Wendy Walasek
“Be the kind of security leader who takes ownership of business outcomes. Even if security isn’t your direct responsibility, act like it is.”
Wendy Walasek has been a Principal Engineer at Google since 2018. She’s currently the tech lead responsible for Security and Compliance for the Google Cloud Platform (GCP) Control Plane team. Before joining Google, Wendy held security and compliance leadership roles at organizations including JP Morgan, Goldman Sachs, and Morgan Stanley, and was an Adjunct Professor at Columbia University teaching Foundations of Data Science. She has a Master of Science from Columbia University specializing in Computer Graphics, and undergraduate degrees in Computer Science and Fine Art from Rutgers College.
What is one skill, interest or talent of yours that makes you great at your job?
My superpower is to deeply understand the underlying technology I am working to protect. Application security is possible because I am a computer scientist and developer. Data protection is possible because of my background in data science, which requires understanding of data and the curation of data sets to help build AI models. I am now diving into understanding CPU and hardware vulnerabilities so I can better contribute to my current team.
What is the best piece of unconventional career advice you’ve gotten?
Always be “talent” that drives impact. Make sure your talents are part of the secret sauce of the bottom line. Focus on delivering work that creates real business value, and understand how your cybersecurity and technical efforts connect to the organization’s goals.
What is your proudest moment working in the cybersecurity industry?
Many of my proudest moments include implementing the solutions to help protect platforms and systems from being attacked, and in the event of an attack, figuring out who did it and collecting evidence to tell the “whodunit” story.
When did you become interested in pursuing a career in cyber and what prompted it?
I was building web-based applications on Wall Street, and all my systems had to go through a security review. I made a game of making sure the security engineers would never be able to find any vulnerabilities in my applications. When there was work in the team regarding digital certificates and access controls, I selected it in addition to my core application development, as I found it fun.
At one point the security team created a training on how to hack into a system through a network, and I took the training. I noticed that the training didn’t cover how to build a system that was not hackable. So I suggested to the head of security that there should be an additional security training class that explains software security and how to build systems resistant to hacking. He went and asked the lead security engineer about me, and the security engineer shared that they had not been able to find any cybersecurity concerns in my systems. The head of security then asked me to create a new team, and the first Application Security team was born at Morgan Stanley.
What are the top 3 things you would tell people hoping to enter the cybersecurity industry?
- Always contemplate how your system can be broken or attacked, such as in the shower, walking to your car, or looking out the window of the train during your commute. Always think about potential threats.
- Discipline matters. A solid cybersecurity program has a foundation of discipline.
- Practice breaking things in a safe way and make sure you have written permission from the appropriate stakeholders. Create test environments and practice applications to attack.
What are some misconceptions people might have about the cybersecurity industry and what can we do to change these misconceptions?
The stereotype that the cybersecurity industry is made up of a bunch of individuals lacking social skills couldn’t be further from the truth. My day is full of people, intellectual curiosity, and fun! Cybersecurity is an intellectual challenge, and it requires collaborative engagement with engineers and business people. Most of my time is spent engaging with people, exchanging ideas, tackling problems together, and collaborating on innovative solutions.
Do you feel like you’re contributing to helping keep our world secure and can you share why that matters to you?
Yes, a secure computer platform matters! To have a productive society and economy, the world needs our computer platforms to be safe and secure. I am proud to be part of Google Cloud, providing a secure and compliant platform. The global scale and opportunity is humbling.
What positive change do you think will take place as we bring the next generation into the cybersecurity industry?
Given the next generation really grew up with technology and generative AI, they will have a deep intuitive sense for the platforms and technology, which can only help improve our security posture.
Who is your role model in the cybersecurity industry and why?
Phil Venables has been a longtime role model of mine, and I’ve had the privilege of working closely with him at key points in my career. His insights on leadership and security, especially those he shares on social media, have consistently inspired and challenged me to think bigger. One message that’s always stuck with me is this: Be the kind of security leader who takes ownership of business outcomes. Even if security isn’t your direct responsibility, act like it is.
