Protecting data is everyone’s responsibility, according to Diana Greenhaw who followed a nontraditional path into the security space. In this month’s blog series, Greenhaw explains why you don’t have to be an information technology expert to work in cybersecurity.
How long have you been at Visa and what is your role?
Diana Greenhaw: I have been in risk since joining Visa 13 years ago. I’ve had several different jobs within the risk team working with merchants, financial institutions and processors.
How did you get started in cybersecurity? What led you to that career choice?
Diana Greenhaw: I got started in cybersecurity a little differently than most people. My background is in public relations and client relations. I have 13 years at Visa and about 20 years total in the payments space. Prior to coming to Visa, I worked for some very large banks and, at that time, we were just starting to experience data breaches, mass data breaches. And, no one really knew where that was coming from or what the trend was that was changing. We were starting to see fraud coming from places we hadn’t seen it before and figuring out that this was the result of criminals stealing data – payment data – from merchants as it was being processed and from within their environment. I managed relationships with clients of the bank. I managed relationships with the different payment brands that the banks used. And so, as a result of this new trend, I started working on data breaches and figuring out what was happening. That was really my path into this space. I was a payments expert but not necessarily a cyber expert. But, because that was the trend of risk, that’s kind of what led me to where I am today.
What do you see in the future for women in the cybersecurity industry?
Diana Greenhaw: I think that for women in cybersecurity, and for anyone in cybersecurity, there is a lot of opportunity. It’s a very dynamic space. It is something that people are paying more attention to in every industry. I think cybersecurity opportunities for women are limitless. I think that’s the case for anyone. It’s not limited to women. Cybersecurity is top-of-mind for IT professionals, but it’s top-of-mind for people across their organizations, too. It’s not limited to payments. Cybersecurity is everywhere. You’re hearing about it every day in every industry and I don’t think that you must think about it from an IT perspective. I don’t have an information technology background and so I think that the opportunities can come from anywhere.
What advice would you give to young women who are interested in a career in cybersecurity?
Diana Greenhaw: If I was giving advice to young women who have an interest in cybersecurity, I would say don’t feel limited by a specific industry. Don’t feel limited by a specific segment even within a company. You don’t have to be in information technology to work in cybersecurity. I’ve got a background in public relations and client relationship management and found my way into cybersecurity, specifically payment security. I think that, because it is important across an industry today, you must be creative. You can be creative about where you can make an impact from the perspective of cybersecurity. And so, all those IT and information security people, they understand cybersecurity. But it’s just as important for people around your organization to have a good understanding of what cybersecurity means and how they can contribute to an organization’s protection of information. If you are part of the education system, you can talk about cybersecurity. If you’re part of client relations, you can help clients understand what their opportunities are to improve their own cybersecurity. I think the most important thing is don’t feel boxed into a corner regarding opportunities for working in that space.
What aspects of your job do you enjoy?
Diana Greenhaw: The thing I like most about my job at Visa is that I work directly with clients. Visa is a world-wide brand and so I have had the opportunity, during my 13 years at Visa, to travel all over the world. I go to places I would’ve never thought I would go to meet people from all over the world and to make a difference. Payments and cybersecurity are opening commerce around the world and so it’s exciting and fun to be a part of that.
What value does the Board of Advisors contribute for PCI SSC?
Diana Greenhaw: The Board of Advisors is a very important part of the PCI Security Standards Council because they are the constituents. They are representatives of the constituents that PCI SSC is trying to work with around the world. They represent every industry in payments. They represent associations, merchants, financial institutions, processors, assessors, security companies and the Board of Advisors. They are standing up as a representative of their segment and they’re helping to ensure that PCI is developing standards that work for their organizations; that work for the people who work in this space. It’s one thing to have a group of security experts sit in a room and write out a standard and write out requirements for how things need to be protected. It’s another thing to be part of a population that must put those into implementation. Having those voices be able to assist the PCI Council in doing their work is what will make the PCI Council successful. And, it’s what will help drive success and adoption of their standards across all verticals and industries that the Board of Advisors represent.