Netskope debuts as a Leader in the 2024 Gartner® Magic Quadrant™️ for Single-Vendor Secure Access Service Edge Get the report

close
close
  • Why Netskope chevron

    Changing the way networking and security work together.

  • Our Customers chevron

    Netskope serves more than 3,400 customers worldwide including more than 30 of the Fortune 100

  • Our Partners chevron

    We partner with security leaders to help you secure your journey to the cloud.

A Leader in SSE.
Now a Leader in Single-Vendor SASE.

Learn why Netskope debuted as a leader in the 2024 Gartner® Magic Quadrant™️ for Single-Vendor Secure Access Service Edge

Get the report
Customer Visionary Spotlights

Read how innovative customers are successfully navigating today’s changing networking & security landscape through the Netskope One platform.

Get the eBook
Customer Visionary Spotlights
Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.

Learn about Netskope Partners
Group of diverse young professionals smiling
Your Network of Tomorrow

Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.

Get the white paper
Your Network of Tomorrow
Introducing the Netskope One Platform

Netskope One is a cloud-native platform that offers converged security and networking services to enable your SASE and zero trust transformation.

Learn about Netskope One
Abstract with blue lighting
Embrace a Secure Access Service Edge (SASE) architecture

Netskope NewEdge is the world’s largest, highest-performing security private cloud and provides customers with unparalleled service coverage, performance and resilience.

Learn about NewEdge
NewEdge
Netskope Cloud Exchange

The Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.

Learn about Cloud Exchange
Netskope video
The platform of the future is Netskope

Intelligent Security Service Edge (SSE), Cloud Access Security Broker (CASB), Cloud Firewall, Next Generation Secure Web Gateway (SWG), and Private Access for ZTNA built natively into a single solution to help every business on its journey to Secure Access Service Edge (SASE) architecture.

Go to Products Overview
Netskope video
Next Gen SASE Branch is hybrid — connected, secured, and automated

Netskope Next Gen SASE Branch converges Context-Aware SASE Fabric, Zero-Trust Hybrid Security, and SkopeAI-powered Cloud Orchestrator into a unified cloud offering, ushering in a fully modernized branch experience for the borderless enterprise.

Learn about Next Gen SASE Branch
People at the open space office
Designing a SASE Architecture For Dummies

Get your complimentary copy of the only guide to SASE design you’ll ever need.

Get the eBook
Make the move to market-leading cloud security services with minimal latency and high reliability.

Learn about NewEdge
Lighted highway through mountainside switchbacks
Safely enable the use of generative AI applications with application access control, real-time user coaching, and best-in-class data protection.

Learn how we secure generative AI use
Safely Enable ChatGPT and Generative AI
Zero trust solutions for SSE and SASE deployments

Learn about Zero Trust
Boat driving through open sea
Netskope achieves FedRAMP High Authorization

Choose Netskope GovCloud to accelerate your agency’s transformation.

Learn about Netskope GovCloud
Netskope GovCloud
  • Resources chevron

    Learn more about how Netskope can help you secure your journey to the cloud.

  • Blog chevron

    Learn how Netskope enables security and networking transformation through security service edge (SSE)

  • Events and Workshops chevron

    Stay ahead of the latest security trends and connect with your peers.

  • Security Defined chevron

    Everything you need to know in our cybersecurity encyclopedia.

Security Visionaries Podcast

Neurodivergence in Cyber
Host Emily Wearmouth sits down for a conversation about neurodivergence in cyber with special guest Holly Foxcroft, a neurodiversity consultant and expert on neurodiversity research in the cybersecurity industry.

Play the podcast
Neurodivergence in Cyber
Latest Blogs

Read how Netskope can enable the Zero Trust and SASE journey through security service edge (SSE) capabilities.

Read the blog
Sunrise and cloudy sky
SASE Week 2023: Your SASE journey starts now!

Replay sessions from the fourth annual SASE Week.

Explore sessions
SASE Week 2023
What is SASE?

Learn about the future convergence of networking and security tools in today’s cloud dominant business model.

Learn about SASE
  • Company chevron

    We help you stay ahead of cloud, data, and network security challenges.

  • Leadership chevron

    Our leadership team is fiercely committed to doing everything it takes to make our customers successful.

  • Customer Solutions chevron

    We are here for you and with you every step of the way, ensuring your success with Netskope.

  • Training and Certification chevron

    Netskope training will help you become a cloud security expert.

Supporting sustainability through data security

Netskope is proud to participate in Vision 2045: an initiative aimed to raise awareness on private industry’s role in sustainability.

Find out more
Supporting Sustainability Through Data Security
Thinkers, builders, dreamers, innovators. Together, we deliver cutting-edge cloud security solutions to help our customers protect their data and people.

Meet our team
Group of hikers scaling a snowy mountain
Netskope’s talented and experienced Professional Services team provides a prescriptive approach to your successful implementation.

Learn about Professional Services
Netskope Professional Services
Secure your digital transformation journey and make the most of your cloud, web, and private applications with Netskope training.

Learn about Training and Certifications
Group of young professionals working
Post Thumbnail

This episode features an interview with Marene Allison, Chief Information Security Officer for Johnson & Johnson. Marene was among the first class of women to graduate from the U.S. Military Academy at West Point. She went on to become a Special Agent in the FBI and has held corporate security roles at publicly traded companies such as Medco and Avaya.

On this episode, Marene shares how West Point translated to a security career, the evolution of security over the last decade, and what areas need the most innovation.

We have an awesome job because we get all these new technologies. We get to look at all the different ways an adversary is gonna come after us and then look at how we’re going to secure it.

—Marene Allison, Chief Information Security Officer for Johnson & Johnson
Marene Allison

 

Timestamps

*(02:15): Marene’s background*(12:13): What makes the CISO job so stressful
*(04:09): Marene’s transition into cyber*(20:43): Marene’s favorite domain in cyber
*(05:37): How security has changed over the last decade*(21:45): What areas of cyber need the most innovation
*(07:15): How acquisitions have become easier*(25:15): The Zero Trust approach
*(09:22): Marene’s greatest learning experience in cyber*(29:56): Segment: Quick Hits

 

Other ways to listen:

green plus

On this episode

Marene Allison
Chief Information Security Officer for Johnson & Johnson

chevron

Marene Allison

Vice President and Chief Information Security Officer for Johnson & Johnson, has responsibility for protecting the Information Technology systems and data worldwide through elimination and mitigation of IT risk. She co-leads the IT Risk Management Council and is a member of the Enterprise Compliance Council. Marene joined Johnson & Johnson in September of 2010. Prior to joining Johnson & Johnson, Marene was Chief Security Officer and Vice President for Medco, the largest pharmacy benefit manager in the United States. Marene was responsible for all aspects of the company’s security, regulatory and compliance including, physical and logical security, executive protection as well as HIPPA, Payment Card Industry, Medicare and prescription fraud and IT controls.

Prior to that, Marene was with Avaya as head of Global Security where she worked on securing the World Cup network in Korea and Japan in 2002. Before joining Avaya she was Vice President of Loss Prevention and Safety for the Great Atlantic and Pacific Tea Company.

Connect with Marene on LinkedIn

Jason Clark
Chief Strategy and Marketing Officer at Netskope

chevron

Jason Clark

Jason brings decades of experience building and executing successful strategic security programs to Netskope.

He was previously the chief security and strategy officer for Optiv, developing a comprehensive suite of solutions to help CXO executives enhance their security strategies and accelerate alignment of those strategies with the business. Prior to Optiv, Clark held a leadership role at Websense, where he was a driving force behind the company’s transformation into a provider of critical technology for chief information security officers (CISOs). In a prior role as CISO and vice president of infrastructure for Emerson Electric, Clark significantly decreased the company’s risk by developing and executing a successful security program for 140,000 employees across 1,500 locations. He was previously CISO for The New York Times, and has held security leadership and technical roles at EverBank, BB&T and the U.S. Army.

Marene Allison

Vice President and Chief Information Security Officer for Johnson & Johnson, has responsibility for protecting the Information Technology systems and data worldwide through elimination and mitigation of IT risk. She co-leads the IT Risk Management Council and is a member of the Enterprise Compliance Council. Marene joined Johnson & Johnson in September of 2010. Prior to joining Johnson & Johnson, Marene was Chief Security Officer and Vice President for Medco, the largest pharmacy benefit manager in the United States. Marene was responsible for all aspects of the company’s security, regulatory and compliance including, physical and logical security, executive protection as well as HIPPA, Payment Card Industry, Medicare and prescription fraud and IT controls.

Prior to that, Marene was with Avaya as head of Global Security where she worked on securing the World Cup network in Korea and Japan in 2002. Before joining Avaya she was Vice President of Loss Prevention and Safety for the Great Atlantic and Pacific Tea Company.

Connect with Marene on LinkedIn

Jason Clark

Jason brings decades of experience building and executing successful strategic security programs to Netskope.

He was previously the chief security and strategy officer for Optiv, developing a comprehensive suite of solutions to help CXO executives enhance their security strategies and accelerate alignment of those strategies with the business. Prior to Optiv, Clark held a leadership role at Websense, where he was a driving force behind the company’s transformation into a provider of critical technology for chief information security officers (CISOs). In a prior role as CISO and vice president of infrastructure for Emerson Electric, Clark significantly decreased the company’s risk by developing and executing a successful security program for 140,000 employees across 1,500 locations. He was previously CISO for The New York Times, and has held security leadership and technical roles at EverBank, BB&T and the U.S. Army.

Episode transcript

Open for transcript

Marene Allison: In cyber everything changes every six months, and there's a new lens and there's a whole new set of new technologies that are going to be out there. And as CISO I got to take the new threat, my IT environment that doesn't change as rapidly as security environment does, and then wrap it again and look at what works. I think we have an awesome job because we get all these new technologies. We get to look at all the different ways an adversary is going to come after us. And then look at how we're going to secure it.

Speaker 2: Hello and welcome to Security Visionaries, hosted by Jason Clark, CISO at Netskope. You just heard from today's guest, Marene Allison, Chief Information Security Officer at Johnson & Johnson. At 17 years old Marene took an oath at the US Military Academy at West Point to defend her country against all enemies, foreign and domestic. Today, Marene is upholding another oath to protect her company from invaders trying to steal their data. In the evolving world of cyber security, threats can come at every turn. As security leaders, it's our duty to translate those threats into actionable information for executives. And with a talented team, you'll always be prepared to protect your company from attack. Before we dive into Marene's interview, here's a brief word from our sponsor.

Speaker 3: The Security Visionaries Podcast is powered by the team at Netskope. Netskope is the SASE leader, offering everything you need to provide a fast data centric and cloud smart user experience at the speed of business today. Learn more at N-E-T-S-K-O-P-E.com.

Speaker 2: Without further ado, please enjoy episode 10 of Security Visionaries with Marene Allison, CISO at Johnson & Johnson and your host, Jason Clark.

Jason Clark: Welcome to Security Visionaries. I'm your host, Jason Clark. And today I am joined by an amazing colleague Marene Allison. Marene, how are you doing?

Marene Allison: I'm doing great Jason, thank you for having me. This is a great program.

Jason Clark: Thank you. I'm excited to bring out some of the things that I think that the community will be really interested in about you. You've got a really amazing background. I'm actually jealous of your background, to be honest. I wish I went to West Point. I wish I joined the FBI. And you gone that unique path of yours. I went in the army, but that's a big difference than going to West Point, which many of my family members have been at. So maybe we can start by talking about you being the first class of women to graduate from West Point, and what that still means to you today.

Marene Allison: Yeah, actually I never wanted to go to West Point. I wanted to go to the Air Force Academy. And probably the first person even before we knew the word sponsor that sponsored me and helped me with direction in my life was Margaret Heckler, Congresswoman from Massachusett. She gave me her principal nomination to West Point. And I went sight unseen, never seen the place, walk in and walk out four years later, commissioned as a second lieutenant. And yeah, it was life defining. I'm from Massachusetts, so the idea that women can't do anything that a man can do, and some of those preconceived, I guess the 70s view of the world. I didn't know what that was. And I walked into this environment and I did well, obviously I graduated and I got commissioned in the military police, but that's where I went for electrical engineering. Of course, in the olden days back then we didn't have computer science and we didn't have cybersecurity degrees. So I took electrical engineering and that became my major at West Point and certainly made all the difference, right? It's been huge. I'm president of West Point Women today and represent the over 6,000 women and West Point grads and all that's been accomplished.

Jason Clark: Wow, that's unbelievable. So if you tell us a little bit about that transition into cyber and then that path.

Marene Allison: Well, as I said. I got commissioned as a second lieutenant into the military police, and then I left. What I would say is my second sponsor in my life was General Sam Wetzel, who was on the board of director of a A&P Foods. And he and another female board member were looking for a head of security for A&P female West Point graduate in law enforcement, and that was me. I was the one as an FBI agent in Newark. And then transitioned over into the corporate security, physical security. And then after I left A&P after about 10 years, I went to a via telecommunications. And I was the physical security, global security person in six weeks there. They said to me, "Hey Marene, our head of IT security is leaving. And... Oh, by the way, we are doing the World Cup, the first time we've ever used voice over IP in production. And we need somebody to run our security operation center." Hey, I'm your woman. I'm there. I'm going to do that. And so that was my transition from not being able to spell IT, to running the sock for the World Cup in 2002.

Jason Clark: So, and then you are now right at the J&J or Johnson & Johnson CISO, which you've been there since 2010. So when we think about what things looked like in 2010, versus the state of security in general, the industry today. How would you talk about those differences over the last 11 years?

Marene Allison: So when you look at 2010, we were a client server. People were just starting their big toes. Bezos could only afford a dinging, not a $540 million yacht, and Amazon wasn't making any money. So we were a client server and our networks were the perimeter, not the internet like it is today, not as we are in the digital world. I was over at Medco, a company called Medco, it's no longer in existence. The pharmacy benefit. We had a client website that had data of 65 million Americans on that website. And 2005, putting in HIPAA, Sarbanes–Oxley, and PCI all at the same time to make sure the data was secured. And it gave us a certain level. I use the term, I even use it today is staying ahead of the bear, right? And you're slightly ahead of the bear, but you wanted somebody behind you, but you didn't want to be too far ahead because you were spending too much money in the space. And so it made a huge difference, but it also changed the way we did IT security because of some of those frameworks, it was great. And [inaudible 00:07:03] in there and then NISS came out, and ISO 27001. But they were all just frameworks to help CISO's get better at the craft.

Jason Clark: So we'll talk a little bit more about that, because I think there's been a lot of change in a last 11 years. But I think even right now the amount of change is pretty significant when we sit down and think about where things are going, but just even taking the last two years, which challenging for everybody. But when I think about your shoes, you're coming out with one of the first vaccines and then also dealing with a spit off. Would you say that the acquisitions 10 years ago used to be a lot harder technology wise because you'd want to light up a new lease line or you'd send one of dropship new equipment and we need to get it into South Africa and to Brazil and to Russia, that's a six month project by itself just even get the hardware there versus now in a cloud world you can get things up a lot faster. You can deliver the software, right? To be able to make that happen. Do you think that it's gotten a lot easier from a security standpoint to do acquisitions in the last 10 years?

Marene Allison: Just in general, during acquisitions and divestitures now is a lot easier. If you remember, how long did it take us 10 years ago to set up a server? And then get it all configured and pass through everybody. That was months, days. It certainly wasn't hours, right? The cloud vendors actually helped us change, even if you're doing it internally, they helped because if we were going to be viable, a business value in IT, we had to change how we do things and we had to become automated, right? And so Hey, if I can get a server from a cloud vendor in a few minutes and it takes me three months to do it internally, guess where you're going to go? And so what's happened is just the change to the cloud. And certainly being able to pivot and taking everything and being able to move it to a cloud environment certainly makes it far easier even than putting it on client server if you're doing an internally, no matter how fast it is.

Jason Clark: So think about your amazing background in history. What was one of your greatest learning experiences in cyber specific?

Marene Allison: I think probably a really defining moment for me was in June, 2016 with notPetya. I think for us as CISO's, oh, I can defend against that. Bigger modes, bigger firewalls. I can do this and I'm okay. I'll get more detection and protection will be good. Will be good. When notPetya occurred, it was the realization that you need cyber resilience. If you don't have cyber resilience, you are not going to survive in the new threat environment. And I know I have some very good friends who at the time just said, "Marene, I'm punching out, I'm gone. I'm leaving cyber. I'm going to go back in a venture capital. I'm going to do some other thing," because the CISO having to understand where a company needed to go in the thinking of a company around cyber. And in resiliency is not wholly in the heart of the CISO's realm. It really is the company, right? And we saw then again with the rise of ransomware. Very few CISO's I know were doing backups and restores, but it all became around how you configure your backup and restore, and are you high in availability. And how ransomware comes in and propagates against an environment and the adversary, looking at those things that we did for efficiency, all that automation and dual redundancy, and automated backups also can be your achilles heel in a ransomware event. And so that's where I think for me was that notPetya event was that moment of like, "Okay, now what do we do? And then how do we go forward?" It was less IT security and more information security risk management and cyber resiliency.

Jason Clark: You just hit a number of really important points there, which I want to pull out, which is... We'll start, the first one is the CISO job, it's a very complicated and difficult job because of one, just the stress level of it, is going to happen. You're going to have an event that's going to cause you to miss family vacations or family Christmases, or your best friend's wedding, right? That happens to everyone. So you've got the balance of these stressful moments and how you're managing that combined with trying to not create friction of the business, but needing some level of friction so that there is a little bit of controls in place, maybe speak to your views on what makes the CISO job so stressful. Most CISO's I know after they've done CISO job three times, they say, "Okay, I think maybe I have one more time or I need to go to a smaller company, or I need to jump over to something else. But I just can't go this hard again," right? What do you think does that mean?

Marene Allison: Except for me, Jason. Except for me, right?

Jason Clark: I think living in Florida, right? Maybe it helps you relax a little bit more.

Marene Allison: And I would say that there's a couple of types of CISO's. There are the CISO's that are working a true IT security mission, it's around protecting the IT. And then there are CISO's that really are business executives. IT security is just one small piece of what they do. And then they have cyber risk. They're looking at things like the IT control for Sarbanes–Oxley. And that is a much different role because you're translating all the time. What I know about what's going on versus trying to translate that to the senior executives, it's a fine art. It's absolutely a fine art that we have to do. And having teams of very talented folks that either have government service, technical acumen, business acumen, and bringing that together is a very, very important versus having just an organization, which is primarily security engineers. And the game changed, right? It's... We're all going to board of directors now and talking about cyber risk and operational metrics and do the individuals you were talking to truly understand where a CISO is coming from. And I think that game has changed and being able to articulate it in a manner that makes sense. I raised my hand when I was 17 years old at West Point to defend our country against all enemies, foreign and domestic. And I can tell you even years later, and I won't tell you how many years later. I could still raise my hand and say, "I defend my company against all intruders in those trying to steal or defac