march 2023
Special Report: 2023 Top Cybersecurity Leaders
By Laura Stepanek, Contributing Writer
Building Cybersecurity Right
Jadee Hanson plays a pivotal role as Chief Information Officer (CIO) and Chief Information Security Officer (CISO) at Minneapolis-based Code42, a cybersecurity software company that specializes in insider risk management. She has won numerous awards for her approach to creating a positive environment for reducing risk while enabling the company to safely achieve its strategic goals.
But Hanson’s influence goes well beyond Code42. Her public speaking, industry collaboration and mentoring of potential young leaders have contributed to making her a notable figure in advancing the field of cybersecurity.
It all started in high school, where Hanson showed an interest in computers and technology. The school’s technology coordinator took her under his wing and began teaching her how to buy components — fans, motherboards and memory — and assemble tower computers for use in computer labs throughout the school district. “That just really sparked an interest for me,” she says.
Hanson’s first job was in cybersecurity for Deloitte’s Enterprise Risk Services team. She traveled a lot, going from one company to another and assessing their security controls. “That was an incredible experience,” she recalls, which gave her a sense of the type of organization that would be a good fit for her skills, education and interests.
While at Deloitte, Hanson worked on several projects for Target Corporation and “really fell in love with the Target culture.” She eventually took a fulltime role at Target, where she implemented key programs including compliance, risk management and insider threat assessments. Hanson was responsible for security of mergers and acquisitions and was on board when Target sold its pharmacies and clinics to CVS Pharmacy, Inc. In addition to protecting customer health information, she recalls thinking about the thousands of people who were Target employees on a Thursday, who would wake up as CVS employees on Friday — and the importance of securing their identities.
“Enabling the organization with technology comes with security risks. Having both roles, you get to weigh both of them and make sure you know in every single situation that you’re taking on the right level of risk.”
Moving to Code42 seven years ago was a challenge that Hanson viewed as “wild fun” because it allowed her to have a hand in building the company’s cybersecurity program. She recalls doing a lot of culture-setting early on to enable security to become more engaged with the business. Hanson and her team discussed what they wanted people to think of when they talked about security and the elements they wanted to deliver.
“That led to creating a brand statement that served the cybersecurity team as a north star,” she says. They wanted to enable and support the company’s business objectives, rather than quash ideas because they were perhaps too risky. This philosophy spring-boarded all of the eventual accomplishments of Code42’s cybersecurity program.
Four years ago, Hanson was promoted to CIO, in addition to the CISO position she already held. “I think having the two roles together has been really helpful for me and, largely, for the organization. Sometimes enabling the organization with technology comes with security risks. Having both roles, you get to weigh both of them and make sure you know in every single situation that you’re taking on the right level of risk,” she describes.
Hanson is perhaps most well known in the cybersecurity industry for her work on insider risk management. In 2020, she played an integral role in launching an insider risk management detection and response product and securing FedRAMP authorization for it. She also co-authored a prominent book in this field titled, Inside Jobs: Why Insider Risk Is the Biggest Cyber Threat You Can’t Ignore. The book illustrates what security leaders can do to help keep their workforces productive while keeping their data protected.
She believes that managing insider threats at organizations involves both culture and technology. Whereas external threats to data typically involve incidents like malware on an endpoint caused by someone unknown; internal threats typically involve the people with whom one works and has relationships. “We have to take a very different approach. There’s an aspect to doing insider risk that is really cultural, of assuming positive intent," she says.
Hanson demonstrates leadership by sharing her knowledge, often through mentorships and industry meetings. She actively participates in the Women CISO Network Group and Athena Alliance. She also supports Code42’s partnership with the Girl Scouts; at a recent hosted event, more than 150 scouts earned STEM and cybersecurity badges.
Following a mission trip in 2007 with her husband to Dominican Republic, Hanson determined that she wanted to do something for the people of this island nation. Years later, she founded a nonprofit called Building Without Borders. Volunteer groups work alongside families who need safe housing, along with local leaders and people from Christian ministries, building the new homes — which now number 67 new houses.
Like so much of what she does — whether it’s building safe homes for people or creating environments where companies can innovate safely — Hanson says she just likes to see things built right.
Security magazine’s 2023 Top Cybersecurity Leaders award program highlights the accomplishments of innovative information security professionals across sectors.
march 2023 / SECURITYMAGAZINE.COM