I returned to the desk, my screen was scrolling through alerts in a ridiculous manner. Because it was a locked down facility, I could only make phone calls.
I called my office. They called a couple of people, and that’s where I found out how collaborative the community really was. By the time the external monitoring service called the facility to “warn of suspicious activity,” we had already removed most of the servers, had an executive briefing, and written rules that would group together and let us know if other infections existed.
A lot of the work that goes on in infosec seems like it is not recognized. But that day, I found the power of smart people working together and making a difference. And plus, I was good at it.
Why do you like working in the information security environment?
Meg Layton: Every day you are solving problems. It isn’t always obvious how, but every day you solve a problem. And in infosec, those problems are often what I tell my kids are “People problems.” Infosec exists because of human traits: desire, doubt, trust, integrity. Human beings are unpredictable and fallible, and all of that is why infosec exists. So there is not always a right answer to a problem, there is just a more secure one or a different way of approaching it. That makes it interesting, every day.
If a n00b to the infosec world asked you for a piece of advice, what would it be?
Meg Layton: Infosec is a wide river, and to get across you need to pick a wave to ride and always learn. The best and most talented people I know in infosec know there is always more to learn. Remember you have to keep learning, since the technology changes so fast you won’t ever get to the “end” and “know everything.” Make mistakes, learn from them, and move on. I guess that was more than a single piece of advice.
What is the most important issue facing professionals in the information security landscape today? Why?
Meg Layton: That’s a hard one because I think there’s a lot. But I think the biggest issue is likely the inability for many professionals to connect their issues with the business needs. The ability to do that will influence investments, regulations, laws, and the future of technology.
I often think of that line from Jurassic Park, “you were so preoccupied with whether you could, you didn’t stop to think if you should.” As we push for agile and faster and more connected, this springs to mind often. How do you articulate how to make things safer in a way that matters not only today, but will matter tomorrow? The infosec professionals better figure it out, and fast.
What is the most important issue facing consumers in the information security landscape today? Why?
Meg Layton: Also hard. Because there is so much facing consumers and so many of them don’t even know it. Probably the biggest issue is understanding the difference between privacy and security combined with the transparency that organizations provide surrounding these topics. Many consumers are simply unaware, or consider things hard. The stigma needs to change so that the security is accessible and easy to the user so they can have the power to protect themselves.
What are your three “guilty pleasures” that have nothing to do with information security?
Meg Layton: Buffy the Vampire Slayer, because obviously. Musical theater, or really any theater. I often tell folks that my first computer was actually a lighting board, so really theater is why I got into tech. It is not beyond the possibility that I will randomly break into song if I need to. Yay Stage Crew! Third, scrapbooking. I do a lot of preserving of memories and putting pictures on the page kind of soothes me.
What’s your favorite book-to-movie adaptation and why?
Meg Layton: This is tricky. Because I like books so much more than the movies in most cases, and I always have my kids read the books first. What world you enter in your mind when you read is seldom what is created on the screen. So it is going to have to be a toss up, and both because of the sheer talent of the people who created characters: The original Willy Wonka and the Chocolate Factory with Gene Wilder, and the Princess Bride – because, that casting was just genius.