Conversations with IAM Cyberheroes - Rae Barton
Date: 2024-07-15
Author: Versasec
Summer 2024 is here and it’s time for a new summer series! This year, we have invited some friends of Versasec, experts in the field of cybersecurity. They are average everyday heroes, looking to make the world a safer place; we call them cyberheroes. We look forward to learning from their experiences and diving into cybersecurity efforts from their perspective.
First, we would like to introduce you to Rae Barton, a passionate cybersecurity professional with almost 20 years of experience in the industry, specializing in Public Key Infrastructure, Identity & Access Management, and Data Protection.
Her passion for her clients stands out when listening to Rae’s insights. It’s clear that they are important to her in her day-to-day work, and she has developed a deep understanding of the realities of today’s enterprise environments.
Let’s tune in to our conversation with Rae Barton.
What do you enjoy the most about working in cybersecurity?
What I enjoy most about working in cybersecurity is the constant evolution of the industry, which offers endless opportunities for learning and growth. Every day brings new challenges and insights driven by cyber threats’ ever-changing tactics and techniques. The increasing number of breaches and incidents constantly reminds me of the reality, which keeps me motivated to stay ahead of the curve.
It is rewarding to know that our work helps keep the Internet a safer place for everyone. Whether protecting sensitive data, securing cloud environments, or managing access, each task plays a crucial role in safeguarding our digital world.
What are you most concerned about when you hear news about cyber attacks?
When I hear news about cyber attacks, I look at how these breaches originate. A significant majority of cyber attacks begin with social engineering, leaked passwords, or impersonated identities. Despite organizations investing heavily in advanced technologies and deploying multiple layers of defense, the human factor remains a critical vulnerability.
The gap in user education on the latest attack vectors is inevitable. While technical defenses are essential, they are not foolproof if users are not equally vigilant and informed. Many organizations fail to effectively train their staff to recognize and respond to these evolving threats. Strengthening user education and awareness is crucial for mitigating risks and ensuring that the human element does not undermine the sophisticated defenses put in place.
Do you think phishing attacks could ever be eliminated?
I don’t think phishing attacks will ever be completely eliminated, but they can be significantly minimized. Phishing attacks have become extremely sophisticated and realistic. Gone are the days when phishing emails were riddled with grammatical errors, typos, and sloppy writing. Nowadays, phishing emails and SMS messages often look almost legitimate, making them much harder to detect.
With advancements in AI and deep fake technology, phishing attacks will become even more convincing. This is why continuous user education on the latest attack vectors is crucial. By keeping users informed and vigilant, we can better protect identities and prevent larger breaches. Educating users about cybercriminals’ evolving tactics is key to minimizing the success rate of these attacks.
On a scale of 0 to 10, with 10 being the highest, where do you think enterprises are when it comes to adopting modern MFA?
On a scale of 0 to 10, with 10 being the highest, I believe the adoption of modern Multi-Factor Authentication (MFA) among enterprises has plateaued around a 7. While MFA is now ubiquitous, particularly in technology-savvy organizations, the focus has shifted from mere deployment to the governance and context-based decision-making associated with its use. It’s not just about implementing MFA; it’s about how decisions are made based on user behavior and the environment from which access is attempted.
Key considerations include making access decisions based on variable factors at user login time. Organizations must balance prohibiting unauthorized access with enabling seamless user experiences. Re-verifying a user’s identity periodically, without interfering with their activities, is crucial. Additionally, applying higher levels of identity verification for high-value users, such as C-Suite employees, is necessary. These considerations are essential for designing and deploying an effective MFA solution. A simple yes/no MFA approach is no longer sufficient to prevent breaches in today’s sophisticated threat landscape.
In your everyday work, do you or your team members feel like superheroes against cybercrime?
I don’t necessarily compare cybersecurity work to that of superheroes. What I do appreciate, however, is the human factor. Having worked in customer-facing roles for almost two decades, I’ve realized that my customers are not just impersonal technical figures looking to deploy solutions. They are individuals with personal stories, a sense of humor, brilliant minds with diverse backgrounds, and an appreciation for help. I genuinely enjoy getting to know my customers on a personal level because it motivates me to go above and beyond to solve their problems.
Sometimes, we make mistakes and don’t achieve the outcomes we hope for, but through these experiences, we learn valuable lessons and grow. This growth enables us to support our customers in the future better. At the end of the day, it’s the relationships we build and the trust we earn that make our work meaningful. While we might not wear capes, the real reward is knowing we’ve made a difference in someone’s work, ensuring they feel heard and supported.
About our Guest
Rae Barton self-proclaimed “customer-obsessed self-starter with a dose of constructive optimism.” She is an advocate for customers in her role as a Senior Customer Solutions Manager at Entrust, supporting the top 5% tier of clients. When not at work, she enjoys running, hiking, and spending time with her family & Scooter, a beloved French bulldog.
Disclaimer:
Rae Barton’s opinions on this blog do not necessarily reflect those of her employer.
vSEC:CMS
Our product suite provides all the software tools to administrate and manage credentials in a secure and convenient way.
Free Product Trial
Versasec provides enabling IT security products centered on the usage of security devices such as smart cards. Our solutions enable customers to securely authenticate, issue and manage user credentials more cost effectively. Get a free product trial.
Job Openings
We are always looking for new exceptional persons to join our team! Find out more about our job openings.