People 12 October 2017
Theresa Payton caught the technology bug while still in high school during a stint in computer support at the Quantico Marines Corps Exchange. After graduate school, she held executive roles in banking technology at Bank of America and Wells Fargo.
She founded the cyber-security company Fortalice Solutions, where she's the CEO, a company that provides expertise to government and private sector organizations to help them improve their information technology systems, and is now one of the 50 top influencers in security and fire.
Digital data collection and surveillance has grown increasingly invasive, and a majority of people (myself included) do not know the full extent to which data is collected, stored and used. Should we be concerned, and if not then why not?
Everyone is collecting data on you at every moment -- your phone when it talked to WiFi and cell towers is telling the phone company where you are. When you use apps, the apps know where you are even when you turn location data off -- it knows where you are because it knows the cell phone tower you're talking to. For the most part, the reason behind this is mostly positive. They're trying to understand your behaviors to offer you coupons and deals, and providing Amber Alerts and weather alerts to keep you safe. All of this collection is done for a good purpose.
However, we're still working out the social norms, like what constitutes whether our privacy is being invaded in the digital world. We also haven't spent enough time thinking about the fact that everything is hackable. My team hasn't found a database that they couldn't crack into. We must change the conversation to, “If you're going to collect the data to help me, how are you going to protect that data when you eventually get breached?"
Have privacy laws been able to keep pace with digital technology? As an example, if I'm grilling fish in my backyard can a neighbor “observe" my actions, via a camera drone, without breaking the law?
In my opinion, privacy laws have not been able to keep up with the digital age. Technology, specifically drones, have been a great tool for law enforcement in spotting potential victims and helping rescue those who need help in dangerous conditions. But with the popularity of domestic drones, this is a discussion that as a society we need to have. It's common knowledge that it's not polite to peep through people's windows -- it's illegal. But do we have any laws protecting us from our neighbors protecting us from flying a drone over our backyard? We don't -- at least not yet.
You served as the first female Chief Information Officer at the White House, overseeing IT operations for President George W. Bush and his staff. What was that like?
I thought from my previous work experience that I'd seen it all -- but when I got to the White House, I realized that wasn't the case. The pivotal moment for me that shifted how I design a security strategy started on my first day. It came down to the people who served at 1600 Pennsylvania and across the entire 3000+ person Executive Office of the President. We knew we had to address the hearts and minds of the staff if we wanted to protect their privacy and security.
After all, if solving cybersecurity and privacy issues were as simple as following security best practices, we would all be safe. It's not that simple. Two key questions came to me the first 90 days at the White House that I had to answer or we would have had a major calamity:
- Why, in spite of talented security teams and investments on security, do breaches still happen?
- Why is it, that despite hours and hours of boring computer based training and security campaigns, we still make mistakes and click on links?
This made me realize that we must critically reexamine how we assess our security technology, procedures, and methodology to fully understand the full scope of risk we bear daily and to determine the best course of action to mitigate this risk.
Theresa Payton speaking at Microsoft CISO. Photo Courtesy of Briana McDougall
What is the future of biometric data? Are we headed toward voice-activated email access, eliminating the need for keystroke passwords?
Biometric data is becoming much bigger because of the collection methods, like cameras, voice recognition and other methods capturing your image and the measurements of your physical form. Law enforcement can use it for identification purposes, and businesses can use it in their favor, as well. For example, banks like to know their customers are who they say they are, which ultimately protects their customers better.
We need to think of biometrics on a continuum -- on one hand, you can take things like your face or your voice which are physical things that we offer. These are very public biometrics. There are also more private biometrics, like how we walk, our hand geometry or the measurement of our eyes. As we move further down the line, it becomes more disconcerting of what people are taking, as they're all biometric measurements that can be made.
As an extension of the previous question, what might happen if this (potentially) promising technology falls into the wrong hands, like cybercriminals, fascists and military dictators?
We've actually already seen this technology fall into the wrong hands. In my book, Privacy in the Age of Big Data, I give the example that cybercriminals can use gummy bears to copy people's fingerprints and machines recognize them as legitimate. Gummy bears! The reality is that this already happens and we must continue to design security systems for the human psyche and continually evolve best practices to stay ahead of cybercriminals.
How can we “adjust" or better manage our digital behaviors in order to safeguard our privacy?
Most people think free wifi is harmless, but would you use a free toothbrush that was just lying on the floor? Of course not -- because you can't guarantee the hygiene of the toothbrush. Similarly, you shouldn't use free wifi because you can't guarantee its hygiene either. Never use free wifi when conducting sensitive and confidential transactions. The alternative is to use a portable hotspot or to use your cell phone as your own WiFi connection.
Additionally, call your device manufacturer to ask them how to enable encryption and password protection. Consider implementing two-factor authentication for logins on your devices, and use it for all work and personal apps and email addresses as much as possible. If you have someone steal your credentials, unless they have your smartphone, they will not have that code to get into your accounts.
I, like many motorists, have an E-ZPass device. Can I be monitored beyond the toll area? I cannot help but to appreciate the irony: I'm always toting my smartphone everywhere I go. But I read something about the E-ZPass device being used to determine traffic patterns, primarily in heavily congested areas. Is there any truth to this?
A lot of times when using an E-ZPass, we expect them to know we went through a certain toll because they debit their accounts. But do you expect that when you get away from the toll booth? When you use an electronic toll collection system, like E-ZPass, you also open a door for possible government snooping. For instance, in New Jersey, law enforcement can and will access E-ZPass records for criminal cases, but can only do so with a court order.
But when you're not at the toll booth, transportation authorities can install readers that read the tag on your windshield anywhere and monitor your tag anytime you pass -- not just when you pay for the privilege of driving on the road.
In the San Francisco area, the Metropolitan Transportation Commission tracks and collects information from fast passes. If you know about tracking and want to opt out, they provide a bag of Mylar so you can block signals when you are not using the pass to pay a toll.
This doesn't mean you shouldn't use E-ZPass, you just need to determine where on the continuum you fall between risk and reward.
Does anti-drone clothing exist, and if it does, what is it?
Anti-drone clothing does exist. Even though a lot of the good guys use drones, the bad guys use drones, too. In trying to protect our military, just wearing desert camouflage wasn't doing it anymore, so there are anti-drone clothing, blankets and hoodies, which is also available to consumers, too. These will help blur a heat signature, as well as help blur facial recognition technology.
How safe is my digital information? Am I worse off, in some instances, if my email address is stolen versus my social security number?
We're often focused on protecting information like social security numbers, bank accounts and healthcare information, but as you mention, cybercriminals also steal email addresses, habits and demographic information just as, if not more often. I don't hear many concerns about protecting this data, but it could be more valuable than something like your social security number. Part of it is that adversaries are becoming much more sophisticated when it comes to technology, and they're starting to see more value in many of these other pieces of information about you; knowing where you're going and what you're doing.
Has digital privacy ended?
What people need to realize is that 'delete' is never really 'delete.' It's incredibly difficult to be digitally invisible, but it is possible. What I love about the privacy discussion is we are finally having one. I don't believe people really understand up until recently that every finger swipe, mouse click, ATM visit, etc. is being memorialized, correlated, and categorized for future use. On the surface, this data is collected to be "helpful", but that data in the wrong hands is actually not helpful at all. I do think privacy is a personal decision -- while someone may need to be wide open on social media to further their brand/career, a young teen needs more privacy and protection.
Smart homes technology may be all the rage, (Google purchased Nest for approximately $3 billion, a smoke detector and thermostat company), but what if the wrong people hacked into this technology: home security, might I return from vacation to see that I'd been robbed?
How did the Equifax hack occur?
Cybercriminals have nothing but time and motivation on their hands to carry out vicious cyber attacks, so Equifax (which houses hundreds of millions of people's sensitive data) is an understandable target for them. I can't comment on the exact specifics of how they achieved their attack as that information is still being investigated, I can say that data segregation is of utmost importance to any size business. We no longer live in a world where breaches are IFs - breaches are WHENs.
How might we make STEM careers more female-inclusive?
While I haven't been shy to talk about the lack of women in STEM careers, the real problem is the overall lack of diversity in STEM. We desperately need fresh ideas, different perspectives, and creative solutions to our problems and having a diverse, inclusive workforce allows for those ideas to flourish.
Personally, I am over the top excited that we are on the cusp of turning the page on not only a new year but also on a new 10-year window of opportunities and possibilities!
You may be thinking, whoa…I am just embracing the fall season…yikes… it is tough to think about a new decade!
Yet it is this groundwork, this forward thought that you put in place TODAY that will propel you and lead you into greatness in 2020 and beyond. Designing a new decade rests in your ability to vision, in your willingness to be curious, in your awareness of where you are now and what you most want to curate. Essentially, curating what's next is about tapping into today with confidence, conviction, and decision. Leading YOU starts now. This is your new next. It is your choice.
Sometimes to get to that 'next', you need to take a step back to reflect. Please pardon my asking you to spend time in yesterday. Those who know me personally, know that I created and continue to grow my business based on enabling the present moment as a springboard for living your legacy. So, indulge me here! True, I am asking you to peek into the past, yet it is only in order for you to bring the essence of that past forward into this moment called NOW.
One of the best ways to tap into what's next is to clarify what drives you. To design a new decade, ask yourself this question about the past ten years:
What worked? What were my successes?
Make a list of your achievements big and small. Don't type them, but rather use ink and paper and sit with and savor them. Move your thoughts and your successes from your head, to your heart, to your pen, to the paper. Remember that on the flip side of goals not attained and New Year's resolutions abandoned, there was more than likely some traction and action that moved you forward, even if the end result was not what you expected. Once you have a full list of a decade's worth of personal and professional accomplishments, think about how this makes you feel. Do you remember celebrating all of them? My guess is no. So, celebrate them now. Give them new life by validating them. Circle the successes that resonate with you most right now. Where can you lean into those accomplishments as you power into the decade ahead?
Now comes a tougher question, one that I used myself in my own mid-life reinvention and a question I adore because in a moment's time it provides you with a quick reconnect to your unique inner voice.
If it were 10 years ago and nothing were standing in your way, no fear or excuses to contend with…what would you do?
Don't overthink it. The brilliance of this question is that it refocuses purpose. Whatever first came to mind when you answered this for yourself is at its core a powerful insight into defining and redefining the FUTURE decade. Bring your answer into the light of today and what small piece of it is actionable NOW? Where is this resonating and aligning with a 2019 version of yourself?
Then, based on your success list and your answer to the above question, what is your 2020 vision for your business and for the business of YOU?
Designing a new decade begins as a collection of 3,650 opportunities. 3,650 blank slates of new days ahead in which to pivot and propel yourself forward. Every single one of those days is a window into your legacy. An invitation to be, create, explore, and chip away at this thing we call life. One 24-hour segment at a time.
While you have a decade ahead to work on design improvements, you have the ability to begin manifesting this project of YOU Version 2020 right NOW. Based on exploring the exercises in this post, begin executing your vision. Ask questions. Be present. Let go of 2019 and the past 10 years so that you can embrace the next 10. Position acceptance and self-trust at the forefront of how you lead you. One choice at a time.
Don't get bogged down in the concept of the next 10 years. Instead position clarity and intention into each new day, starting today. Then chase every one of those intentions with an in-the-moment commitment and solution toward living a legendary life!