Secret CSO: Dana Louise Simberkoff, AvePoint Inc.

Secret CSO: Dana Louise Simberkoff, AvePoint Inc.

Name: Dana Louise Simberkoff

Company: AvePoint Inc.

Job title: Chief Risk, Privacy and Information Security Officer

Date started current role: 7 years

Location: Jersey City, New Jersey

Dana Louise Simberkoff is the Chief Risk, Privacy and Information Security Officer at AvePoint, responsible for AvePoint's privacy, data protection, and security programs. She manages a global team of subject matter experts that provide executive level consulting, research, and analytical support on current and upcoming industry trends, technology, standards, best practices, concepts, and solutions for risk management and compliance.


What was your first job? My first job out of law school was working for a software company with a focus on regulatory compliance. I had the opportunity to become deeply immersed and well-versed in supporting the privacy and operations security programs of many of our corporate and public sector clients.

How did you get involved in cybersecurity? Initially, I became involved in cybersecurity when my organisation was tapped to work on operations security projects for a number of our U.S. Department of Defense (DoD) customers. I was asked to extensively research and become the subject matter expert in DoD operations security requirements, which were early precursors to the cybersecurity landscape we see today.

What was your education? Do you hold any certifications? What are they? I have a BA from Dartmouth College and a JD from Suffolk University Law School. I am also a Certified Information Privacy Professional (CIPP) through the International Association of Privacy Professionals.

Explain your career path. Did you take any detours? If so, discuss. When I was attending law school, I fully expected to become a practicing attorney. However, once I began working for a software company focusing on regulatory compliance almost immediately after graduating, I never looked back. In fact, I find my law degree has been quite useful throughout my career in cybersecurity and data privacy!

Was there anyone who has inspired or mentored you in your career? I think it's very important for women to have peers and mentors to help support, promote and inspire them throughout their careers. I have had many such mentors within my family, throughout my education and later within my professional life. This started with my mother, who is a social worker and has a master's degree in economics, and my grandmother, who was one of the youngest women attorneys to graduate from Albany Law School back in the 1920s. My grandmother went on to work well into her 80s and travel the world, while my mother is still helping others in her full-time career.

I am also inspired by many of the women and men with whom I have an opportunity to work on a regular basis and across my professional networks. I have been extremely fortunate throughout my own professional and personal lives to have friends, family, mentors and managers who always believed in me and my ability to achieve anything I wanted to. I realise that I am quite fortunate in that respect, and I understand from hearing stories from others, that this is not always the case for women in the workforce.

What do you feel is the most important aspect of your job? Without a doubt, the most important aspect of my job is helping my company protect and respect the data of our employees and our customers. But in addition to the daily work I do alongside my privacy, security and risk team, I have also worked hard to forge my own relationships and networks within the industry, and support women who have been hired after me. At AvePoint, I have made a point to encourage young women (and men on my team) to work hard to follow in my footsteps and also become involved with broader programs inside and outside of AvePoint to help further their careers.  

For the past two years, I have also served as an inaugural member of the Women Leading Privacy Advisory Board for the International Association of Privacy Professionals (IAPP). In this capacity, I have worked alongside many of my amazing women colleagues in this industry to support programs at IAPP events around the world that are intended to inspire women (and men) in the workforce. It is this kind of educational, professional and intellectual programming and support that I believe all women (and men) truly can benefit from in their careers.

What metrics or KPIs do you use to measure security effectiveness? We consider a number of KPIs to measure the security effectiveness of our programs, including customer, employee and management satisfaction; training effectiveness; risk management metrics, which are managed as part of our ISMS; and major milestones that we achieve as a team on a yearly basis.

Is the security skills shortage affecting your organization? What roles or skills are you finding the most difficult to fill? We have had some trouble filling open roles on our team, particularly as we typically look for individuals with cross training and experience in both security and privacy. We have learned that this is a very unusual skill set, but I believe it is something that the industry will continue to demand!

Cybersecurity is constantly changing - how do you keep learning? At AvePoint, we maintain a very rigorous program of ongoing training and certification within both our team and larger organisation, and we expect our employees to continue to grow their skills. We recently achieved ISO 27001:2013 certification for our company, which was a huge team effort and milestone. This process alone was a major learning experience and achievement for everyone involved. Beyond this, we regularly attend industry conferences, participate in training sessions and provide funding for our employees to participate in continuing education.

What conferences are on your must-attend list? I regularly attend both the RSA Conference and the IAPP Global Privacy Summit.

What is the best current trend in cybersecurity? The worst? In my opinion, the best trend in cybersecurity is a renewed focus on supply chain management and vendor risk assessments, which I think is in part because of the convergence of security and privacy, as I believe the two are inextricably interchanged - especially now. The worst trend is what I'm afraid will become consumer fatigue in response to what seems to have become an avalanche of reported data breaches and cyber-attacks as of late. However, I hope that consumer awareness will drive increased scrutiny and better, smarter regulations, rather than quick reactions - and overreactions - from policy makers.

What's the best career advice you ever received? The best career advice I was ever given is that life is not fair - and indeed, I have discovered for myself that it is not. We all play the hand of cards that we are dealt. I believe that all of us have an opportunity to succeed - because of who we are and what we do, not because of our genders. Because of this, it's important to work hard, prove your value and worth every day, and to be sure that you are not only an asset in your own mind, but also in the minds of your managers, peers and organisation. It's important to lift others up as you lift yourself up, and to remember all of the people who have helped you along the way.

What advice would you give to aspiring security leaders? Build and maintain a strong network of peers within the privacy and security communities. This is not only essential for your personal career growth, but it also allows you to learn from the experiences - both good and bad - of your peers. I have found that some of the best professional and personal friendships I have developed throughout my career are a result of building this network of peers within these communities.

What has been your greatest career achievement? I have a slightly different perspective on this question then others may. My father would say that my greatest career achievement was receiving my law degree, while others might say that it was being in charge of operations for a global software company, or becoming an advisor to the privacy teams of several U.S. federal agencies, or even becoming a CPO and a CISO. However, I think the most important achievement of my career has been not any one thing. Instead, it's the collective achievements and the ongoing privacy and security contributions have been achieved - and continue to be achieved - by the companies and teams I have had the privilege to be a part of.

What is your favorite quote?"Do what you feel in your heart to be right - for you'll be criticized anyway. You'll be damned if you do, and damned if you don't." (Eleanor Roosevelt)

What are you reading now? "Click Here to Kill Everybody" by Bruce Schneier..

In my spare time, I like to… Go downhill skiing, but I don't have enough spare time!

Most people don't know that I… Opened and ran my own coffee shop when I was attending law school.

Ask me to do anything but… Manipulate pivot tables in Excel.


« CIO Spotlight: Bob Worrall, Juniper Networks


The CMO Files: Cornelius Willis, Clari »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail