You are currently viewing MongoDB eliminates the security skills gap with its Security Champions initiative

MongoDB eliminates the security skills gap with its Security Champions initiative

At the time of writing, there were 714,548 cybersecurity job vacancies in the United States, with a supply-demand ratio of 66 qualified applicants for every 100 vacancies.

But database-as-a-service provider MongoDB Inc. has no problem finding trained candidates when there’s an opening in its security team.

“We have the Champions program,” said Lena Smart (pictured), chief information security officer at MongoDB Inc. “So the minute one of my jobs hits the board, they get the first tips… [and] there are ripple effects on over a hundred people internally. I think just having that was a game changer.

Smart spoke with theCUBE Industry Analyst Dave Vellante at AWS re:Inforce, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s live streaming studio. They discussed MongoDB’s Security Champions program, Smart’s fiscally responsible attitude towards security, and how staying ahead of the game in security requires a “meerkat attitude” to monitor what’s going on. could be on the horizon. (*Disclosure below.)

MongoDB sets up an internal cross-departmental team of security volunteers

The MongoDB Security Champions program was created out of Smart’s desire to help underrepresented groups advance in their tech careers, but it turned into a win-win situation for the security department, the company and the employees.

There is no barrier to entry for the program, which is open to anyone in any position in the company. Currently, more than 100 MongoDB employees participate, and they represent every department and geography where MongoDB operates. If an employee wants to learn cyber skills, all they have to do is volunteer to join the Security Champions team (with the approval of their supervisor). Then, in addition to their usual responsibilities, they work alongside MongoDB security experts, helping with things like preventing phishing campaigns, testing things like Queryable Encryption, and learning about Amazon Web Services tools.

The program reverses the security paradigm by transforming employees from a security liability into an asset, generating a culture of security awareness within MongoDB, according to Smart. It also creates an internal pool of security-skilled employees who jump at the chance to join Smart’s department whenever there’s an opening. And it gives the security team insight into operations across the enterprise and breaks down barriers between departments.

“We have people who have such deep knowledge in other areas of the business that I could never learn no matter how much time I had,” Smart said. “To have that reach and depth of people with a long history in the business, technically brilliant, [that] I really want to understand how they can apply the cultural values ​​we live with every day to strengthen our safety programs…it has been a game changer for us.

Strong partnerships and fiscal responsibility mark Smart’s security strategy

MongoDB’s board of directors supports Smart and her team, and she meets with them regularly to discuss the company’s security needs.

“I actually get their attention for at least an hour once a quarter, which is almost unheard of,” she said.

Her close relationship with the company’s directors and the fact that many of them sit on other boards has helped her network with other CISOs and share her knowledge. She specifically mentioned Dev Ittycheria, President and CEO of MongoDB.

“Dev is a big, big fan of security and [governance, risk and compliance]”Smart said.

Unlike some CISOs who Smart says “have all the tools available” because it’s brilliant and it’s new “and they know the board will never say no”, MongoDB’s naturally frugal CISO embraces a fiscally responsible approach to spending the company’s security budget.

“I always tell my team to treat that money like it’s yours,” Smart said.

When she evaluates a new tool, she makes it a point to speak to that company’s CISO to make sure MongoDB gets the best deal. It also suggests partnerships that could mutually benefit both companies. MongoDB’s partnership with Amazon Web Services Inc. falls into this camp.

“[AWS] is very proactive in terms of where we are from a safety perspective,” Smart said. “When we sit down with them…it’s not a conversation that’s a surprise. When I tell them this is what we need, they’re like, ‘Yeah. We are already on it.

Here’s the full video interview, some of SiliconANGLE and theCUBE’s coverage of the AWS re:Inforce Event:

(*Disclosure: This is an unsponsored editorial segment. However, theCUBE is a paid media partner for AWS re:Inforce. Amazon Web Services Inc. and other sponsors of theCUBE’s event coverage have no editorial control over theCUBE or SiliconANGLE content.)

Photo: SiliconANGLE

Show your support for our mission by joining our Cube Club and our Cube Event community of experts. Join the community that includes Amazon Web Services and CEO Andy Jassy, ​​Dell Technologies Founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many other luminaries and experts.

Leave a Reply