Cyber Security Advocate: Meet Tanesha Magby
Organizations today face increasingly diverse and sophisticated cyber threats. This work is bigger than any one entity; it forms part of a collaborative global initiative to make the internet a safer place. For Cybersecurity Awareness Month, we’re going behind the scenes with some of Okta’s Cyber Security Advocates, a talented group of professionals from diverse backgrounds, to learn their perspectives on the field and how they got here.
Tanesha Magby, CISA, CRISC, CDPSE, Director of Information Security for the Customer Identity Cloud Product Unit at Okta, has over two decades of experience in IT, risk, and cyber security. Tanesha started her career developing software at Accenture, then planted herself in financial services technology at Bank of America. There she led software development teams through the software development life cycle for changes to online and mobile platforms, which included rolling out payments processing functionality and improvements to user experience. Her next move took her into security, risk, and audit roles, where she led strategic technology audits and assessed security risk for critical systems, eventually opening her own IT risk advisory consultancy. That path took her to Okta in January 2022.
Amanda Rogerson, Director, Solutions Product Marketing at Okta, sat down with Tanesha to discuss her role at Okta, how organizations can reduce their cyber risk, and how people can make the internet safer.
Amanda: What led you into the cyber security space?
Tanesha: I have always loved technology, and I'm naturally drawn to acts of service. So if I am connecting or helping people, leaders, or teams, that’s always something that pulls at my heartstrings. I think having and finding meaning in work is also critically important. And what could be more meaningful than being part of an identity security company whose sole mission is to protect identities?
Amanda: What are the biggest challenges facing people entering the security field right now? And what advice would you give them to overcome those challenges?
Tanesha: Cyber security jobs are really stressful, and the threat landscape and technology are constantly changing. In such a competitive environment, it's easy to develop feelings of imposter syndrome.
So I will say for anybody getting into cyber security, being a self-starter is vital. Being a perpetual learner, someone who enjoyings not knowing and going through the process of learning—this is key to overcoming the challenge. I’d advise people to continuously invest in themselves, to focus on upskilling and building up their knowledge all the time.
Amanda: Drawing on your experience in risk management, what advice would you give to businesses looking to mediate or reduce risk in today's cyber security?
Tanesha: Firstly, security isn't something you buy; it's what you do. Even with increasing cyber risk, cyber security isn't always ingrained in corporate thought. It's often an afterthought, but it has to become a board-level issue.
Secondly, cyber security risk shouldn’t only be considered during a risk assessment or an audit. I think it's essential to view the business as a complex machine in motion and continuously work to ensure that all the parts are operating as intended, as planned, and as expected. And if not, you need to tune up the parts that need help so the machine operates as effectively as possible.
Amanda: As a certified data privacy solutions engineer, what challenges do you see for businesses and developers in particular when it comes to aligning with global data privacy?
Tanesha: When it comes to aligning data privacy laws, one of the biggest challenges is that jurisdictions do things differently. For example, the state of Illinois has protections in place for any entity that's collecting biometric data, and they have to follow a specific set of protocols. But this isn't always the case in other states.
So I think it's imperative for companies to understand the privacy impact that all their technologies have. They can then move to develop comprehensive policies and understand what privacy looks like for the consumer.
Amanda: If you could get every person on the globe to do one thing to make the internet safer, what would it be?
Tanesha: It would be to manage and take control of your own security. Many of the issues we see are caused by weak passwords, carelessness, and a lack of basic cyber hygiene.
Number one, I think it's vital that everyone uses a password manager. A strong and secure password can be the difference between personal or sensitive account information being secure or ending up on the Dark Web. So passwords must be strong to ensure folks can protect themselves.
Number two, people must be able to recognize what a phishing email looks like. Phishing is cheap, easy, and an effective method for threat actors to gain unauthorized access to accounts and systems. So make sure you know who messages are coming from, and take actions like hovering over the URL, checking the sender and domain, and more to understand whether you’re being targeted through phishing.
Amanda: How would you personally define the difference between data privacy and data security?
Tanesha: I would define the difference between data security and data privacy as: data security deals with protecting the data, and data privacy deals with the responsible use and collection of data.
You may have data security policies that somewhat address cyber risk, but they won't take care of privacy regulations and considerations. So data security protects data, and data privacy protects identity.
Amanda: As more financial institutions shift to take advantage of open banking and partner with or acquire fintechs, what challenges do you see them facing in the future?
Tanesha: Thinking back to my time at Bank of America, data security was, still, and always will be a big challenge for fintech. There is a huge volume of cyber crime in the financial services and technology spaces, so protecting data is extremely important. Fintechs need to move at the speed of technology, keep up with the threat landscape, and adhere to laws and regulations to stay abreast of everything that's going on within the industry.
So I think it's critically important to consider innovation and competition. Banks and fintechs must continuously update their technology stack to ensure their systems are operating effectively. It'll also be difficult for them to recruit software engineers to work on obsolete technologies, so they need to stay current with the industry.
Amanda: It’s no secret that cyber security is short on talent. So what advice do you have for someone looking to get into the field?
Tanesha: For someone looking to get into cyber security, I think it's really simple. Just keep investing in yourself and building your network. If you see a job that interests you, just go ahead and apply, take your shot, and bet on yourself.
Amanda: What is your number one cyber security prediction for 2023?
Tanesha: My top cyber security prediction for 2023 is that we will continue to see more sophisticated and well-planned-out attacks. For that reason, it's crucial that we stay on our toes because our adversaries are getting a lot more determined to achieve their goals.