Secret CSO: Lena Smart, MongoDB

What advice would you give to aspiring security leaders? “Learn, keep learning, and teach others.”

secret cso lena smart mongodb 1200x800px 01

Name: Lena Smart

Organisation: MongoDB

Job title: Chief Information Security Officer (CISO)

Date started current role: March 2019

Location: New York, NY

Lena Smart joined MongoDB with more than 20 years of cyber security experience. Before joining MongoDB, she was the Global Chief Information Security Officer for the international fintech company, Tradeweb, where she was responsible for all aspects of cybersecurity. She also served as CIO and Chief Security Officer for the New York Power Authority, the largest state power organisation in the country. Smart is a founding partner of Cybersecurity at MIT Sloan, formerly the Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity, which allows security leaders in academia and the private sector to collaborate on tackling the most challenging security issues.

What was your first job? In a shoe shop. I worked as a “Saturday Girl” from the age of 14, selling shoes.

How did you get involved in cybersecurity? Good luck and good support from bosses who saw that I loved to learn.

What was your education? Do you hold any certifications? What are they? Left school on my 16th birthday and didn’t get the chance to attend University. I hold: CISSP, CISM, CISA, CRISC, CCISO, GCIH

Explain your career path. Did you take any detours? If so, discuss. Age 16: Office junior - making tea in a lawyer’s office; Age 17 - 21: Had various different jobs, including Her Majesty’s Civil Service in the UK; Age 21 - now: Bought my own computer (Amstrad 1640) age 21 (saved for 2 years!) Started to teach myself how to use computers and had various bosses who saw my aptitude for self-learning and encouraged me to learn about networks etc. First full-time security role - at New York Power Authority, but most of my roles over the past 25 years have had a modicum of security involvement.

Was there anyone who has inspired or mentored you in your career? No one person in particular. I’ve been blessed with bosses who supported my learning and gave me training and time to explore the security world.

What do you feel is the most important aspect of your job? Mentoring my team and others and explaining cybersecurity to senior management, making them aware of risks and how we are handling those risks.

What metrics or KPIs do you use to measure security effectiveness? I use the NIST CSF to help with this. People, process, technology - the usual measurements. One example: phishing. If I have a phishing exercise rollout in January, and 30% of people “click the link” then I know I have training awareness shortfalls. So I have training classes in security awareness with phishing. We re-do the phishing exercise 2 months later and the click rate is down to 10%. Now, I know this isn’t an exact science, and it is very dependent on the phishing topic, but you get my point.

Is the security skills shortage affecting your organisation? What roles or skills are you finding the most difficult to fill? It is affecting everyone. Detection and Response Engineers are hard to find.

Cybersecurity is constantly changing – how do you keep learning? I read - as much as possible. My latest book is “the 5th Domain” by Richard Clarke. I also rely on my team to keep me updated with interesting security news.

What conferences are on your must-attend list? MongoDB World and our global MongoDB.local events, MIT CAMS.

What is the best current trend in cybersecurity? The worst? Best - making everyone aware of their role in cybersecurity. Worst- taking for granted that everyone is aware of their role in cybersecurity.

What's the best career advice you ever received? Don’t listen to people who said I couldn’t do something. 

What advice would you give to aspiring security leaders? Learn, keep learning, and teach others.

What has been your greatest career achievement? Becoming CISO at MongoDB.  This is an amazing place to work, and I’ve been given the chance to build a World Class Security Team at one of the most exciting Companies on the planet!

Looking back with 20:20 hindsight, what would you have done differently? Nothing.  Regret is a complete waste of time.

What is your favourite quote? Quis custodiet ipsos custodes - who watches the watchmen.

What are you reading now? I usually have 5-6 books on the go. Just got The 5th Domain by Richard Clarke so started that last night (July 16th) Also reading: Deep Thinking - Garry Kasparov. The History of Chess in 50 moves - Bill Price. Code Girls - Liza Munday The Enemy of the People - Jim Acosta

In my spare time, I like to… play cello (badly).

Most people don't know that I… love to grow vegetables but hate to eat them.

Ask me to do anything but… eat brussels sprouts.