You can learn a lot from first impressions. With Michelle Dennedy, Cisco's Chief Privacy Officer, you learn she's pretty much an open book. "I'm the most un-private privacy officer you know," Dennedy says with a laugh. While she may not take herself too seriously, when it comes to data privacy, she is all business.
Dennedy took what some might consider a circuitous route to a career in cybsersecurity. She majored in psychology at Ohio State and went on to get a law degree from Fordham University. During the technology boom in the late 1990's, she moved to Silicon Valley and worked for Sun Microsystems. That's where she realized how important privacy was and still is. "I love what we do and we're still serving those same types of people that are very vulnerable to technology," Dennedy said. "Technology should serve you. You should not have to be subservient to technology. I still believe it and I still believe we can achieve that."
Dennedy came to Cisco about two and a half years ago after hearing from John Stewart, Cisco's Chief Security and Trust Officer. "I was like, ‘oh my gosh, John Stewart, security rock-star ponytail god,'" Dennedy recalls with the excitement of a bona fide fan. "I was excited about a lot of the things he had in his head about what he wanted to do and how to build privacy engineering into networks and systems." While she liked what she heard, she wasn't sure she wanted to work at another big company, but Cisco's culture convinced her to take the leap. "Cisco really is a place that cares about people," Dennedy said. "The culture of care, the culture of quality, the culture of perfection. Sometimes it irritates the heck out of us while we're doing it, but at the end of the day it results in a high-quality output."
Part of Cisco's culture is recognizing and embracing the need for diversity. In cybsersecurity, only 11 percent of the workforce is female. Dennedy has been outspoken on the need for more women in cybersecurity, but she also understands why so many women have left the industry. "We have to acknowledge there are a lot of battle scars out there and a lot of assumptions that are still being made that are false," Dennedy said. "I've got two daughters and I had a mom who was in the law and we have to be outspoken or we're just going to have these assumptions."
These days, Dennedy speaks a lot about the EU's General Data Protection Regulation (GDPR), which will be enforced beginning May 25, 2018, trying to separate fact from fiction. "People are talking about it almost as if it was Y2K, like the clocks are going to change at the new millennium and everything's going to fall apart," Dennedy said. While the regulation comes out of Europe, it impacts just about everyone who uses the internet, and it can have serious financial consequences for companies that don't comply. "It is the first law that has liability up to four percent of global turnover in cases of data mishandling and data breaches, so there's a massive incentive for people to get in compliance with that law." But Dennedy looks at it as an opportunity. "I think once we've spent time documenting our systems as to where our data is, training our teams to understand the value of data, building up and refreshing our network so that they're patched and they're secure, once you've done the work why not take it for a spin?"
Privacy Sigma Riders
Dennedy has a gift of drilling down into complex issues like GDPR and explaining them in simple terms. She brings that same no-nonsense relatable personality to the airways with a podcast called the Privacy Sigma Riders. "One Sigma is one deviation away from the center of the bell curve," Dennedy explained. "Three to four means you're more and more unique, and so the people that we invite on the show I believe are weirdos in the best ways. What we hope to achieve with the Privacy Sigma Riders is to give you something a little extra. We've had Annie Duke, who's a former World Series of Poker Champion talking about data."
The podcast name came to Dennedy when her oldest of two daughters was diagnosed with juvenile arthritis, and treating it meant using powerful drugs that came with terrible side effects. "At some point she came to me and said, Mama, ‘I just want to be normal.' I was devastated," Dennedy recalled. "I've never been normal so I don't really have a reference point for that. I told her I couldn't take away what she was going through, but I drew a bell curve. I said normal things happen under the curve and that's where everybody is, and it's crowded and sticky and hot and boring. Then I drew a picture of a little girl with her arms flowing out riding down the curve."
Dennedy embraces the unconventional, whether it's driving a minivan that looks like Scooby Doo's Mystery Machine, hanging a swing in her living room, or having a flying pig as her team mascot. "When I first got into this type of business, privacy wasn't even considered to be a full-time job, so my business partner, Jonathan Fox, who is now Director of Privacy Engineering at Cisco, and I would joke with each other and say we would get to do privacy full-time when pigs started flying," Dennedy said. "Ever since then it's one of my favorite mottos. Dream big and anything can happen."