Nasdaq Women in Technology: Colleen Valentine, Head of Information Security Governance and Compliance
Colleen Valentine is the Head of Information Security Governance and Compliance, reporting to Nasdaq’s Chief Information Security Officer. Colleen is responsible for the “softer”, people side of Information Security, including policies and standards, IT control library, metrics and board reporting, alignment to industry standards, cyber security regulatory compliance, global security awareness programs, program communications, and the Nasdaq Cyber Service Center which manages the security due diligence requests received from Nasdaq's clients. We sat down with Colleen to learn more about how she became involved in the cyber security industry, and how technology has influenced her role at Nasdaq.
1. How did you become involved in the cyber security industry, and how has technology influenced your role?
Technology has influenced my role in that I need to be a bridge between the technologists and key partners – external groups like regulators and clients, or internal groups like our business partners. My team helps to take complex technology and cybersecurity topics and translate them for broader audiences.
Before I started at Nasdaq, I received my Master’s Degree from Georgetown University in Communication, Culture, and Technology. I was interested in learning key technology concepts and how communications can be used for change. My first job at Nasdaq merged all those areas of interest – I started as a Communications Coordinator within Information Security. Fast forward seven years later and I am still here in Information Security and Global Technology!
2. Why are infosec and cyber security such crucial components to an organization’s success?
The key tenets of Information Security are to protect the confidentiality, integrity, and availability of information. This ‘CIA triad,’ as it is known in the industry, shows how important information security is to an organization. With high profile breaches having a common place in the news, organizations not only need to maintain a mature Information Security program, but also need to promote a culture of security. It is every employee’s responsibility to ensure they are security aware – that they know to question suspicious emails, to keep their devices upgraded, and to maintain complex passphrases or passwords and use two-factor authentication. Our program maintains a consistent level of rigor and monitoring across all of our products, applications, and environments including trading platforms, market data, market technology, and board and leadership apps. These environments are also independently architected, redundant, and utilize a significant amount of network segmentation and defense in layers.
3. Throughout your career, what challenges have you been presented with that you’ve had to overcome?
Cybersecurity is an interesting field because it is constantly changing, meaning that I am continuously learning and figuring out how to adapt to the changing culture. Ten years ago, cloud technology and the idea of big data were in the nascent stages. Now, these topics dominate the conversation, especially when it comes to cybersecurity and the controls that are needed in those environments. When it comes to my regulatory compliance responsibilities, those are also constantly changing in order to reflect new technologies. I’ve spent many afternoons reading complex regulations in order to ensure our information security control framework is in alignment with all requirements.
4. How has being a woman in the technology industry impacted your career?
Being a woman in technology has motivated me and inspired me to continue my career in this space. I am passionate about inspiring woman to pursue STEM based careers and hope to be a role model for other women. At Nasdaq, we are fortunate to have senior leaders like Angie Ruan, Brenda Hoffman, Heather Abbott and of course, our CEO, Adena Friedman, who lead by example.
5. What advice would you give to young professionals who aspire to be in the technology industry?
One piece of advice I would give to young professionals is to focus on the on-the-job learnings. Look for a company that has a learning and development team and management that will have you participate in interesting projects that help grow your knowledge. While degrees and certifications are helpful, a lot of what you need to know, particularly in cybersecurity, is learned by doing and getting hands-on experience.
To learn more, watch the interview with Colleen Valentine.