Start your day with intelligence. Get The OODA Daily Pulse.

This post is based on an interview with Masha Sedova, Co-Founder of Elevate Security.  It is part of our series of interviews of OODA Network members. Our objective with these interviews is to provide actionable information of interest to the community, including insights that can help with your own career progression. We also really like highlighting some of the great people that make our continued research and reporting possible.  For the full series see: OODA Expert Network Bio Series.

 Career Progression:   Masha was born in Moscow, Russia.  Her Mother was an economist working for the Soviet Union’s version of Department of Transportation.  Her Father was a computer programmer, trained by his Mother.  Masha’s Grandmother attended college in the 1950’s to learn computer programming, then considered by the Soviet Union to be “women’s work”.

When Masha was four years old, they “won” the United States VISA Lottery and emigrated to upper New York State.  Masha grew up as an American girl, however retained her fluency in Russian and her family’s passion for computers.  By the time she finished her Sophomore year in High School, Masha had taken every mathematics class offered.  Realizing the next two years would be a waste, she dropped out of high school at the age of 16.  Masha was accepted to Bard College at Simon’s Rock, the only accredited college option for a non-high school graduate.  Bard College takes smart, hardworking “early college” applicants, under the premise that two more years in High School would be a waste for them.   Bard is a Liberal Arts College, so Masha spent the next two years studying psychology, philosophy and other matters of culture and humanity.

Masha transferred to the University of Tulsa after completing her Associates Degree. They had an innovative program, called Cyber Corps, funded by the U.S. Government to nurture a cadre of computer security scientists.  Students worked directly with the Government on problems related to National Security.  Two years of Right-Brain training followed by two years of Left-Brain training gave Masha a unique outlook towards computer problems.  She spent the next three years working in the D.C. area addressing the Russian Cyber Threat.

Masha recommends that new Computer Security Professionals take their first job in either Government or Finance.  Either one will quickly train the employee in a dynamic environment protecting critical assets.

Salesforce brought Masha onboard to develop an Insider Threat Program.  Any organization that is serious about their future is acutely aware of their vulnerability to a disgruntled employee.  Masha became fascinated by the inherent cultural differences between the Government (where National Security is the primary concern) and Industry (where growing the Company drives most decisions). She was hired to build a program where they could find the needle in the haystack.  But with a huge, rapidly changing, distributed workforce, Masha had to change the approach.

Masha decided to build a culture where the haystack rejected the needle.  This is where her right-left-brain ambidexterity comes into play.  Masha transformed the company’s environment so it would be almost impossible to survive as an “insider threat”.   “In Industry, you can’t MAKE people do things.  Creating a compliance culture won’t work here.  I proposed a whole new approach to human risk.  You have to get the entire organization to believe in something bigger than their own efforts and understand the impacts of their actions.  You have to move the entire organization from ‘HAVE TO’ to ‘WANT TO’ with respect to security.” Masha says.

Masha co-founded Elevate Security in 2017 to create a behavioral security platform that can be used by many different types of Industries.  Unlike most computer security companies, Masha borrowed successful techniques from many other disciplines besides engineering.  She looked towards the gaming industry to learn how they used positive psychology to reward good behavior.  She learned how to collect relevant metrics – critical to getting the reward right.  She armed the company executives with the exact right information so they could recognize employees that keep them secure.

Masha sees one good thing about COVID-19.  It has removed the “hierarchy of information”.  Masha says “In an office, some workers have more information than others, by nature of the social dynamics.  In a remote work environment, we are all on the same page.  We are all forced to communicate better and we can all grow at the same pace.”

Surprises:    Masha has been pleasantly surprised by how successful she can be “linking two crazy concepts that shouldn’t co-exist: Behavioral Science and Computer Security.  It has been hugely impactful.”

Technologies you are watching: “I’m interested in cultural biases as we rely more on Artificial Intelligence.  As these systems ‘learn’ from us, we have to be VERY careful they don’t ‘learn’ our gender and race biases!” Masha says.  “We must be absolutely certain they don’t get programed in!”

Advice for Decision Makers:  Masha often hears executives opine “Humans are the weakest link”.  She disagrees.  “It’s a hard problem, and requires good psychology and good data, but I’ve seen organizations where the human element is one of the core features of their defense.  This isn’t magic!” Masha says.

Leaders should also take an active role in the career of good workers.  Masha suggests that leaders should: “Sponsor someone!  That’s more than just mentoring (guiding and giving advice).  Sponsoring means you will be their champion, put their name in the hat for good assignments, seek out good opportunities on their behalf!  This is the best way we can expand the diversity in our workforce!”

Views on Thought Leaders:  Masha follows Kelly Shortridge for her spot-on, sassy discussions on security. 

Quick Hits:

 

 

Chris Ward

About the Author

Chris Ward

Chris Ward (Commander, U.S. Navy (Retired)) has over 30 years of experience helping the Department of Defense (DoD) solve difficult technology requirements. She has a proven track record of building, maintaining, securing and certifying technology solutions for use within DoD. She works with Industry to identify key opportunities and provides strategic guidance and support. She is a strategic analyst and cybersecurity professional who has deep expertise in improving enterprise cybersecurity.