SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Jen Waugh leads Okta's security culture & supports diversity efforts

Fri, 30th Aug 2024

Jen Waugh, who joined Okta in May 2024 as Senior Director of Security Culture, is currently focused on fostering a strong security culture within the company. Waugh is also committed to supporting and developing women in the cybersecurity industry. In her dual role, she oversees security culture initiatives at Okta and champions diversity within the organisation.

One significant initiative Jen was involved with was the development of the APJ Cyber Queens, a mentorship group aimed at creating a supportive environment for women in security at Okta. Additionally, Waugh is a member of the Women@Okta employee resource group, which aims to educate, support, and improve gender diversity at the company.

On Okta's approach to creating a robust security culture, Waugh remarked, "With Identity and security connected like two sides of the same coin, we've come to see ourselves the same way others see us: as a leading global security company." This viewpoint has resulted in security becoming a core corporate value at Okta, stressing the importance of every employee's role in preserving security.

Waugh outlined three key pillars of Okta's security culture:

  1. Security Why: "We begin by understanding the external threats in a clear and data-driven way," Waugh explained. "This means avoiding broad statements and instead taking stock of the threat landscape."
  2. Security People: This pillar focuses on the human aspect of security. "Our Security People pillar has been designed to be measurable and, in my personal view, it is and will continue to be central to our success," Waugh emphasised.
  3. Security Pulse: A data-driven approach to measure progress. "Security Pulse is the data-driven way we're going to achieve our security goals. Numbers, percentages, trends—the cold, hard facts that help us measure progress, identify where we're falling behind or doing well, and make things sustainable and repeatable," Waugh noted.

Okta has introduced several initiatives to implement these pillars. One such initiative is the Global People Network, providing cross-sectional input on security strategies. "Members of the forums understand and, I think, appreciate that they're a big part of the solution," Waugh remarked.

Additionally, Okta has embedded security teams that work alongside developers on a daily basis. "Having everyday access to a member of the Security Education team helps the whole developer workforce be more efficient while also gradually leveling up everyone's knowledge," Waugh explained.

Waugh highlighted the importance of multi-directional communication and leadership by example. "When people feel involved, when they feel that the organisation is listening, when they see adjustments made because of their feedback, and when they see leaders embodying the messages they're communicating—you've got the makings of a real cultural shift," she asserted.

Further reinforcing this foundation, Okta has invested in a framework aligned with the National Institute of Standards and Technology (NIST) Cybersecurity Framework 2.0. This alignment enables the company to effectively track its security posture and make informed decisions.

Waugh acknowledges that building a security culture is an ongoing endeavour. "Building a culture of security isn't an overnight project, and it's not a set-it-and-forget-it task; rather, it's a long-term, ongoing process that requires collective change and concerted effort," she noted.

By sharing Okta's approach and championing women in security, Waugh hopes to inspire other organisations. "The risks facing today's organisations are simply too great to be ignored and can't be addressed by technology alone," she concluded. "And I believe that by walking this road together—exchanging ideas and insights, successes and failures, challenges and solutions—we can make collective progress."

Jen Waugh's efforts at Okta, integrating a robust security-conscious culture with the advancement of women in the industry, underline the essential role of diversity in the future of digital security.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X