Although Ariel Saldin Weintraub did not set out to have a career in information security, her interest in the field grew while working as a consultant in a technology advisory practice. After acquiring her bachelor’s degree in business, she started at one of the big four consulting firms. During this time, while working with a specific client, she had a one-off opportunity to join their security team to help with a penetration test.
She says, “I’m definitely a ‘fake it till you make it’ kind of person. I decided to take that penetration testing opportunity and use some of the things I remembered from a security class I took in college. However, I figured out how to do the majority of the penetration testing by purely hands-on work. The engagement was one week, and after it was done I decided I didn’t want to go back to the other part of the practice I was in; I wanted to switch to the security practice. Since then, I’ve always worked in the cybersecurity space, and most of what I’ve learned has always been hands-on. I did end up going back to school and getting my masters to fill in some of the more focused computer science concepts that I had missed with having a business degree.”
Weintraub worked in a number of organizations, moving her way up to information security leadership roles while gaining a robust breadth of experience. In her current role as Head of Security Operations and Engineering at MassMutual, Weintraub mainly focuses on security operations and talent development.
FOCUSING ON BUILDING TEAMS AND PROGRAMS
Weintraub says, “I’m really drawn to opportunities that give me the chance to leverage the more creative side of problem solving. The role I’m in now gave me an opportunity to focus on the deep technical aspect of what I’ve always loved within security operations, but also on ways to improve some of our talent development and retention challenges. I don’t love running an existing function that’s already operationalized and very mature. I really like to get involved in the details and help solve problems, getting involved in the day-to-day with the team. Then, I like to move on to something else when the new functions and teams are established. This role was a healthy combination of those two things: part of the team was already functioning at a pretty high level of maturity, while other aspects of the team needed more rebuilding. I liked the idea of being able to do a little bit of both.”
Weintraub brings together different functions of team integration that might not historically interact and aligns these areas with new capabilities. She enjoys responsibilities that enable her to work within various groups and develop her skillset in a holistic manner. The teams she manages didn’t previously report into the same leader. Since she was the first individual in her specific role within the organization, she has been able to develop foundational principles and educate other departments on what the role means to the organization and security function.
Weintraub is focused on building a diverse talent pipeline. She explains, “We’re building a global security operations center or SOC that we’re looking to use as our source of talent for the rest of the cybersecurity organization. We bring people into the SOC and then after a certain period, move them into another role that is mutually beneficial. They learn a broad knowledge of different domains that they can bring into the new program that they move into. As part of staffing some of our new SOC locations, we’re partnering with external organizations that focus on recruiting and training diverse talent; in particular, women, veterans and minorities that come from underprivileged backgrounds, or people that may have not had the opportunity to obtain a four-year degree.”
She is also focused on integrating data science and implementing automation into their programs. By leveraging a combination of the in-house data science team as well as vendors that focus on machine learning and other data science capabilities, she hopes to evolve the organization while reducing risk.
LEADERSHIP STYLE AND COMMUNICATION
Weintraub follows the transformational leadership model. She comments, “In particular, we’re introducing a lot of new programs and capabilities that require a lot of change. This impacts our organization and a lot of other areas of the company. The more you empower the team to self-motivate and make their own decisions, the more likely they are to come along in that journey. Our strategy is transforming from compliance-based to risk-based, which can be a significant amount of work and shift in how you think. I try to empower my leaders to motivate and encourage their teams.”
Throughout her career, Weintraub gained different skillsets by diversifying the types of responsibilities she performs. She enjoys challenging herself to gain broader exposure to different aspects of information security, including cyber risk. She leads by example and focuses on always being able to see the bigger picture in order to deliver positive results and impact change.
WOMEN AND SECURITY
“As I mentioned, one of my mottoes is ‘fake it till you make it’, but it’s also about empowering those around you to do the same. That’s why I’m passionate about encouraging more women to join the industry - sometimes the number of men can be intimidating, as is the technical nature of the domain. It’s about encouraging people to take a chance. In general, I’m very passionate about women in cybersecurity. And that’s why I continued to look for opportunities outside of my day-to-day. This month I’m officially joining as a board of director for the ISACA One in Tech Foundation, which has a few different missions; one is empowering women in technology. Another focuses on enabling technology for under-privileged areas. Those are the kinds of things that I am excited about. I look for ways to give back to the community and be involved in things outside of my day-to-day,” says Weintraub.
She continues, “In terms of how my career evolved, I’ve been really fortunate to have participated in organizations dedicated to advancing and promoting women in cybersecurity. I’m on the board of advisors for an organization called the Executive Women’s Forum. Since I first joined that group as an attendee, I’ve seen a really big change in the number of women in the field. I think there’s still more we can do to continue to empower and encourage more women to join.”