Secret CSO: Debby Briggs, NETSCOUT

Secret CSO: Debby Briggs, NETSCOUT

Name: Debby Briggs

Organisation: NETSCOUT

Job title: CSO

Date started current role: Joined NETSCOUT in 2004 & appointed CSO in 2008

Location: Westford, MA, USA

Debby has more than 20 years of experience in cybersecurity and has been with NETSCOUT for the last 15 years. Prior to joining NETSCOUT, Debby held various network administrator and IT infrastructure roles with leading companies, including RSA, Healthsource and GTE. She is also a patent owner for technology using trust profiles for network breach detection.

What was your first job? I started my career as a service desk professional at GTE Government Systems where I was responsible for supporting PCs and teaching DOS!  Does anyone even know what this is anymore?  This led to managing technology initiatives supporting email, server and network infrastructure.

How did you get involved in cybersecurity? I transitioned into cybersecurity while at RSA Security in the late 1990s.  I was hired to deploy their frame relay network worldwide.  I was brought into security after RSA experienced a malicious DNS redirect, and my team ended up being responsible for administering the firewalls after the incident. 

What was your education? Do you hold any certifications? What are they? I hold an MBA from Southern New Hampshire University, a CISSP, and a BS in computer science from the Massachusetts College of Liberal Arts.  If I ever go back to school for a PhD, I would like to get a doctorate in organisational design. I am fascinated by people and how they interact together.

Explain your career path. Did you take any detours? If so, discuss. My career path has been about finding the right opportunities and being willing to take risks.  When LAN Manager and Microsoft's first version of email was coming to GTE, I volunteered to get it implemented, and haven't stopped raising my hand for new projects and opportunities since!  There haven't been any detours for me. I had a plan and found the opportunities to get me there; taking jobs that gave me opportunities and choosing great managers and mentors to guide me.

Was there anyone who has inspired or mentored you in your career? Everyone has a mentor or someone that inspired them. My first manager, Peg McCarthy at GTE, demonstrated how women in a male-dominated field could be successful. She inspired me to persevere in my own career and was instrumental in the development of my own leadership style. She inspired me to never let gender play a role in work assignments. 

What do you feel is the most important aspect of your job? The most important aspect of my job is being a business enabler. Using an automobile analogy, I like to think of cybersecurity as the brakes on a car, and the guardrails on the roads.  I view cybersecurity as the "brakes that allow the enterprise to go fast." In other words, the role of security is much like a set of brakes on a car, providing safety even at high speeds, mitigating risk without obstructing all forward motion, unless necessary! And, much like a guardrail, security is also there when needed to provide guidance and ensure safety.

I'm also passionate about protecting the 3,000+ employees that work for NETSCOUT, and leveraging their talents in turn to protect NETSCOUT. Often employees serve as the best "human firewalls" security teams can employ! I view it as my responsibility to be an awareness coach for our people, while taking the time understand and secure business processes that help us advance our business around the world. Outside of my "day job," I take my job as a role model to young girls very seriously. I use my talents to give back to the area communities where I live and work.  Getting young girls interested in STEM, and, if I am lucky, interested in cybersecurity careers, is one of the most important aspects of my job in the "external" world. Our industry is desperately aware of the cybersecurity employee shortage. My contributions to the community are just one small way I can actively work to improve the number of talented people we get into the field.

What metrics or KPIs do you use to measure security effectiveness? The most meaningful KPI to me is the number of teams asking for your advice.  Over the years, I have found that if people aren't asking, they're working around you.  If a company's CSO and cybersecurity organisation becomes the department of "no," you're less likely to be invited to participate in open dialogue that would help protect the very business you're trying to enable.   It's important as CSO that you collaborate with teams, earn their trust and respect.  For a true KPI, I recommend having an SLA for fixing vulnerabilities, which includes reporting to management of those addressed within and outside of those agreements, giving a clear picture of where the risk windows remain open.

Is the security skills shortage affecting your organisation? What roles or skills are you finding the most difficult to fill? Thanks to Boston traffic, the security skills shortage outside the city is not as bad.  Because of NETSCOUT's Route 495 location, great work environment and number of universities in Massachusetts, we have great access to top young talent. The talent hardest to find is for roles that require years of experience in a cybersecurity specifically, with insight as to how security is a critical element of enabling the business.

Cybersecurity is constantly changing - how do you keep learning? I read the news every day about current happenings in the cybersecurity community and follow key influencers on Twitter to keep up with the industry dialogue.  I have also always found peer to peer learning is critical. I've also considered taking cybersecurity classes on-line as a means to compare notes between classroom teaching and real-world application. 

What conferences are on your must-attend list? Personally, I prefer smaller conferences that allow me to network with peers, with only a small number of security vendors such as Secureworld Boston. 

What is the best current trend in cybersecurity? The worst? AI is the best and worst trend in cybersecurity. Every security vendor claims to have AI in their products without understanding what AI truly means. That is the worst part.  True AI will allow networking and security teams to work smarter, not harder. The most effective application of AI in security will take the rich data sets that we already have, and augment them in ways that speed interpretation, providing better analytics to IT and faster implementation, providing more accurate prevention or better incident response.

What's the best career advice you ever received? Don't ever put something in email that you would not want on the front page of the newspaper! 

What advice would you give to aspiring security leaders? You reap what you sow.  If you are a respectful, challenging, and inspiring leader, your team will be the same.  Look for talent in unusual places.  I have found that drive, willingness to learn and motivation trump any debate over a particular degree.  My second piece of advice is to get top-down support for your security initiatives and buy-in for security as a business enabler.

What has been your greatest career achievement? I am most proud of being awarded a patent with Anil Singhal, CEO of NETSCOUT as a co-inventor for using trust profiles for network breach detection.

Looking back with 20:20 hindsight, what would you have done differently? Back in the late 1990's when network-based email was taking off, I should have invented SPAM filtering and email analytics!

What is your favourite quote?"All I really need to know I learned in kindergarten" - Robert Fulghum

What are you reading now? I just finished The President is Missing by Bill Clinton and James Patterson.

In my spare time, I like to… participate in team volunteer projects at NETSCOUT. It's a great way to meet fellow employees and learn how non-profits respond to community issues. During the course of the last nine years, I've been part of 33 team projects. My goal is to volunteer for at least 40!

Most people don't know that I… I used to be a shy person and was afraid to talk in front of others.

Ask me to do anything but… lie on the beach, frying in the sun, doing nothing!


« CIO Spotlight: Derek Choy, Rainforest QA


Rocket to the cloud: AWS on migration strategy and serverless architectures »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail


Do you think your smartphone is making you a workaholic?