Voices from Infosec with Niamh Muldoon
Welcome to a special edition of Breaking Badness. In this bonus episode, you’ll hear from Global Data Protection Officer at OneLogin, Niamh Muldoon. Co-hosts Kelsey LaBelle and myself sat down with Niamh to discuss career path, data privacy, and the 2020 COVID-19 State of Remote Work Survey Report.
Niamh Muldoon, OneLogin
In another of our Voices from Infosec episodes, we were delighted to speak with the Global Data Protection Officer at OneLogin, Niamh Muldoon, to cover a variety of topics, including her career path and inspirations, the challenges of data privacy and regulation, a fascinating survey that OneLogin did on remote work—and one outright fabrication! By the way—for those not from Ireland, Niamh is pronounced “Neeve.”
Niamh’s employer, OneLogin, provides identity and access management (IAM) solutions for businesses of all sizes. Throughout our interview, Niamh’s passion not just for her specific work, but for the fundamentals of data protection, came through loud and clear, and she made compelling points about how businesses can and should embrace what may be, for many, some shifts in thinking.
How Niamh Came to Infosec
Like many in the industry, Niamh came into this business via an indirect path. At university, she studied geography and economics as an undergrad and did a post-grad in technology. She actually began as a developer for Lotus Notes (remember that?). But events took over: in the aftermath of 9/11, airport security measures around devices such as laptops put a strong emphasis on secure access to protected resources from mobile devices such as PDAs. Soon she joined a security team for a large Irish bank, working on ways to enable financial market traders around the globe to maintain the security that their work demanded. Later in her career, in an episode that reminded me of the Cold War close call where a flock of geese supposedly triggered a DEW Line radar missile warning, Niamh correctly recognized a swell of traffic that looked a bit like a DDoS as in fact legitimate traffic (just a heck of a lot of it). She made the clutch call not to halt business operations by engaging the DDoS protection. Instead of falling over as two competitors did that day, her company did a brisk business because of her keen decision.
On Her Mentors, and the Shift From IT Security to Data Security
Niamh cites two mentors, one a former COO who supported her interest in security when others saw it as a dead end. The other was the Chief Trust and Security Officer at OneLogin Vanessa Pegueros, whom Niamh originally met when Vanessa was with DocuSign. Anyone familiar with that company knows that its rise was rocket-like, and Niamh’s work, under the guidance of Vanessa, helped that company make that all-important shift to a data security (vs IT security) perspective. Helping the people within various companies make that change has been a central theme in Niamh’s work ever since. She says it’s critically important to “…sit down and understand what they [end users] like doing…if it’s processes, technology, working with people, business processes…we’re all using data.”
The data-first perspective is really an outgrowth of a more important people-first perspective, and several times, Niamh pointed out how critical it is to have a diversity of voices at the table when designing for business needs. IAM as a technology has been around for decades, she said, but it’s only in the last five years or so that the end user has really been a point of emphasis—a shift that has been very positive.
I’m Global, You’re Global, We’re All Global
In thinking about how people interact with data, Niamh observed, “we’re operating around the globe, every single person.” Being cognizant of the implications of this distribution of our data, she pointed out that while industry regulations, customer contracts, laws, privacy concerns, and business needs all are complex and variable, IAM cuts across all of these with its focus on people and data over technology. OneLogin’s embrace of that philosophy is one of the things that drew her to the company.
The State of Remote Work Survey
OneLogin carried out an interesting survey on how businesses are dealing with the security and privacy challenges of the pandemic-forced push to remote and hybrid work models. Among the findings was some definite daylight between the security habits and practices of male- and female workers:
Niamh observed, too, that today’s work environment has created a situation where women often believe that they have to satisfy every item of a job description at an exceptionally high level, where men have been conditioned to take a more causal approach. This causes a deficit in confidence for some women that is undeserved, since they clearly bring a very strong security game in addition to the skill sets they have built along the way.
Two Of These Statements Are True
Yes, the opening of this blog accuses Niamh of lying to us. We won’t keep you in suspense any longer: these were the statements Niamh made to us in our Breaking Badness tradition of Two Truths and a Lie:
- Her first tech job was working for MIT
- Her first security job was in physical security, protecting Bono, his wife, their family, and their two children during a tour of the US one summer
- Her first cybersecurity job was working for Capital Markets, the international trading sector of an Irish bank called Allied Irish Bank.
It wasn’t the statement itself that was the tell. It was the extra level of detail that people tend naturally to insert into lies that gave it away. Niamh did not (unfortunately, because what a great story it would be!) protect Bono and his family. She made the statement convincingly, though!
Niamh is a great ambassador for information security; if you ever have a chance to meet her at an industry event, you’re sure to come away with some valuable nuggets of wisdom. Thank you, Niamh Muldoon, for being a Breaking Badness Voice from Infosec!
That’s about all we have for this week, you can find us on Twitter @domaintools, all of the articles mentioned in our podcast will always be included on our podcast recap. Catch us Wednesdays at 9 AM Pacific time when we publish our next podcast and blog.
*A special thanks to John Roderick for our incredible podcast music!