Back to Blog Home

On the CISO path: Galvanizing female tech professionals and improving cybersecurity in aviation

United Airlines Vice President and CISO Deneen DeFiore sat down with our vCISO John Bruggeman to share her views on progress in the tech sector, its impact on cybersecurity in aviation, and the difficulties cybersecurity executives contend with due to cyber-crime innovation and many potential network or system vulnerabilities and entry points. Deneen also discusses the struggles that women in cybersecurity encounter. She calls for a more diverse and inclusive industry with greater support structures for women professionals.

Inside the CISO’s Office: Deneen DeFiore, CISO and passionate advocate for women in technology

The cybersecurity battleground

Cybersecurity continues to move forward, and the attack surface grows as it does. Taking control of the full scope of risks and threats will be daunting for the most experienced security staff. Deneen pointed out that for all the headway made in cybersecurity in aviation, security professionals still manage comprehensive systems, networks, devices, and connectivity to external parties. The breadth and depth of that workload gives cybercriminals the upper hand.

The airline executive explained that protecting an attack surface that includes third parties, vendors, and customers makes the job all the more challenging. Managing that threat potential is no small feat. So, threat actors need only find one weak link in the chain to penetrate a system or network.

To a certain extent, attackers are now forced to be more creative in their attacks because technology gives cybersecurity teams a clearer view of operational functionality. For example, supply chain optimization can defend against malware attacks, but cybercriminals are as determined as ever. They are constantly looking for new points of entry, which can make simple features into vulnerabilities.

According to John, cybercriminals are employing social engineering tactics that are more and more intricate in addition to malware and ransomware operations driven by AI and automation.

Manage the attack surface with the right resources

Those working in cybersecurity in aviation must gain a clear outlook on diverse ecosystems and evaluate the risks that result from mergers and acquisitions. Merged assets may leave organizations with some blind spots. For that reason, Deneen suggests frequently taking stock of digital assets. John added that organizations should know precisely where their data is warehoused to safeguard and maintain customer privacy.

Isolating networks with zero trust security strategies like creating separate networks can reduce the harm caused by lost or leaked data. Deneen advises cybersecurity teams to change their perspective on micro-segmentation. While there’s been plenty of necessary focus on test and production environments and data types, more must be done. Durability should receive the same level of importance as data protection. Organizations need to optimize their operations to leverage systems and segmentation.

However, not all businesses are built the same. Security structures can greatly differ depending on an organization’s objectives and network downtimes. A deep understanding of a business’s operations, goals, and success measures can also determine if data protection or durability is the cybersecurity priority. Whichever of those two is the end game will decide which approaches and resources are used.

Deneen highlighted three major points that cybersecurity professionals should understand:

Analyze threat intelligence.

Look at threat potential from the perspective of a cybercriminal. Identify them. Ask yourself what tactics and toolkits they may have at their disposal and, to avoid data breaches, what strategies they might use.

Analyze your organization’s ecosystem.

What data are you safeguarding, and where is it stored? Without that knowledge, you can’t mount a successful security strategy.

Analyze the regulatory environment.

Regulations continue to evolve, determining the consensual and non-consensual privacy rights of customers and staff. Deneen says Russia’s war on Ukraine has resulted in new regulations, which is one reason why cybersecurity in aviation needs to be particularly effective. United Airlines connects with industry networks and policy and rule makers to offer feedback and educate them on airline operations, cybersecurity strategies created by Deneen’s team, and how other departments within the airline are trained in cybersecurity and made aware of relevant threats. Those teams are also taught to recognize potential threats and breaches and make others aware of these situations. Cybersecurity in aviation is a team effort.

Educating and appreciating cybersecurity in aviation

Deneen stressed the need to provide employees with cybersecurity guidance, regular written communications with teams, and simulated phishing scams—the essentials of attack surface management.

But it’s just as imperative to look past those fundamentals. Cybersecurity measures should also account for how employees perform their jobs. When flight attendants undergo months-long training, they’re taught to use an inflight mobile or link device to account for boarded passengers.

AI and ChatGPT: Pros and cons

AI has broader uses outside of cybersecurity. Regarding ChatGPT, John does not support the phrase “artificial intelligence” as he believes it’s more a system of expertise comprising a language index that can configure words and phrases germane to the user’s specific question.

Deneen believes AI to be groundbreaking in certain circumstances. She cites customer service centers as an instance where the technologies can drive more effective business outcomes while improving consumer satisfaction. Customers can avoid long wait times on the phone and gain a quick response based on the organization’s chosen methodology.

For all of AI’s applications, organizations must be accountable for when and how they use these tools. Data privacy should always be a primary consideration, as should transparency and equitability.  There is more that goes into deploying AI than its benefits. It also requires taking responsibility.

Recommendations for women entering the tech field

Deneen’s career in cybersecurity and aviation has not been without some uphill battles. Cybersecurity in aviation does not have a diverse workforce; it disproportionately employs men. However, Deneen still encourages girls and other women to consider the profession.

She says women will thrive in cybersecurity if they have the desire and intelligence to do so, and they should not let anyone tell them differently. They will need self-confidence and the ability to stay the course. That’s not always easy, but a support network, like family, friends, and mentors, can help.

Partner with OnX to manage attack surface risks

OnX ensures clients are aware of the latest threat intelligence so they can stay a step ahead of cybercriminals. We keep our clients current on industry news and host thought leaders from industries like aviation and a cross-section of other industries. Our knowledge base and expert backgrounds will give you a greater understanding of your organization’s ecosystem and compliance needs.

We strongly believe that an interconnected network can change our lives, including a diverse base of staff, clients, and stakeholders. We vow to realize diversity and inclusivity efforts that support our credos of progressive recruitment initiatives and nurturing talent.

Contact us for more information.