Professional Documents
Culture Documents
Meta
TASHYA DENOSE
HOW TASHYA DENOSE, SECURITY PROGRAM MANAGER IN META’S REALITY LABS AND THE LEADER OF EMOTIONAL INTELLIGENCE
IN CYBERSECURITY, IS PIONEERING A PATH TOWARDS GREATER DIVERSITY AND HUMANITY WITHIN THE CYBER WORLD
Top Cyber News MAGAZINE - August 2023 - All Rights Reserved 2
Fore
Word
Integrating Excellence with The Future, Top Cyber News MAGAZINE stands as a
dynamic platform that not only disseminates information but actively amplifies the
profound impact of Human Talent and Human Factors within the realm of
cybersecurity. This platform serves as a nexus that connects a diverse universe of
cybersecurity experts from around the world.
Through its dedication to highlighting Human Talent, Human Factors, and the
global community of cybersecurity experts, the magazine contributes to a
comprehensive understanding of the field's complexities and the strategies
needed to safeguard our digital future.
Creative Thinking
Problem-Solving
& Compassion
To safeguard a
More Secure World”
Top Cyber News MAGAZINE - August 2023 - All Rights Reserved 8
Interview conducted by Dr. Bradford L. Sims
We couldn't afford any vulnerability that might cybersecurity. Sarina Gandy, our producer,
compromise the integrity of these critical along with co-host Pam Lindemoen, and
networks. Delivering ongoing updates for the creative director Rex Wilson, we all teamed up
Joint Chiefs of Staff, who are the highest- with the idea of a platform that explored the
ranking uniformed leaders in the Department of human aspect of cybersecurity while stressing
Defense, was both a privilege and a daunting the importance of diversity. Our aim with this
task. podcast is to show the world that there is
[Dr. Bradford Sims] Your mission to increase indeed a place for everyone in cybersecurity.
diversity in the cybersecurity field, especially [Dr. Bradford Sims] In addition to promoting
for black women, is inspiring. Could you tell us diversity, you're also keen on enhancing
about your experiences as often being the only emotional intelligence in the cybersecurity
black woman in the room and how that community. Can you elaborate on why this is
influenced your decision to join Black Girls in important and how you plan to achieve this
Cyber? goal?
[Tashya Denose] As I progressed in my career, [Tashya Denose] Absolutely. Technical skills are,
it became clear that I was often the only of course, crucial in cybersecurity. However, I
woman, let alone the only black woman, in the strongly believe that to truly excel in our field,
room. This pattern was disheartening and at we also need to foster emotional intelligence.
times, led to feelings of impostor syndrome. I This involves understanding our own emotions
felt a deep-seated need to change this narrative, and those of others, and using this
not just for myself but for all the black women understanding to build better relationships,
who would come after me. Joining Black Girls in manage stress, and make more effective
Cyber felt like the perfect opportunity to make a decisions. As a certified emotional intelligence
difference. As the Brand and Marketing Director, coach, I aim to bring this awareness into the
I am able to use my skills and platform to cybersecurity community and inspire a more
cultivate awareness and champion diversity in holistic approach to our work.
the field. [Dr. Bradford Sims] Tashya, your journey has
[Dr. Bradford Sims] Your advocacy does not been incredibly inspiring… Yet, why cyber?
stop with Black Girls in Cyber. Can you Why not dancing, tennis, soccer, or other
elaborate on the launch of your podcast "Do sports? Where does a place in your heart exist
We Belong Here." and how you became for other pursuits? Because from what I know,
involved with Cyber Florida? you give your all – maybe even more than you
[Tashya Denose] Absolutely. My involvement realize.
with Cyber Florida began through my [Tashya Denose] Smiling…Playing sports is not
connections within the cybersecurity nonprofit my forte; my coordination skills are rather
community. The organization's aim really lacking. While I can manage to dance well
resonated with me as it is focused on paving enough to stay on beat, entrusting me with the
pathways into cybersecurity for women, task of throwing a ball would not end well.
minorities, veterans, first-responders, and However, it is within the realm of cybersecurity,
career changers. I saw this as a perfect I have discovered a fulfilling path where I can
opportunity to participate in their mission, contribute my creative thinking, problem-solving
which is so closely aligned with my personal skills, and compassion. It empowers me to
passion for inclusivity in this field. The idea of make a meaningful impact, safeguarding
the podcast, "Do We Belong Here," came from individuals, organizations, and societies from
this shared vision of promoting diversity in digital threats.
[Dr. Bradford Sims] Now imagine a world [Tashya Denose] My family brings me
without digital technology – a world where unparalleled joy. There's no greater pleasure
children are given kites to fly and balls to play than returning home to a haven filled with love.
with. What would your role be in such a world? Often, when I open the door, I'm greeted by the
What activities would you engage in? heartwarming sight of my 10-year-old son and
[Tashya Denose] If I were living in a non-digital husband unwinding on the couch, engrossed in
world, it's likely that I would have pursued a a football (soccer) match. Meanwhile, my 3-
career as a drama teacher. The prospect of year-old daughter eagerly rushes towards me,
being immersed in an environment full of leaping into my arms. The feeling of
creativity is intriguing to me. As a drama unconditional love envelops me, creating an
teacher, I would relish the opportunity to indescribable sense of bliss.
nurture the imaginative spirits of my students, [Dr. Bradford Sims] Back to the cyber realm. Is
guiding them to explore the depths of their it really secure or insecure?
emotions and the boundless possibilities of [Tashya Denose] It's both, the field of
storytelling. Witnessing their growth, would be cybersecurity is dynamic. As new technologies
rewarding. are developed, both adversaries and
[Dr. Bradford Sims] Alright!.. here comes practitioners engage in a constant cat-and-
Netflix. What would they film about you? What mouse game. Adversaries seek to uncover
would the world come to know about Tashya weaknesses for their own gain, while
Denose? practitioners work to identify and address
[Tashya Denose] My film would highlight my vulnerabilities before they can be exploited. This
multidimensionality with a passion for various ongoing cycle underscores the importance of
interests and pursuits. Technology fascinates proactive security measures and staying vigilant
me, as I find joy in exploring its advancements in the face of emerging threats.
and understanding its impact on our lives. [Dr. Bradford Sims] Tashya, your journey has
Fashion is another realm that captivates me, been incredibly inspiring, filled with grit,
allowing me to express my creativity and sense determination, and an unwavering commitment
of style. Beyond these domains, my heart is to promoting diversity and inclusion. As you
deeply rooted in my family, and their happiness continue on your path, what is the one
and well-being are paramount to me. message you would like to leave with aspiring
But there's more to me than just these cybersecurity professionals, especially those
individual facets. It's my mission to create from diverse backgrounds?
meaningful connections with the people I [Tashya Denose] The message I'd like to impart
encounter, to touch their lives with love and is that there's a place for everyone in
empathy. Whether it's through acts of kindness, cybersecurity. Regardless of your background,
lending a listening ear, or simply offering your gender, your race, there's room for you
support, I strive to make a positive impact and here. And not just room, but a need for your
ensure that others feel cared for. This dedication unique perspective and skills. Don't let anything
to spreading love and compassion is an integral hold you back. Pursue your dreams with
part of who I am and how I navigate the world. courage, equip yourself with the necessary
[Dr. Bradford Sims] Who greets you behind skills, and never forget the importance of
your door when you come home? A few words emotional intelligence in making a real impact.
about your family that would inspire the young
women in the cybersecurity domain, please.
[Dr. Bradford Sims] And finally, a few words to those who will be leaders shaping the destiny of
young girls?
[Tashya Denose] Be bold and cultivate self-love. Once you truly comprehend your own identity, you
will acknowledge that you not only belong in cyber but also deserve to be here. It's vital to establish
connections with your allies, sponsors, and mentors, as each of these roles will contribute uniquely to
your success.
Challenges will arise along the way. However, you possess the resilience to overcome them.
Remember that even the most confident individuals on Earth have experienced moments of
uncertainty and had to "fake it" to persevere. By staying true to yourself, acknowledging your worth,
and seeking support from those who can guide and uplift you, you will continue to progress. Embrace
the journey, embrace the growth, and let your authentic self-shine through.
They understand the potential consequences of The very qualities that facilitate positive team
unauthorized disclosure or breach of interactions become instrumental in advancing
confidential information such as reputational threat analysis. This dynamic industry also
damage, financial losses or legal liabilities. requires the ability to adapt, handle stress and
Empathy and social skills serve as catalysts for the unwavering ability to maintain composure in
forging meaningful connections and challenging situations is vital. In the face of
understanding of the diverse perspectives held such demanding circumstances, the ability to
by colleagues and stakeholders alike. It is rooted self-regulate emotions emerges as a powerful
in the capacity to comprehend and share the tool.
feelings of others. Cybersecurity professionals It enables professionals to maintain composure
play a vital role in educating and raising and make sound decisions even amidst chaos.
awareness among users about safe online Professionals equipped with strong self-
practices and potential threats. These skills are regulation skills rise to the occasion, effectively
essential when delivering training sessions or manage conflicts, display the capacity to
creating awareness campaigns. By delayed gratification and make thoughtful
understanding the perspectives, needs and decisions grounded in reason rather than
challenges of non-technical users, professionals impulsivity.
can tailor their approach to how they Failures, setbacks and heartbreaks are an
communicate complex concepts effectively and inevitable part of cybersecurity. Professionals
how to address any concerns or encounter breaches, vulnerabilities and
misconceptions with empathy and patience. unsuccessful attempts to mitigate risks. In such
Also, honing empathy and social competences situations they must maintain resilience.
can unlock a multitude of benefits. Not only Motivation is the internal drive that directs and
does it propagate harmonious interoffice energizes a person to push through. It is that
relationships, but they also gain a unique and little voice inside that tells you that you can do
invaluable perspective when analyzing cyber it, forcing you to persevere. Cybersecurity
threats. Hackers, with their multifaceted analysts can learn from failures, adapt their
backgrounds and motivations, require a strategies and remain motivated to persist in
nuanced understanding that transcends mere their efforts to strengthen security measures
technical proficiency. and prevent future incidents.
By recognizing the significance of these core Operating from a limited vantage point hampers
components, organizations should provide the overall objective of effectively mitigating
cybersecurity professionals with invaluable cyber risks
tools for success. Cyber leaders must Diverse perspectives are critical for eliminating
assume a pivotal role in cultivating an the biases that are prevalent in AI algorithms or
environment that nurtures employee other technological systems. Addressing these
development. This entails providing biases requires a multifaceted approach. It
comprehensive training programs, offering involves diverse representation throughout the
mentorship opportunities, and allocating entire technology development lifecycle, from
resources that facilitate the enhancement of designing algorithms to training data sets,
testing and deployment. This includes ensuring
emotional intelligence skills.
that diverse voices are heard in decision-making
By investing in the growth of their processes and that biases are actively identified
cybersecurity workforce, organizations can and mitigated during the development and
harness the full potential of these implementation stages.
professionals to ensure they are equipped to To bridge this gap, organizations must execute
navigate the intricate and ever-evolving strategies that are aimed at attracting, retaining,
cybersecurity landscape with confidence and and advancing diverse talent in the
efficacy. cybersecurity field. This includes partnering with
nonprofits aimed at resolving these issues,
Diversifying Thought promoting inclusive hiring practices,
Elevating the mental aptitude of the workforce establishing mentorship programs, providing
on an individual level is undeniably crucial in targeted support and resources and promoting
strengthening a cybersecurity organization. a culture that values and celebrates diversity.
However, it is equally imperative to emphasize This leads to enhanced innovation, stronger
the significance of establishing a workforce that defenses, and a positive and inclusive work
mirrors the diversity of the population it seeks environment. By championing these values,
to safeguard. Numerous studies have organizations not only contribute to a more
highlighted the underrepresentation of ethnic equitable society but also establish themselves
and gender groups within the field. A study as leaders in the realm of cybersecurity.
conducted by Gitnux.com reveals that women
comprise only a small fraction of the Prioritizing the Business
cybersecurity workforce, accounting for 24 Cyber leadership has the responsibility of
percent. Sadly, the breakdown by ethnicity is mobilizing and fully equipping their workforce
equally disheartening: Blacks only represent 9 with a comprehensive strategy. They must
percent, Asians 8 percent and Hispanics 4 always keep in mind that a cybersecurity
percent. These statistics are the glaring strategy is ineffective unless it incorporates the
representation of the pressing need for a more priorities of the business. Unfortunately, many
diverse and inclusive cybersecurity workforce. security professionals become so laser-focused
Each person has a unique life path, with on implementing technical protections that they
experiences that shape their perspectives and neglect to consider the needs of the business,
insights. By harnessing a multitude of thereby hindering productivity. The most
perspectives, organizations can expand the effective cyber strategist understands the
collective intellectual capital within the importance of striking a balance between
cybersecurity community. security and operability.
This approach ensures that security measures For success, two crucial actions must be taken;
do not impede the organization's ability to fulfil leadership must establish the foundation for a
its mission. security mindset within the organization, and
To begin, it is crucial to identify the the cybersecurity team must promptly follow
organization's "Crown Jewels" which are the with the promotion of awareness and training.
most valuable assets from a cybersecurity By helping employees understand various types
perspective. Depending on the organization, of cyber threats like phishing, social
these could include intellectual property, engineering, malware and data breaches, they
customer data, financial data, business become more aware of the risks involved and
strategies and the organization's infrastructure are better equipped to avoid potential security
and systems. These assets are often the incidents.
primary targets of cyberattacks and hold Furthermore, encouraging employee
significant importance for the organization's engagement and accountability in cybersecurity
operations, reputation and competitive practices strengthens the organization's
advantage. defense. When individuals feel empowered and
Once the "Crown Jewels" are identified, it responsible for their role in security, they
becomes the goal of the security team, along become active contributors to the overall
with their business partners, to allocate the security posture. By fostering a sense of
necessary resources to protect them. ownership, organizations enhance their
resiliency against potential breaches.
This approach involves aligning cybersecurity
goals with organizational objectives, conducting A mature cyber organization not only protects
risk assessments based on the impact on the and engages with the business but also
business and incorporating regulatory and understands the value of adopting a structured
compliance requirements. By embracing this approach to cybersecurity.
approach, security teams can establish a They provide clear guidance on risk
resilient defense that effectively safeguards the management, compliance with regulations,
organization's interests while supporting its consistency in security practices, continuous
overall mission. This not only increases the improvement and building increased stakeholder
likelihood of successful implementation but also confidence. This is accomplished by utilizing a
promotes user adoption and fosters a culture of tailored approach to cyber governance. The
security awareness, responsibility and team selects a framework based on their
prosperity throughout the organization. business type and serves as the vehicle for
communicating, thus normalizing the security
Creating a Culture of Cybersecurity Maturity culture throughout the organization.
Implementing security across an organization Each organization has its own unique needs,
requires a cultural shift. The objective is to risk profile, industry-specific regulatory
educate both technical and non-technical users requirements, and resource availability. These
so that prioritizing security becomes ingrained factors play a significant role when selecting a
and second nature. It is pivotal for cybersecurity cybersecurity framework. Leadership relies on
teams to obtain leadership’s buy-in to establish the cybersecurity team to effectively measure
a top-down approach that sets the tone for the and assess the organization's security posture
rest of the organization and emphasizes the based on the chosen framework, thereby
importance of safeguarding digital assets. enabling informed decision-making.
Similarly, just as different layers of skills exist • ISO 27001: This international standard
within the cyber workforce, effective teams may provides a comprehensive framework for
layer multiple frameworks to comprehensively establishing, implementing, maintaining,
assess the security posture and address diverse and continually improving an Information
security challenges. Security Management System (ISMS). It
Listed below are a few examples of frameworks provides a systematic approach to
available to businesses. managing security risks and ensuring the
confidentiality, integrity, and availability of
• NIST Cybersecurity Framework (CSF): information assets.
Developed by the National Institute of https://www.iso.org/isoiec-27001-
Standards and Technology (NIST), this information-security.html
framework provides a risk-based approach
to managing cybersecurity risks. It consists • PCI DSS (Payment Card Industry Data
of five core functions: Identify, Protect, Security Standard): This framework is
Detect, Respond, and Recover. The NIST specifically designed for organizations that
CSF is widely adopted across industries and handle credit card transactions. It outlines a
is suitable for organizations of all sizes. set of requirements to ensure the secure
https://www.nist.gov/cyberframework handling, processing, and storage of
cardholder data.
• NIST 800-53, Security and Privacy Controls https://www.pcisecuritystandards.org/
for Federal Information Systems and
Organizations provides a comprehensive set • HIPAA (Health Insurance Portability and
of security controls and guidelines for Accountability Act): HIPAA is a regulatory
federal information systems and framework that sets standards for
organizations to protect their sensitive protecting sensitive health information in
information and ensure the confidentiality, the healthcare industry. It includes
integrity, and availability of their systems requirements related to data privacy,
and data. security safeguards, and breach
notification.
https://www.hhs.gov/hipaa/index.html
Meet us at…
Les Assises de la Cybersécurité 2023!
Alchemy of Defense: Tools and Techniques Collaboration and Information Sharing: Cyber
alchemists recognize that the battle against
Just as alchemists once sought to transmute
cyber threats cannot be fought alone. They
base metals into gold, cyber alchemists strive to
actively engage in collaborations with industry
transmute threats into fortified defenses. They
peers, security researchers, and law
employ a range of tools and techniques to
enforcement agencies. By sharing information
achieve this transformation.
and insights, they build a collective defense
Threat Intelligence: Cyber alchemists delve against common threats, fostering a culture of
deep into the dark corners of the internet, collaboration that benefits the entire
gathering intelligence on emerging threats, cybersecurity community.
malicious actors, and new attack vectors.
Dr.K.V.N.Rajesh, India
Dr.K.V.N.Rajesh is a highly qualified and certified Microsoft Trainer who currently serves as a Subject
Matter Expert at CloudThat. His expertise is centered around various aspects of Azure Security,
including Identity & Access Management, Information Protection, Microsoft 365 admin center,
Defender Suite, Microsoft Cloud App Security, and other security operations.
With his extensive hands-on experience in these areas, he specializes in providing tailored training to
meet the unique needs of clients and organizations in technical training settings such as Corporate,
Online, and Classroom environments. He is truly passionate about technology and continuously keeps
up with the latest trends in the industry, as evidenced by his demonstrated skill set in Microsoft 365
Security, Azure AI, and Deep Learning.
With over 18 years of experience in training, he has imparted his knowledge and skills to over 10,000
participants in his career. He holds both a B.Tech and M.Tech in Computer Science and has completed
his Ph.D in the area of Deep Learning, highlighting his advanced expertise in the field of technology.
His passion for technology and training is evident in his impressive track record and dedication to
providing top-quality education to his clients and students. He has been recognized with numerous
awards, one of which includes winning the Microsoft Blogathon in 2022.
The government of Albania recognizes the Both the FBI and Microsoft's DART teams
potential cyber threats faced by its citizens, concluded that Iranian intelligence was
businesses, and organizations and is taking responsible for this attack. This is an attack we
the appropriate actions to protect against attributed to Iran based on facts. We can all
them. Cyber security has become a top learn something from this.
priority for the government, as evidenced We acknowledge the role that our international
by the recent introduction of a cyber partners played by providing technical
security strategy designed to bolster the resources, expertise and training afterwards.
country's defences. Through collaboration, we were able to respond
This strategy calls for the implementation of quickly to cyber threats and to coordinate our
advanced technologies to enhance detection strategies in order to minimize the damage as
and prevention capabilities, as well as increased much as possible. This was done through the
empowerment of citizens, businesses, and establishment of effective communication
organizations in order to build cyber resilience. networks and continues coordination.
The government is also engaging with To date, we are closely cooperating with the US
international partners to foster more secure State Department, the EU Delegation in Albania,
communications and to better share intelligence the State of Israel, NATO, OSCE, United Arab
on threats. Emirates, as well as other National Authorities
Making Albania the safest place to live and do for Cyber Security around Europe, through a
online business is more important than ever at Memorandum of Understanding to exchange
a time when there are severe threats to global best practices, share resources and increase
economic stability and security. The networks cyber capacities in Albania.
that bind us together and improve our lives on Along with more conventional means of
an economic and social level must be diplomacy and statecraft, Albania’s cyber
trustworthy. Thus, everyone should care about capacities will be crucial in safeguarding
cyber security. national security and prosperity in these
When considering the big picture, it is evident challenging times. We must step up our
that dangers from cyber threats are diversifying efforts to ensure that Albanian organizations and
and changing. More countries are developing the government increase their levels of cyber
their cyber capabilities, and more non-state resilience in order to strengthen present
entities are joining the struggle. The cyber defences. To stay ahead, we must continually
threats we all face are affected by these re-examine and rethink cyber security.
elements and more. And AKCESK is doing precisely that. The goal is
In July 2022 we had a large-scale sophisticated to reach a better understanding of cyber
cyber-attack. It was very disturbing because for security at the national level. For instance,
weeks it was an incredible war going on online, AKCESK is empowering people and
24/7, many people were dedicated to fighting organizations with the knowledge they need to
them back. We managed to survive this attack stay safe online, especially against ransomware
without letting them do what they wanted to do. attacks, through the National Cyber Awareness
We conducted an extremely thorough analysis. programs.
A National SOC would also enable Albania to tap Albania’s resilience, stopping hundreds of
into the technical expertise available within the thousands of attacks upstream while
region and make use of the collective bolstering preparedness and helping
intelligence to detect, contain, and respond to Albanian institutions and organisations better
any potential threats. Having a well-developed understand the nature of cyber threats, risks
National SOC will also allow the Albanian
and vulnerabilities downstream.
government to gain more visibility into cyber-
related activities and detect threats before they
Capacity building and International
have time to cause real damage. It would also
help build trust with foreign partners and serve
Cooperation
as a reliable source of cyber security Cyber security is an increasingly important
information and expertise. issue in Albania, as the country is becoming
increasingly connected to the internet. The
Last but not least, having a well-developed government is well aware of the need to
National SOC in place would be essential for the enhance cyber security capacity in the country,
development of a strong international security and there are several initiatives underway to
strategy in Albania. address the issue.
Establishing MISP, Arctic, Shadow Server Overall, the Government is taking a multifaceted
AKCESK is recently working on the approach to cyber security capacity building in
implementation of MISP, Arctic, and Shadow Albania and is investing in various cybersecurity
Server to respond to cyber security incidents. initiatives, including improved legislation, and
These are newly established systems that resources.
provide tracking, analysis, and automation There is also in place a five-year cyber security
capabilities to allow us to quickly and efficiently strategy, which has the goal of creating a safer
assess incidents, identify threat actors and cyber ecosystem in Albania. The strategy
develop countermeasures. includes cyber security initiatives such as
Through these systems, we are able to collect, training, education, and awareness campaigns,
analyse, and share data across our global as well as encouraging digital literacy among
network. This helps us ensure that any incident citizens. On the other side, we know well that
is addressed quickly and thoroughly and that international cooperation in cyber security is key
the risk of future similar incidents is minimized. to protecting individuals, businesses and
governments, and is essential to ensuring a safe
In a long term, the monitoring systems will enable
and secure digital world. To ensure the highest
significant progress in bolstering
levels of security, governments need to work
closely together and share best practices.
Finally, it will take decades for the current global
changes to stabilize. Although I cannot foresee
the future, I can state with certainty that cyber
and cyber security will remain essential to the
success of our country.
The Albanian government and we at AKCESK are
committed to working tirelessly to make sure
that the nation's cyber security is up to the
challenges of the future.