Secret CSO: Jameeka Green Aaron, Auth0

Name: Jameeka Green Aaron

Organisation: Auth0, a product unit of Okta

Job title: Chief Information Security Officer (CISO)

Date started current role: March 2021

Location: Irvine California, United States

Jameeka Green Aaron is the CISO at identity company Auth0, which was acquired by Okta in 2021. She has 20 years of experience in the cybersecurity industry including roles at Lockheed Martin and Nike, as well as serving in the U.S. Navy. She is committed to advancing women and people of colour in STEM occupations, working with organisations such as the National Society of Black Engineers, and Women in Science and Engineering.

What was your first job? My first job was in the U.S. Navy, and it was there that I first realised technology might be a possible career path for me. I was a Radioman (RM), and a female recruiter who held the same role told me that I reminded her of herself. I decided to follow in her footsteps, and from there I became an IT specialist. I didn’t know it then, but this would be my introduction to technology, where I’d spend the next 20 years of my career.

How did you get involved in cybersecurity? Early in my career in the Navy, the Radioman role was renamed Information Technology Specialist (IT). I worked in Naval Networks and was responsible for network integration and worked at the Security Operations Center patching Navy printers for the Y2K bug. I realised at that point that cybersecurity was my calling.  

What was your education? Do you hold any certifications? What are they? While I was still in the Navy, I attended community college in San Diego. I earned CompTIA A= & Network+, then MCSA, then CISSP (Certified Information Systems Security Professional) in 2009 at Lockheed Martin, after qualifying for a BSc in Information Technology from the University of Massachusetts at Lowell.

During my five years at Lockheed Martin, in what was then Mission Systems and Sensors, I worked closely with the talent and acquisition team to find and retain women within the security team which included industrial, physical, and information security, eventually building out an award-winning team that was 80% women. That’s where I began my journey with mentoring, championing, and encouraging women and people of colour to pursue careers in technology, engineering, and security, and see themselves in careers and leadership positions they may not have otherwise even thought existed.

Explain your career path. Did you take any detours? If so, discuss. My career has definitely been eclectic - I’ve worked in the military, retail, apparel, manufacturing and now IDaaS/CIAM! But this wasn’t an accident; I knew these roles would help to grow my knowledge and expand my horizons. My cross-industry knowledge has become my secret weapon, I am now a well-rounded CISO and CIO. I’ve also been lucky enough to work for world-leading companies, but I think my current job is the most exciting part of the journey yet.

Was there anyone who has inspired or mentored you in your career? I have had a lot of mentors at various critical points in my career, and they have all been women. One of my first bosses in the Navy was a female Chief Petty Officer - Deborah Wheeler, who I really owe a lot - she helped guide my career for eight years. Chief Wheeler was a huge influence on me, but I absorbed valuable lessons from every leader I’ve had along the way, good or bad.

What do you feel is the most important aspect of your job? Identity is personal and it’s important to the way we work and live today, and safeguarding that is a very exciting space to be working in right now. Auth0 and Okta are creating the future of digital identity and constantly innovating to meet the needs of our customers and industry. My team which includes, compliance, detection and response, and privacy, will need to continue to move at a rapid pace to ensure our technologies enter the marketplace seamlessly and more importantly, securely.

What metrics or KPIs do you use to measure security effectiveness? I lead a Governance, Risk and Compliance team that continuously measures and validates risk against industry standards. I also have KPIs that measure both visibility and observability. We cannot protect what we cannot see - visibility. Once we see it, we leverage really smart people, machine learning and analytics to assist with protecting - observability.

Is the security skills shortage affecting your organisation? What roles or skills are you finding the most difficult to fill? The entire industry is challenged with finding security professionals, from detection and response to security engineering to privacy and compliance, we are all short staffed. We have to look everywhere, from adjacencies like IT to creative fields like marketing, the talent is out there. One of the things I really love is how Auth0 and Okta are working with organisations such as Girls in Tech and the Black Professionals in Tech Network to address the talent gap by supporting underserved groups. To help shrink the skills gap, we need to not only address the lack of women coming into STEM careers, but also how to retain the women that are already there.

Cybersecurity is constantly changing – how do you keep learning? I learn something new every day. The cloud is constantly changing - the threats we face are not hugely different from what we’ve seen in previous years: from social engineering to bot detection mitigation to cloud computing vulnerabilities. But the way we work has changed completely: COVID caused this accelerated shift towards remote working and brought new challenges in terms of controlling who has access to what. As a team and as a business we therefore need to keep evolving with our customers and the threat landscape. Ensuring we are at the forefront of identity and security for our customers.

What conferences are on your must-attend list? I just wrapped up RSA a few weeks ago, and with a realigned focus on Identity, it’s on the must attend list. Obviously, I’d say that Oktane which is coming up this November should be on everybody’s must-attend list! Okta Forum Europe was a big success earlier this summer, and I’m looking forward to sharing more big ideas at Oktane. Finally, the Executive Womens Forum is a personal favourite, designed specifically for women in information security, risk and privacy.

What is the best current trend in cybersecurity? The worst? Security is still too often seen as an afterthought by businesses. This leads to all sorts of challenges, companies are not implementing the right technologies, in a secure manner to successfully fend against attacks. We should be investing in “As a Service”. Understanding what your team does well, and leveraging Software, Infrastructure, or Identity as a service is not only a good investment, it is a decision that will move business forward at the speed of innovation. We should look at the gaps in our organisations and find collaborative solutions and partnerships that allow our teams to get laser-focused on what we actually do well.

Furthermore, adding awareness training courses for employees can be a highly effective way to boost cybersecurity right across an organisation. It’s a method that’s been used in Germany for years. Humans might be the ‘weakest link’ when it comes to security, but they’re also a powerful defence given the right training.

The worst? Probably the mistakes that companies still make, even after all these years, like failing to manage permissions and access properly.

What's the best career advice you ever received? Seize every opportunity possible to grow and learn. Your career journey is whatever you make it to be, and progress can be achieved in many ways other than receiving a promotion.

What advice would you give to aspiring security leaders? One of my passions for the security industry is to see more women around the boardroom table and at an executive level. Our industry is still largely dominated by men, but one of the factors that really helped me get to where I am today is having a strong group of mentors and champions that I could turn to throughout critical points in my career. I would advise any female looking to obtain a C-level position to surround herself with a similar group of mentors and champions that they can lean on, and who will provide opportunities to grow and succeed.

What has been your greatest career achievement? In terms of big moments, it would be hard to compete with the launch and re-entry of the Orion ETF-1 capsule in 2014. My team ensured the software on board was secure. Because I had spent so long working in the U.S. Navy, it felt like I had come full circle.

I also have a strong commitment to equality, and I’m very proud of the work I’ve done in championing underserved communities. I have expended a lot of effort in trying to create a welcoming environment in the STEM workforce for women and people of colour and have spent years working with organisations that help to uplift communities that are underserved in STEM.

Diversity of thought is so important, and that’s impossible without diverse people.

Looking back with 20:20 hindsight, what would you have done differently? If you asked that before I turned 40, I would’ve had a long list of things I’d have done differently. Now, I wouldn’t change a single thing. I recognise the value of each of my career decisions and understand that the role that I have today as CISO, is the culmination of those decisions.