Conversations with IAM Cyberheroes - Eleanor Falla
Date: 2024-08-08
Author: Versasec
Summer 2024 is here and it’s time for a new summer series! This year, we have invited some friends of Versasec, experts in the field of cybersecurity. For us? They are everyday heroes, looking to make the world a safer place; we call them cyberheroes.
We look forward to learning from their experiences and diving into cybersecurity efforts from their perspective. Our second guest blog comes from Eleanor Falla, Senior Product Manager, focusing on identity solutions at Microsoft.
What do you enjoy the most about working in cybersecurity?
In an ever-evolving cybersecurity landscape, I find it exciting to see the changes occurring. Witnessing the remarkable strides made in cybersecurity technology over recent years has been nothing short of inspiring. It’s great to be able to work on cutting-edge technology that helps secure technology users around the work. Working on new Microsoft Entra features such as external authentication methods (EAM) where third-parties can satisfy MFA requirements in Microsoft Entra and releasing the FIDO2 security key provisioning APIs, where Versasec has been an early partner, really bring me excitement to see how organizations can work together to mitigate phishing attacks. It’s been a great partnership with Versasec and Microsoft to address new customer needs!
What are you most concerned about when you hear news about cyber attacks?
When I hear more about cyber-attacks my focus is on how we prevent phishing attacks as it remains a top issue in the industry. I’ve personally learned that rolling out FIDO2 security keys (a phishing resistant MFA method) to employees is not always an easy task, but a necessary one that prevents users from the risk of attack. That’s why it’s so important for Microsoft to work with key vendors, like Versasec, to improve the roll out experience for FIDO2 security keys via Microsoft’s new provisioning APIs. These APIs allow for easier provisioning and shipping of security keys to new employees during their onboarding, preventing the risk of phishing attacks early on.
Do you think phishing attacks could ever be eliminated?
As threats become more sophisticated, I like to think it’s possible that customers will be more careful and choose to implement better strategies to mitigate these new types of attacks. I’d love to see a world where phishing attacks are completely gone, but this will require more work from enterprises before we can get there. When widespread adoption of phishing-resistant Multi-Factor Authentication (MFA) becomes the norm, the barriers for even the most sophisticated hackers become much more difficult. End users should consider moving from phishable credentials, like passwords, and switching to alternative methods like passkeys!
On a scale of 0 to 10, with 10 being the highest, where do you think enterprises are when it comes to adopting modern MFA?
Currently, I would estimate that the adoption of modern Multi-Factor Authentication (MFA) stands at 2 out of 10. While significant progress has been made, there remains considerable work for enterprises to fully implement phishing-resistant MFA solutions. The transition requires substantial changes within enterprises, starting with executive decisions to move towards strong MFA options and then IT departments implementing changes, which will inevitably take time. However, the advancements we are witnessing are promising, and I am optimistic that within the next year, enterprises will continue moving closer to achieving a 10 on this scale.
In your everyday work, do you or your team members feel like superheroes against cybercrime?
In my daily efforts to gather feedback from our partners and their customers on our products, it may not always feel like superhero work. However, when I take a moment to reflect on the incredible achievements I witness across Microsoft and our partners, I realize that together, we are accomplishing extraordinary feats in securing the world and combating cybercrime. In that sense, we truly are superheroes across Microsoft and our partners!
About our Guest
Eleanor Falla, a Senior Product Manager at Microsoft, boasts an impressive 9-year tenure with the company. As a member of the Customer Experience Engineering Independent Software Vendor (ISV) team, Eleanor collaborates closely with third-party vendors to create seamless integrations with Microsoft Entra. Her laser focus on identity solutions has been instrumental in enhancing customer experiences and empowering partners. When she’s not shaping the future of security solutions, you’ll find her embracing the great outdoors in the Seattle area. Whether skiing down snow-covered slopes during winter, enjoying sun-kissed beach days in the summer, or seeking out the best restaurants in the area, Eleanor cherishes these moments alongside her husband and their dogs.
Disclaimer:
Eleanor Falla’s opinions on this blog do not necessarily reflect those of her employer.
vSEC:CMS
Our product suite provides all the software tools to administrate and manage credentials in a secure and convenient way.
Free Product Trial
Versasec provides enabling IT security products centered on the usage of security devices such as smart cards. Our solutions enable customers to securely authenticate, issue and manage user credentials more cost effectively. Get a free product trial.
Job Openings
We are always looking for new exceptional persons to join our team! Find out more about our job openings.