At the time of writing, there are 714,548 open cybersecurity jobs across the United States, with a supply-to-demand ratio of 66 qualified candidates to every 100 open positions.
But database-as-a-service provider MongoDB Inc. has no issue finding trained applicants when there’s an opening on its security team.
“We have the Champions Program,” said Lena Smart (pictured), chief information security officer of MongoDB Inc. “So, the minute one of my jobs goes on the board, they get first dibs at it … [and] there are ripple effects out from over a hundred people internally. I think just having that, that’s been a game changer.”
Smart spoke with theCUBE industry analyst Dave Vellante at AWS re:Inforce, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed MongoDB’s Security Champions Program, Smart’s fiscally responsible attitude toward security, and how keeping ahead in security requires a “meerkat attitude” to watch what could be on the horizon. (* Disclosure below.)
MongoDB builds an in-house, interdepartmental team of security volunteers
MongoDB’s Security Champions Program was created out of Smart’s desire to help underrepresented groups advance in their tech careers, but it’s turned into a win-win-win situation for the security department, the company and employees.
There’s no bar to entry for the program, which is open to anyone in any position across the company. Currently, over a hundred MongoDB employees are taking part, and they represent every department and every geographical area where MongoDB has a presence. If an employee wishes to learn cyber skills, they simply volunteer to join the Security Champions team (with their supervisor’s approval). Then in addition to their regular responsibilities, they work alongside MongoDB’s security experts, assisting with tasks such as preventing phishing campaigns, testing things like Queryable Encryption, and learning Amazon Web Services toolsets.
The program flips the security paradigm by turning employees from a security liability into an asset, generating a culture of security awareness within MongoDB, according to Smart. It also builds an in-house pool of security skilled employees that jump at the chance to join Smart’s department whenever there’s an opening. And it gives the security team an awareness of operations across the company and breaks barriers between departments.
“We have people who have such an in-depth knowledge in other areas of the business that I could never learn, no matter how much time I had,” Smart stated. “To have that scope and depth of people with long tenure in the company, technically brilliant, [that] really want to understand how they can apply the cultural values that we live with each day to make our security programs stronger … that’s been a game changer for us.”
Strong partnerships and fiscal responsibility mark Smart’s security strategy
MongoDB’s executive board is supportive of Smart and her team, and she meets with them regularly to discuss the company’s security needs.
“I actually get their attention for at least an hour once a quarter, which is almost unheard of,” she said.
Her close relationship with the company’s directors, and the fact that many of them serve on other boards, has helped her build a network with other CISOs and share knowledge. She specifically mentioned Dev Ittycheria, MongoDB’s president and chief executive officer.
“Dev is a huge, huge fan of security and [governance, risk and compliance],” Smart said.
Unlike some CISOs who, according to Smart, “have every tool that’s out there ‘cuz it’s shiny and it’s new’ and they know the board is never gonna say no,” MongoDB’s naturally frugal CISO takes a fiscally responsible approach to spending the company’s security budget.
“I always tell my team, treat this money as if it’s your own,” Smart said.
When she evaluates a new tool, she makes a point of speaking to that company’s CISO to ensure MongoDB is getting the best deal. She also proposes partnerships that could mutually benefit both companies. MongoDB’s partnership with Amazon Web Services Inc. falls into this camp.
“[AWS] is very proactive when it comes to where we are from the security standpoint,” Smart said. “When we sit down with them … it is not a conversation that’s a surprise. When I tell them this is what we need, they’re like, ‘Yep. We’re on that already.’”
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the AWS re:Inforce event:
(* Disclosure: This is an unsponsored editorial segment. However, theCUBE is a paid media partner for AWS re:Inforce. Amazon Web Services Inc. and other sponsors of theCUBE’s event coverage have no editorial control over content on theCUBE or SiliconANGLE.)
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.