Diligent Q&A – Introducing Monica Landen, Chief Information Security Officer at Diligent
We are thrilled to welcome Monica Landen to team Diligent! As Chief Information Security Officer (CISO), Monica leads Diligent’s security team, oversees the organization’s robust security standards and helps to ensure that our data and IT infrastructure are protected against potential threats.
Q. Tell us about how you got here — what attracted you to Diligent?
A. When I think about my career development, I am passionate about continuing to grow and learn. I actively seek roles that challenge me and offer opportunities to acquire new skills and knowledge.
My journey as a cybersecurity professional has centered around building and managing cyber programs across various industries. I began my career as a software developer and still think of myself that way deep down, albeit with a cyber lens these days. Most recently, I served as senior vice president and CISO at FactSet, a leading provider of financial data and analytics solutions, and I have over 20 years of experience in IT security spanning incident management, identify management, vulnerability management and security technology and infrastructure.
What attracted me to Diligent was the exciting prospect of influencing a product linked to my field. The chance to contribute to something so relevant and impactful was incredibly appealing. Throughout the interview process, I was inspired by the Diligent team members I met. Their strong focus on strategy and execution and a culture of open and honest communication resonated deeply with me. I believe it is an environment where I can thrive and make meaningful contributions.
Q. You’re very involved in the tech community. Why is engagement and mentorship within tech networks important to you?
A. Technology and security form a close-knit community where relationships and partnerships are crucial. We are ultimately working together to protect against cybercrime.
A significant part of why I am here today is because I had exceptional mentors who believed in me and motivated me to excel. Their support was invaluable, and I am passionate about giving back by mentoring others. Engaging with the tech community allows me to share my experiences, support emerging talent, and foster a collaborative environment where we can all grow and succeed together. I firmly believe that by investing in others, we not only strengthen our community but also drive innovation forward.
Q. What are some of the common challenges CISOs face in communicating with the board? Why is it so important to bridge that gap?
A. Every board is unique, presenting challenges for CISOs when communicating with them. Boards typically have a macro view and are business-focused rather than being cyber experts.
The primary challenge is that the board's focus is on the company's overarching strategic views. Our role as CISOs is to speak the board’s language and translate complex cyber risks into thematic ones that they can easily digest, helping them grasp their organization’s security posture. Key objective data points like industry frameworks, peer comparisons, and customer expectations can help to illustrate whether you are trending in the right direction.
In conversations with my peers, it's clear that cyber board updates are highly diverse and inconsistent. Bridging this gap is crucial because there is no standardization in how companies communicate cybersecurity to their boards. Companies use various metrics and data points to explain their security posture and highlight top risks. Standardizing this communication, using tools like Board Reporting for Cyber Risk from Diligent, helps board members, especially those on multiple boards, understand and consume the information more efficiently and effectively. This consistency is vital for making informed, strategic decisions about the company's cybersecurity posture.
Q. The cyber landscape today is complex and rapidly changing. What would you say are the top risks keeping CISOs up at night?
A. CISOs sleep? That's news to me! The top risks that keep us up at night are balancing the wave of new challenges like generative AI and quantum computing with ongoing challenges like vulnerability management, simple role-based access controls, and maintaining visibility.
The real kicker with cybersecurity is that we are never truly done. Even with robust controls in place, threat actors always find a workaround. It's a perpetual cat-and-mouse game, where we're constantly adapting to stay ahead. Trying to see beyond one to two years feels a bit murky and unpredictable.
Q. Lastly, what are you most excited about at Diligent?
A. I am genuinely thrilled about joining Diligent and working with the security team and other colleagues across the business. One of the things I'm most excited about is ourElevate 2024 summit in September. It's a fantastic opportunity to meet with customers and hear their experiences and feedback firsthand. Additionally, I am eagerly looking forward to contributing to and influencing our product strategy. The chance to shape the future direction of our solutions is incredibly motivating and aligns perfectly with my passion for driving innovation and excellence.
