Xerox CISO Dr. Jay. PHOTO: Cybercrime Magazine.

Xerox CISO Dr. Jay On Artificial Intelligence And The Internet of Crimes

Ask The CISO: Q&A with Dr. Jay, Chief Information Security Officer for Xerox and  former Deputy CIO for the White House  Sponsored by Fortinet

– Georgia Reid

Northport, N.Y. – Oct. 6, 2018

Cybercrime Magazine interviewed Dr. Jay to hear her story about being a top woman in cyber, and how she came from being a mathematics major at her local Georgia college to be an award-winning senior information technology and cybersecurity Fortune 100 executive. 

Dr. Jay shares her thoughts on threats from foreign nation-states, her fascination with artificial intelligence, and her concern that the Internet of Things might be less secure than the convenience of smart appliances is worth.   

“Dr. Jay is a truly a next-generation global CISO with a powerful message for the entire cybersecurity community,” says Sandra Wheatley, senior vice president, Global Corporate Communications for Fortinet.

GR: Dr. Jay, could you explain your role as CISO at Xerox Corporation, and what you do at your organization?

DRJ: As CISO, my role consists of securing Xerox assets.  That includes people, technology, intellectual property, and products for our global customers. My team is always active, and they stay busy.

When people think of Xerox, often they think “printers,” but Xerox is also highly involved with creating software involving print infrastructure and workplace solutions. My job is securing this infrastructure with the right levels built in — and making sure that it’s sustainable. 

GR: What would you say are the most significant security threats at a corporation like Xerox?

DRJ: I would say foreign nation-states are the biggest threats to us, and right behind that are competitive companies. There are those who would love to copy and build the superior printers that we manufacture and sell. Intellectual property is critical to us, and a lot of my role is protecting and securing this. 

GR: Did your experience at the NSA and the White House prepare you for combating threats like foreign nation-states in the private sector?

DRJ: Yes, absolutely.  My experience in the U.S. government prepared and gave me some depth in that area to identify specific signatures.  Every foreign state has its own cyber identity. Just like you get a different feeling when you travel from a different state in the U.S., or to a different country on an overseas trip, every nation has its own identity when you talk about hacking.

Based on my years of experience, I have a gut reaction and can recognize a code or an attack from a particular area.  There are similarities in any country — we call those signatures. Vast experience in that area helps in my current environment. I have a heightened level of awareness to these coding styles in attacks. 



GR: Can you build on that — how else did a role in government, both with the NSA and at the White House —  shape your career path?

DRJ: I have said many times that those who work in the public sector should go work in the private sector, and vice versa — those who are in the private sector should work in the public sector.  This is how we get the best, most well-rounded cybersecurity professionals. 

For example, when you work for the NSA, your idea of security is very different. You are on 100 percent lockdown when you’re at work. By bringing this idea of cybersecurity to the private sector, you and your company will benefit.  You can challenge others and then you yourself will be challenged.  The same goes for someone coming from a private company and coming to the government. You’ll be able to bring the latest trends to your role. We have much to learn from each other in both areas.

GR: Do you have advice for someone looking to start a career in cybersecurity?

DRJ: I’d say no matter what you do, live in the moment, but also think outside of the moment. Cybersecurity is a broad area to go into, but you can also be very niche. Enjoy and learn in the moment, but remember you are part of something more comprehensive.  Live outside of the moment, have that 50,000-foot view, see what’s happening outside your space, and think about the future. Take all the information you can get. What you’re learning now, apply it to the future.

Cybersecurity and technology is a great field. Things change so fast, you’ll never be bored.

GR: What is something you wish you knew when you first went into this career?

DRJ: One thing I wish I’d understood was how big the world is. I’m from a small town. I came to the NSA from my hometown of Albany, Georgia. So even when I was at the NSA writing algorithms, my mind was still focused on the local.  Once I started traveling around the world and seeing technology around the world, I woke up and said wow, there is so much more to know.

GR: As a young person growing up in a small town, were you interested in technology, law enforcement, or something like that? How did you come into cybersecurity as a profession?

DRJ: As a girl, I loved taking things apart and trying to figure things out, so I always had a curious and technical mind.  However, I didn’t think about cybersecurity as a career until I went to college. I was introduced to the NSA in college. They were having a recruiting event, and they got me very interested when they said to me, “We have secrets to tell, but you can’t know until you’re part of the NSA community.” 

I was a mathematician getting a math degree, and I knew I didn’t want to teach. Cyber was a more exciting career opportunity, and the mystery of it all, these secrets were very alluring to me.

I finally found what I thought was a “coolness factor” concerning math.

GR:  How do you think we can attract more young people to this field?

DRJ: When I think about how we often present STEM to young people today, I think we miss out on explaining the coolness of it.

At the NSA, I started solving algorithms and putting together cryptographic algorithms. I was working with codes and math on a daily basis, but it was also exciting. 

I often ask young people, “How many of you have secrets that you don’t want anyone else to know? What if I told you I could figure it out with math?” Cybersecurity is about protecting and how to get to secrets. I think that could make it more attractive to young people today.

GR: It sounds like mathematics played a prominent role for you in your early career.  Do you feel that a background in math or STEM is necessary to be successful in cybersecurity?

DRJ: I think you need a scientific mind, and an artistic mind, combined. I’m a musician; music is my biggest hobby. I use my creative, musical side to divide my scientific, mathematical, logical side. If we only focus on the rational side, the scientific side, we’ll be boxed into that kind of thinking. By exercising our creative sides, we’ll realize that adage, “there’s more than one way to skin a cat,” is also true in cybersecurity.  We are better equipped to anticipate cyber risks with the creative, artistic side of the brain activated.

The logical brain focuses on the problem at hand, and the creative mind will look for other issues beyond that. I enjoy thinking up problems before they even occur.   

GR: Speaking of the future cybersecurity risks, what is one area that you’re particularly concerned about in general, outside of work?

DRJ: I think about the Internet of Things — it’s so very diverse and it’s everywhere, from our personal appliances at home to a Xerox printer at a company.

It’s that ability and level of connectedness that worries me as we expand connected devices more and more into our lives and our homes. I often ask, “How much security are we sacrificing for the threat of convenience?”

I’m not worried about myself or the tech-savvy millennial so much. Rather, I’m concerned for people who aren’t so aware. The threats from the IOT are things that are impacting everyone as a whole. Now we have all these other tools that are connected and exposing us more and more.

Cybersecurity used to be a threat for business. Now it’s personal. It’s going to getting more and more personal in the future.

GR: Well aside from this threat, is something you are working on that you are particularly excited about?

DRJ: I’m excited about artificial intelligence (AI). I’m intrigued by it as a way to combat future attacks. If we think of the current “threat groups” — hacktivists, nation states — there will always be a new and more significant threat.

Including AI. You have AI engines now attacking you, and learning at a faster rate than you can see. So this has me not just nervous, but also intrigued and excited. I keep thinking, my gosh, an AI engine can learn from an attack and use that attack as a defense. Someday, it might be AI versus AI.  It sounds like science fiction movie material, but it’s real!

GR: Anything else you want our readers to know?

DRJ: Only that if you’re reading this in two years, this article could be irrelevant — we will be consumed by something else.  Technology changes very quickly, and that’s what makes my job so exciting. 

Georgia Reid

Dr. Jay is CISO for Xerox Corporation and Former Deputy Chief Information Officer of the Executive Office of the President under former President Barack Obama. 

Ask The CISO Archives


SPONSORED BY FORTINET

From the start, the Fortinet vision has been to deliver broad, truly integrated, high-performance security across the IT infrastructure.

We provide top-rated network and content security, as well as secure access products that share intelligence and work together to form a cooperative fabric. Our unique security fabric combines Security Processors, an intuitive operating system, and applied threat intelligence to give you proven security, exceptional performance, and better visibility and control–while providing easier administration.

Our flagship enterprise firewall platform, FortiGate, is available in a wide range of sizes and form factors to fit any environment and provides a broad array of next-generation security and networking functions.

The Fortinet corporate brochure explains how we deliver comprehensive network, endpoint, application, and access security.

Learn more at Fortinet.com.