I am delighted to share that Marene Allison has joined Dazz as an advisor, bringing more than 40 years of experience in business and government leadership, physical and technology security strategies, and criminal and civil investigation. For those of you who don’t know Marene, she was most recently the Global Chief Information Security Officer for one of the world’s largest healthcare companies—Johnson & Johnson—where she was responsible for protecting the company’s information technology systems and business data. Prior to joining Johnson & Johnson, she served as Chief Security Officer for Medco, where she led the development and implementation of the security strategy, including IT and physical security in more than 145 facilities. Before Medco she served as head of Corporate Security for Avaya and Vice President of Loss Prevention and Safety for The Great Atlantic and Pacific Tea Company. She also worked as an FBI Special Agent, served in the U.S. Army, and graduated from West Point in the first class to include women.
I was fortunate to meet with Marene this past week and talk about her career journey, perspectives on what’s top of mind for security leaders today, and her views on Dazz. Here’s an excerpt of our conversation.
Julie: Hello Marene! We’re delighted to have you joining Dazz as an advisor. Thank you for spending time with me today. I’d love to begin our conversation hearing about your career journey.
Marene: My journey is a long and sordid one! I started out at West Point, then served in the military, then went into the FBI, and then corporate America. I got into security in 2002 supporting voice over IP and a security operation center for the World Cup in Korea and Japan for Avaya. From there, I went to Medco and, ultimately, J&J as the global CISO.
Julie: And how did you get connected with Dazz?
Marene: I could say that Merav was stalking me at a health ISAC meeting (laughing), but luckily we just ran into each other. I had been speaking with my head of architecture and technologies about Dazz and other new cloud security companies. By chance, I ran into Merav, and we had a great conversation. When I retired at the end of January, I found that I had some free time. Actually, I had a lot of free time! Merav and I started talking about where I could add value to Dazz, particularly in the areas of business strategy, funding, and technology guidance.
Julie: You and Merav have quite a bit in common as leaders.
Marene: We do! We share a passion for raising women up and helping to make women technologists successful. We also have a common military background – Merav in Israel and me in the U.S. We know what it’s like to be a woman in business, as well as in the armed services.
Julie: What excites you about Dazz from a technology perspective?
Marene: Everything in tech used to be inside the network. Then everything was outside the network. Now we are bringing all of our apps and data to the cloud. Dazz to me is an exciting technology to help companies make this transition in an efficient and secure way.
Julie: You've led technology and security strategies in the U.S. Government and corporations. Are there different needs and pain points, or do you see common ground?
Marene: Everything comes back to the mission. The ability to really get great technology by people who practiced in security in their military mission is very compelling. If you look at venture capital overall in the U.S., there's a lot of people that are not what I’ll call on a mission. They're great technologists looking to make money. However, when you find a company that understands the mission, as well as the adversary and threats coming at it, and you have a security professional that's running that company you get a whole different level of product. I gravitate towards those companies—not the ones just trying to make money, and there are a lot of them out there like that for sure. There are a ton of them out there, in fact.
Julie: What are some of the important trends you're discussing with your peers this year?
Marene: The biggest one is that budgets are going to decrease, and every time budgets decrease people are going to start looking at their tool set. It becomes very, very important that you know the “nice to have” may have to go to the side versus the “I must have this” technologies. The other thing that's happening out there, and this is what I’m hearing more from the CEO, chief digital officer, CIO, and the CTO, is that everybody wants to go digital.
Everybody wants to build faster, better, cheaper, and go to the cloud. Even if they don’t say “I want to go to the cloud” that's really where they're going. And as they do, they're going to need technologies that help enable them do so securely. Eight years ago, it was harder to move your important data to the cloud because security technologies weren’t as robust as they are now. But today, technologies like Dazz make it easy to go digital quickly, and without a lot of friction.
Julie: You mentioned the word friction, and one of the themes that we hear quite frequently is that there's friction between the security teams and engineering teams around remediation and fixing security issues. Did you see or feel this friction as a CISO?
Marene: My strategy has always been to be a department of “yes, and here's how.” On very, very rare occasions I have had to say no. But I will tell you, getting to ‘yes’ has been a ton of work to get security engineering to meet the data engineers and the cloud engineers in their spaces. Using platforms like Dazz closes that gap and makes the process of collaboration and getting to ‘yes’ much easier.
Julie: Shifting gears, there was a great session during RSA held by Insight Partners with the CISO of Raytheon, Dan Finkle. He shared one of this strategies, which was really interesting. Every year he and his team pick two startups to work with as design partners to solve a particular problem, and then with the vendors to build the features and the functionality that that they need to solve that problem, instead of trying to figure out how to build their own solutions with limited resources. What are your thoughts on this approach as a former CISO?
Marene: You know, what Raytheon did is not much different from what we did at J&J. We just collaborated with a company, and they just came out of stealth, so I can talk about it, which was with Cranium. We did something similar with a small medical device security company. Our business partner invested in them, allowing us to create an incubator and get the technology we needed. I've always been a buy versus build type of CISO. Any time that something is bigger than my company and my need, which almost everything is in security, it is better to invest in those companies that can launch and develop those solutions.
Julie: Early thoughts on what you expect Dazz to look like two years from now?
Marene: I believe you will have formed some very, very strong partnerships, and the product will have evolved into a critical platform for cloud security. History shows us that most of the startups out there today won't be here next year. My vision is that 100% of the security companies that are run by security professionals with technologies that solve real business and security problems will be the ones that grow and thrive. I believe Dazz is one of those special companies.