Getting to the point where you're proactive is "utopia," says Jadee Hanson, CIO at Code42.
When Jadee Hanson was a student at Eveleth Gilbert High School in a tiny town in Northern Minnesota, she wasn't just a student -- she "actually worked for the technology coordinator of my school district," she said. "I worked for him for free a couple of days after school every day just putting together computer labs." He would purchase computer parts and assemble them, to save the school district money, and in the process would " teach me kind of everything he knew about networking and about setup and whatnot," Hanson said. It was the beginning of her desire to learn more about technology.
Today, Hanson works as both the CIO and CISO at IT security company Code42. Her new position comes after a career of leadership roles at Target, as the security lead when CVS Health bought Target Pharmacies, and as a security consultant at Deloitte.
After high school, Hanson earned her degree in Computer Information Systems at the University of North Dakota. Ever ambitious, she "loaded on all the credits" and finished school in three years. Afterward, she landed her role at an Enterprise Risk Services Organization at Deloitte.
"We were doing security services when a lot of companies didn't actually even know what security services were back then," Hanson said. Things like pen tests -- which weren't a mainstream term back then. Hanson was there for six years, but eventually tired of the constant travel. When she missed her daughter's one-year doctor appointment, "I was like, "OK, I need a new job."
Luckily, her mentor found her a local job, and put her onto the Target account, working for Deloitte. She later decided to stay at Target, and was there for about eight years, "in pretty much every part of their security organization," she said.
Target allowed her to build teams and a security structure, which was "so much fun." And the giant Target breach of 2014, which was "really insane," was also a learning experience. "I wouldn't recommend it, but I can definitely look back and think about all that I learned through that."
Hanson eventually wanted to move to something smaller, and found out about Code42, about five years ago, which had a need to lead insider risk, which she specialized in at Target. "I thought, gosh, it's such a huge need to change how we do this and how we build software to deliver in this space," she said.
SEE: How to build a successful CIO career (free PDF) (TechRepublic)
A year and a half ago, Hanson moved into the CIO role at Code42. "All aspects of security and then now, our IT organization, as well as our Enterprise PMO Organization roll up to me."
Being at a smaller organization is really empowering, Hanson says, because things can get accomplished more rapidly.
She sees the roles of CIO and CSO as deeply intertwined. "The key is that they're both very much focused on enabling the organization to succeed," Hanson said. "In the CIO space, it is a little bit more focused on equipping the organization with the right technology to make it successful. And then the CSO side, it's very much about protecting the organization and then driving kind of the right risk mitigation practices within the company."
On a typical day, Hanson hops on her Peloton and joins a ride with her cousin and neighbor. After, she walks her dog, and is almost always at her desk by 8 am. The day consists of many meetings, but she considers her role "very much like the GPS on a car," she said. "I know where I want the team to get to and the things that I want done, and I understand the best way to get there. But I have a team of really capable leaders and I'm going to let them decide all the twists and turns and ways that they're going to try to get to our end goal."
Her job is helping her team stay on course, "whether that's bringing them into a specific discussion that they need to hear so that they're successful, whether that's having a really tough conversation to say, 'You know, your thought process on this is wrong and here are the reasons and whatnot'––whatever that might look like."
She sees her leadership style as "servant leadership."
"I'm here to make the company successful and drive the right things for the organization, but I'm also here helping to work for my team too," Hanson says.
Hanson's biggest challenge is being proactive, versus reactive. She wants her team to be ahead, whether that means doing ransomware exercises, or thinking about what kind of IT the organization needs "before the teams themselves say, 'Hey, we need that tech,'" she said.
"When you get to that point where you are proactive, that's the utopia," she said. "It is insanely hard to maintain it, especially when you have the CSO function as well."
The FedRAMP authorization means that a federal customer has a stamp of approval when buying Code42 solutions. Typically, it takes three years to earn, and involves four different companies. Everyone had to get together to do it, and they finished in it 16 months.
The biggest skills needed for a CIO are innovation and strategic thinking, Hanson said. For the CSO position, "you need an insanely strong ability to be resilient and adaptable," she said. "There's no one day that you fully control because there's always something that pops up. Typically, it's like Friday at five or Saturday morning. So, constant interruptions and things that just take you off course and your ability to be resilient and calm and adapt and change are really key to the CSO role.""
She also sees risk-taking as essential to the job. She added: "I think too many CSOs approach this role as like, 'I'm just going to say no to everything,'" she said, which is the easy option. But being a CSO requires balancing the needs of a board, your CEO, and others, and taking some risk to move forward, which is "an art," she said.
Every day is a "bit like a puzzle," Hanson says. Her husband jokes with her that she will be bored without a challenge. "In this job, you have that––because the landscape is shifting so quickly and because there's always a fire and there's always something new and something different."
"That's the part of the job that some people would hate and other people just absolutely love," she said.
Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and ThursdaysSign up today
Read more articles in this series
- Behind the scenes: A day in the life of a data scientist
- Behind the scenes: A day in the life of a CloudOps director
- Behind the scenes: A day in the life of a cybersecurity expert
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Security threats on the horizon: What IT pro's need to know (free PDF) (TechRepublic)
- Checklist: Securing digital information (TechRepublic Premium)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)