From businesswoman to cybersecurity chief, Gina Gobeyn took a nontraditional route to the payments space and found that it made all the difference. In this month’s blog series, Gobeyn explains why soft skills are just as important as technical skills when it comes to protecting data and fighting bad guys.
How long have you been at Discover and what is your role?
Gina Gobeyn: I’ve been with Discover for quite some time. What’s exciting about being in the payments space, and with security or risk management, is that payments continue to evolve around the globe. And, for me, I’ve found it both personally and professionally rewarding to feel like I was helping to secure the integrity of the payments channel. I don’t feel like I’ve ever been in a position where I’ve not been learning or been able to help build programs that help manage the safety and soundness of what we are trying to achieve from a security perspective in payments.
How did you get started in cybersecurity? What led you to that career choice?
Gina Gobeyn: What led me to cybersecurity was kind of by accident. I had a great opportunity as someone just graduating from college. I was a business major and went to work for a small managed security services company that was willing to give a bright, eager, college graduate a chance. I was able to get certified and trained and I loved it. I loved the idea of protecting companies, protecting systems, fighting bad guys. I think the payments industry is a very exciting place to be. I always felt that I was working on something that was adding value to the greater good. I’ve had the opportunity to learn and grow from just the nature of the work that payments offer.
What do you see in the future for women in the cybersecurity industry?
Gina Gobeyn: I remember a time, as a very young professional in information security, when there were not many ladies at conferences or meetings. In fact, one of the measures I used as a gauge was the line for the ladies’ room. It was the only place where there was never a line. But, if you’re ever at one of the PCI community meetings or conferences, that certainly has changed. There’s a lot of opportunity and there are many women in security now. I think the future just continues to become brighter as security becomes more important to companies.
What advice would you give to young women who are interested in a career in cybersecurity?
Gina Gobeyn: For women who are interested in security, I think first and foremost, the desire must be there and then, with the desire, it’s all about focus. It’s not required that you have a technical or cyber degree to be in an information or cybersecurity role. It certainly helps and there are a lot of opportunities to pursue education now at different colleges or certifications that can help you get started, but what’s interesting about security is that some of the soft skills are also necessary. Whether it’s risk management, whether it’s business, whether it’s behavioral sciences, having the desire and the aptitude to learn and really engage, to understand what the business schools are, to have the ability to translate very complex technical controls or programs into a way that’s tangible for a business to be able to adopt and sustain, all that requires some technology, but also some of those softer skills that are equally as important in the security world.
What aspects of your job do you enjoy?
Gina Gobeyn: Early on, I was definitely in a very technical career path and at some point, I decided to move into a business role where I was building security programs from a business unit perspective. What I liked about that – and what I think is foundational to how my team runs today – is that we are somewhat of the liaison. We can help the business grow and support the business goals while also making sure we have strong risk foundations, primarily in security. That makes me feel like I’m making a difference. It makes my team feel like we are working towards something that is very important. There’s a lot of reward in feeling like you’re working towards something that’s helping support the business and its goals, but also making sure that the payments are secure.
What value does the Board of Advisors contribute for PCI SSC?
Gina Gobeyn: The Board of Advisors role is really critical because there are only so many of the Council staff, limited resources, time, people and money. The Board of Advisors represents a global swath of the industry that we are trying to target. We need their feedback and we need them to help us pivot and address concerns or where we need to do more from a security perspective. For example, they help us determine new form factors, new threats, how to better reach certain populations of the world, how to grow adoption to our security standards, making sure our security standards remain relevant and that they are reasonably able to be achieved. All of that feedback is really important as we get direction from the Board of Advisors and the supporting participating organizations community.