If you’re a cybersecurity professional, odds are you’ve worked alongside experts in a number of fields. Security is so tied up in day-to-day operations that it’s nearly impossible for IT teams to stay in their bubble.
One type of professional you might run into is someone from insurance—like Nadine Moore, managing director and partner at Boston Consulting Group. Moore combines her insurance expertise with cybersecurity knowledge.
“Working in an industry based on risk, having a network [or] systemic thinking frame in that sector, and then having a lot of technology experience brought me to this place where I’m oddly qualified to do my job,” she told IT Brew in December.
Background information. Insurance has been top of mind for some IT execs as costs are rising in the face of increased attacks. As IT Brew reported, a recent report from Coalition, a provider of cyber insurance, raised concerns over the cost of a spike in ransomware breaches.
IT Brew spoke to Moore last year at CES, where she explained that institutions looking to prioritize security will need to put their money where their mouth is. “You need to take a fresh look at, ‘What am I doing? Am I getting the risk-return trade-off for those investments? And now that I have these new things I have to think about, if I have $1, where am I going to put it?’” Moore said at the time.
IT bio. A former network engineer, Moore was already working in the insurance industry when she became interested in cybersecurity. Around nine years ago, she told IT Brew, she was offered the opportunity to work on improving security at the company she was working for; her first project was testing the NIST framework of the company’s controls with a red team. The experience had her hooked.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
“It wasn’t an academic exercise at all,” Moore said. “It was real.”
From there, she moved to more security and fraud detection work. She was a voracious reader of content related to the field, devouring books on computer fundamentals and data. It was a natural fit for someone with her systemic style of thinking, she said, and opened the door to starting to think like an attacker—using her mind as a red team.
“That’s how adversaries think, they’re thinking about the system or the processes in terms of exploitation for financial gain,” Moore told IT Brew. “Typically, I’m not thinking that way, but I can.”
Personality counts. She’s taken that central focus of continuing education—“lifelong learning”—into her interactions with teams across the industry, internal and external. Moore said she looks for people who not only have something to teach but who are open to learning, creating an environment where the priority is understanding the entire system and then working to adjust it from a place of full context.
When working with IT teams—when working with anyone—Moore said she looks first for “intangibles” like how people work with others. A sense of fairness is important, she continued, as is a fun and collegial atmosphere.
“There are times where it’s going to be a grind,” Moore said, adding that “also we should decompress and understand who each other is.”