This month’s Member Spotlight is someone who is no stranger to our RH-ISAC community. She is a member of the RH-ISAC Board of Directors and a frequent contributor to CISO discussions and events. Today we’re highlighting Diane Brown, vice president of IT risk management and CISO at Ulta Beauty.
Diane started her cybersecurity career in 2003 when her CIO needed someone to head up the new security team. At that time, cybersecurity was not yet a priority for most organizations. However, as the world digitalized, Diane began to recognize her interest in this rapidly developing field. She trained on the job, attending information security conferences and webinars. As the internet became an integral part of doing business, it also served as the knowledge base educating those like Diane learning to protect this new frontier.
After several years of learning on the job, Diane decided to pursue a degree in information security. She graduated in 2011, by which time she was more of a teacher than a student as she had more experience than many of her instructors. That additional training proved beneficial as Diane began to take on additional responsibilities, culminating in her recent promotion to VP of IT risk management and CISO at Ulta Beauty. In her role, Diane ensures that the team is adequately equipped to tackle day-to-day projects and long-term company initiatives, she updates strategy and process improvements, and she works to reduce the overall threat landscape. She also collaborates with Ulta’s senior leadership team to promote security awareness across the organization. Diane discusses this project and how building relationships is an integral part of security awareness in RH-ISAC’s podcast episode, Insights from the 2021 CISO Benchmark Report.
For Diane, educating others on the importance of implementing security from the beginning of a project is one of her favorite things about her role. The other is the constantly changing nature of threats. It’s a night and day difference from her previous role in an accounting office where things would remain static for months on end. The monotony didn’t mesh well with Diane’s personal motto that her day is not complete unless she has learned at least one new thing.
Her dedication to education and collaboration makes her a perfect fit at the RH-ISAC. Diane has been involved with RH-ISAC since its inception and can testify to the importance of sharing. At that time, she had a small cyber team and valued the information shared with her by others. Now, as her program has matured, she has been able to return the favor, providing valuable intel and advice about best practices to peers.
“By being a member of this organization, it is like having hundreds of people on your team,” said Diane. “Everyone is willing to step up and answer questions and provide their expertise. We are stronger together.”
Since March is Women’s History Month, we also asked Diane to share some advice for fellow women in cybersecurity who are interested in advancing their careers. Here is what she had to say:
“My advice for women is to not be afraid to take a chance. If I hadn’t raised my hand that day and in the years that followed, I would not be where I am today. The security industry is heavily tilted towards men and having self-confidence in your abilities and not being afraid to speak up is very important. The other thing that is important is building out a network with other security professionals. I am an introvert by nature, and attending events was very difficult for me, so I found one or two security topics that were relevant and studied up on them. [Then at] security networking events, I knew that if I had one or two things that I was very comfortable with, hopefully, the person I am chatting with would also be interested in at least one of those topics.
For women wondering if cybersecurity is right for them, just remember that cybersecurity is not just about technology. If you are one of those people that like to find out why something happened, what caused something to break, and can’t walk away from it until you figure it out, cybersecurity would be a good field for you.”
Check out more women in cybersecurity content on RH-ISAC’s podcast! RH-ISAC’s president, Suzie Squier, interviews Lynn Dohm, WiCyS executive director, to learn how her organization is cultivating a pipeline of talented women.
Interested in joining RH-ISAC’s sharing community? Learn more about RH-ISAC membership on the RH-ISAC website.