Cyber Security Advocate: Meet Nicole Cato
Organizations today face increasingly diverse and sophisticated cyber threats. This work is bigger than any one entity; it forms part of a collaborative global initiative to make the internet a safer place. For Cyber Security Awareness Month, we’re going behind the scenes with some of Okta’s Cyber Security Advocates, a talented group of professionals from diverse backgrounds, to learn their perspectives on the field and how they got here.
Nicole Cato, Senior Manager, Security Technology Strategic Partners at Okta, has more than a decade of experience in technology and cyber intelligence. After studying computer and electrical engineering, she anticipated working as a developer. However, her early-career exposure to cyber security through the US Department of Defense led her down a different path encompassing research, sales, strategy, and security.
Amanda Rogerson, Director, Solutions Product Marketing at Okta, sat down with Nicole to discuss her background, her role at Okta, and the growing importance of Zero Trust.
Amanda: What initially inspired your interest in cyber security work?
Nicole: Funny enough, I initially had no idea I would be interested in cyber security. I studied computer and electrical engineering and thought I wanted to be a developer. But upon graduating, I was recruited by Lockheed Martin and started doing cyber security research and development for the Department of Defense.
That introduced me to the information security industry, and I had to gain many certifications and learn on the job. But in doing so, I became intrigued by the analysis and challenging cyber security initiatives the Department of Defense was taking on at the time.
I wanted to do more from a strategic perspective to help companies identify the types of security they needed to implement and the business initiatives they wanted to enable. To do that, I needed to find a role that would have different aspects of each one of those things. And that’s what landed me here at Okta.
Amanda: How did your early work experience prepare you for your current role?
Nicole: A breadth of experience, from cyber security analysis to developing cross-functional programs across global companies, set me up for success here at Okta because I get to do multiple things within one role.
With my strategic sales experience, I can enable our go-to-market and speak more intelligently about Okta’s security strategy. My cyber security analyst experience allows me to understand the types of attacks that might be identity-based and that Okta can address. I can also take that a step further and resolve different types of threats with our partners who aren’t focused on identity-based attacks.
Last but not least, the government work I’ve done helps me understand the frameworks our products need to map to for our customers in different industries.
Amanda: What do you see as the biggest challenges facing people coming into the security field?
Nicole: I believe one of the biggest challenges facing new entrants to the security field is the notion that a degree or extensive years of experience are required. The cyber threat landscape is changing so quickly that it’s necessary to be self-motivated and self-driven to learn continuously.
It’s essential to insist on knowing what, why, and how. Cyber security is really about analysis. It requires thinking of uncommon ways to approach how we do everyday things.
Amanda: What three pieces of advice would you give people to overcome these challenges?
Nicole: It’s important not to fear taking on something new. The cyber threat landscape is ever-changing, so there are always different things to consider and learn.
I’d recommend people look for free or low-cost resources that will help them learn about working in cyber security. There are tons online that anyone can take advantage of from different technology vendors and universities.
The third thing would be to seek out a mentor. That could be someone working at a particular company you are affiliated with, a company you work for, or someone you know personally that can help you.
Amanda: We’re increasingly talking about the importance of Zero Trust. But what are the main things you see people getting wrong here?
Nicole: The main thing people are getting wrong is the idea that Zero Trust is a solution you can physically buy, which is completely inaccurate. Zero Trust is a strategy or framework companies can follow to address their cyber risk effectively.
The second thing people get wrong is the assumption that identity isn’t an inclusive part of Zero Trust. Identity is probably the most central entity of Zero Trust. Without knowing who someone is, a company can’t know what that individual should have access to or how to authorize them.
The third thing is assuming that one technology can address Zero Trust holistically. This assumption is another fallacy; you need an ecosystem to help manage the various types of Zero Trust initiatives that a particular enterprise may have.
Amanda: Similarly, what advice would you give a technical person looking to understand the larger implication of their code and infrastructure?
Nicole: Firstly, technical teams need to understand how their work contributes to the business strategy. That involves understanding what the business strategy is, and the outcomes associated with those initiatives.
Secondly, I would say education is a critical piece of understanding the available technologies and the unique differences between each of them.
Thirdly, I’d advise people to use their network of peers to understand where they can lend some best practices and lessons learned to avoid common pitfalls and challenges.
Amanda: You’re a member of the National Society of Black Engineers (NSBE) and Women in Cybersecurity, and you work with your local entrepreneur innovation community. What advice do you have for someone who wants to get involved in these sorts of groups but is hesitant?
Nicole: Typically, there are very few women in cyber security. I joined because I wanted to find groups that would help me understand some of the challenges I may have working in a male-dominated environment. I’d advise people to focus on specific organizations that appeal to them individually, do research online, and understand what’s available in their local area. Some of these resources have virtual communities, as well as in-person, which offers even more options.
Being a member of these organizations offers a wide range of benefits. I’ve been a member of the NSBE since I was at Florida A&M University. That membership enabled me to get recruited by Lockheed Martin, which worked very closely with the NSBE to identify high potentials and place people in internships that can turn into full-time roles.
Amanda: What do you predict will be the most significant cyber security trend in 2023?
Nicole: In 2023, I see cyber security trending towards more use cases around passwordless options. We’re starting on that journey right now with the usage of biometrics and facial recognition. But I see that becoming a lot more commonplace versus the usage of certain devices and applications [for recognition].
Visit the Okta and Auth0 careers pages to learn how to start your own career in cyber security, and explore the field through our Cyber Security Awareness Month blog series.
