Quantify the value of Netskope One SSE – Get the 2024 Forrester Total Economic Impact™ study

close
close
  • Why Netskope chevron

    Changing the way networking and security work together.

  • Our Customers chevron

    Netskope serves more than 3,400 customers worldwide including more than 30 of the Fortune 100

  • Our Partners chevron

    We partner with security leaders to help you secure your journey to the cloud.

A Leader in SSE. Now a Leader in Single-Vendor SASE.

Learn why Netskope debuted as a leader in the 2024 Gartner® Magic Quadrant™️ for Single-Vendor Secure Access Service Edge

Get the report
Customer Visionary Spotlights

Read how innovative customers are successfully navigating today’s changing networking & security landscape through the Netskope One platform.

Get the eBook
Customer Visionary Spotlights
Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.

Learn about Netskope Partners
Group of diverse young professionals smiling
Your Network of Tomorrow

Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.

Get the white paper
Your Network of Tomorrow
Netskope Cloud Exchange

The Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.

Learn about Cloud Exchange
Aerial view of a city
  • Security Service Edge chevron

    Protect against advanced and cloud-enabled threats and safeguard data across all vectors.

  • SD-WAN chevron

    Confidently provide secure, high-performance access to every remote user, device, site, and cloud.

  • Secure Access Service Edge chevron

    Netskope One SASE provides a cloud-native, fully-converged and single-vendor SASE solution.

The platform of the future is Netskope

Security Service Edge (SSE), Cloud Access Security Broker (CASB), Cloud Firewall, Next Generation Secure Web Gateway (SWG), and Private Access for ZTNA built natively into a single solution to help every business on its journey to Secure Access Service Edge (SASE) architecture.

Go to Products Overview
Netskope video
Next Gen SASE Branch is hybrid — connected, secured, and automated

Netskope Next Gen SASE Branch converges Context-Aware SASE Fabric, Zero-Trust Hybrid Security, and SkopeAI-powered Cloud Orchestrator into a unified cloud offering, ushering in a fully modernized branch experience for the borderless enterprise.

Learn about Next Gen SASE Branch
People at the open space office
SASE Architecture For Dummies

Get your complimentary copy of the only guide to SASE design you’ll ever need.

Get the eBook
SASE Architecture For Dummies eBook
Make the move to market-leading cloud security services with minimal latency and high reliability.

Learn about NewEdge
Lighted highway through mountainside switchbacks
Safely enable the use of generative AI applications with application access control, real-time user coaching, and best-in-class data protection.

Learn how we secure generative AI use
Safely Enable ChatGPT and Generative AI
Zero trust solutions for SSE and SASE deployments

Learn about Zero Trust
Boat driving through open sea
Netskope achieves FedRAMP High Authorization

Choose Netskope GovCloud to accelerate your agency’s transformation.

Learn about Netskope GovCloud
Netskope GovCloud
  • Resources chevron

    Learn more about how Netskope can help you secure your journey to the cloud.

  • Blog chevron

    Learn how Netskope enables security and networking transformation through secure access service edge (SASE)

  • Events and Workshops chevron

    Stay ahead of the latest security trends and connect with your peers.

  • Security Defined chevron

    Everything you need to know in our cybersecurity encyclopedia.

Security Visionaries Podcast

2025 Predictions
In this episode of Security Visionaries, we're joined by Kiersten Todt, President at Wondros and former Chief of Staff for the Cybersecurity and Infrastructure Security Agency (CISA) to discuss predictions for 2025 and beyond.

Play the podcast Browse all podcasts
2025 Predictions
Latest Blogs

Read how Netskope can enable the Zero Trust and SASE journey through secure access service edge (SASE) capabilities.

Read the blog
Sunrise and cloudy sky
SASE Week 2024 On-Demand

Learn how to navigate the latest advancements in SASE and zero trust and explore how these frameworks are adapting to address cybersecurity and infrastructure challenges

Explore sessions
SASE Week 2024
What is SASE?

Learn about the future convergence of networking and security tools in today’s cloud dominant business model.

Learn about SASE
  • Company chevron

    We help you stay ahead of cloud, data, and network security challenges.

  • Careers chevron

    Join Netskope's 3,000+ amazing team members building the industry’s leading cloud-native security platform.

  • Customer Solutions chevron

    We are here for you and with you every step of the way, ensuring your success with Netskope.

  • Training and Accreditations chevron

    Netskope training will help you become a cloud security expert.

Supporting sustainability through data security

Netskope is proud to participate in Vision 2045: an initiative aimed to raise awareness on private industry’s role in sustainability.

Find out more
Supporting Sustainability Through Data Security
Help shape the future of cloud security

At Netskope, founders and leaders work shoulder-to-shoulder with their colleagues, even the most renowned experts check their egos at the door, and the best ideas win.

Join the team
Careers at Netskope
Netskope dedicated service and support professionals will ensure you successful deploy and experience the full value of our platform.

Go to Customer Solutions
Netskope Professional Services
Secure your digital transformation journey and make the most of your cloud, web, and private applications with Netskope training.

Learn about Training and Certifications
Group of young professionals working
Post Thumbnail

Join host Max Havey on the latest episode of Security Visionaries as he sits down with guest Jadee Hanson, CISO at Vanta. Jadee offers an in-depth and insightful look at the intertwining roles of CIOs and CISOs in the high-stakes world of cybersecurity. Tune in to listen to Jadee’s journey, learn about the strategies she’s used to build bridges between security and technology teams, gain insights into the future of CISO roles, and discover why integrated processes and equal accountability are changing the game.

If you’re doing the CISO role correctly, you’re ultimately trying to identify business initiatives that drive success for the organization, which is really not that different than the CIO role itself. And if you can align the CISO function and the CIO function together to address those agreed upon business objectives, the teams working underneath you do a great job coming together to address common outcomes.

—Jadee Hanson, CISO at Vanta
Jadee Hanson, CISO at Vanta


Timestamps

*00:01 - Introduction*10:28 - How influence and educate non-tech teams about security
*02:18 - Exploring the dual roles of CIO and CISO*11:27 - Predicted changes in CISO roles and convergence with CIO duties
*05:27 - Strategies for working with security and tech teams*14:32 - Pivoting the CISO role towards technology strategy and risk
*08:34 - The decision-making and influence of CISO and CIO roles*15:53 - The growing importance around CISO roles and tech decisions

 

Other ways to listen:

green plus

On this episode

Jadee Hanson
CISO at Vanta

chevron

Jadee Hanson, CISO at Vanta

Jadee Hanson is a strategic CIO and CISO with 20 years of experience driving business success for startups and iconic billion-dollar brands, and currently serves as CISO at Vanta.. She boosts revenue and curbs risk through high-level, transformative security and IT strategies and leverages deep subject matter expertise in security technologies to expand the market relevance of security products. Jadee was named one of 2023’s The Forbes CIO Next List, 2022’s Top 25 Women in Cybersecurity by The Software Report and one of 2022’s Top 100 Women in Cybersecurity by Cyber Defense Magazine. She is frequently quoted on security topics, including in Inc. Magazine, Forbes, Wall Street Journal, and CIODive, and is a recognized thought leader within the CISO and CIO community.

Max Havey
Senior Content Specialist at Netskope

chevron

Max Havey

Max Havey is a Senior Content Specialist for Netskope’s corporate communications team. He is a graduate from the University of Missouri’s School of Journalism with both Bachelor’s and Master’s in Magazine Journalism. Max has worked as a content writer for startups in the software and life insurance industries, as well as edited ghostwriting from across multiple industries.

LinkedIn logo

Jadee Hanson, CISO at Vanta

Jadee Hanson is a strategic CIO and CISO with 20 years of experience driving business success for startups and iconic billion-dollar brands, and currently serves as CISO at Vanta.. She boosts revenue and curbs risk through high-level, transformative security and IT strategies and leverages deep subject matter expertise in security technologies to expand the market relevance of security products. Jadee was named one of 2023’s The Forbes CIO Next List, 2022’s Top 25 Women in Cybersecurity by The Software Report and one of 2022’s Top 100 Women in Cybersecurity by Cyber Defense Magazine. She is frequently quoted on security topics, including in Inc. Magazine, Forbes, Wall Street Journal, and CIODive, and is a recognized thought leader within the CISO and CIO community.

Max Havey

Max Havey is a Senior Content Specialist for Netskope’s corporate communications team. He is a graduate from the University of Missouri’s School of Journalism with both Bachelor’s and Master’s in Magazine Journalism. Max has worked as a content writer for startups in the software and life insurance industries, as well as edited ghostwriting from across multiple industries.

LinkedIn logo

Episode transcript

Open for transcript

0:00:01.6 Max Havey: Hello and welcome to another edition of Security Visionaries, a podcast all about the world of cyber data and tech infrastructure, bringing together experts from around the world and across domains. I'm your host, max Havey, and today we're talking about the roles of CIO and CISOs with our guest, Jadee Hanson, CISO At Vanta. Jadee, welcome to the show.

0:00:21.2 Jadee Hanson: Thanks for having me.

0:00:22.4 Max Havey: So to get things started here, can you share a little bit about your career background? I know you've worked for a number of companies and done a lot of different security leadership roles over the years. Can you give us a little bit of a background here?

0:00:31.8 Jadee Hanson: You bet. Yeah. I got into cyber pretty young. I actually started doing cyber work at my high school, believe it or not, worked for the technology coordinator at my high school. We did all sorts of different things for the school. He had me putting together computers in order to save money for our school district, which was sort of like my entry into the world of tech and the world of cyber. I started my career at Deloitte doing pen testing, security audit work, and this is when I moved into my first management role. I then moved over to Target Corporation where I decided to be part of every function of the cyber team there. When I finally decided I didn't want to travel that much anymore and move into more of a startup role, I moved over to Code 42. At Target I got an intro into the startup world because I did a lot of due diligence for some of the companies that Target Corp bought.

0:01:35.0 Jadee Hanson: We actually purchased a few small Silicon Valley based tech companies when I was at Target. And so got a little bit of a intro into the startup world that way and really enjoyed the culture of the startup world, how fast paced it moved and decided to join Code 42 and was at Convery two in the CIO CISO role for about eight years and then recently moved over to Vanta. And Vanta we're also a security software company and we're really building a product that changes how people think about the governance risk and compliance section of a security program.

0:02:18.6 Max Havey: Absolutely. So I know in your past role you talked about having both sort of a CIO and a CISO role. Can you tell us a bit about what it was like navigating that sort of dual role operating on both sort of the technology and the security side of things? I know they can often be opposing forces, so can you tell us a little bit about how that functioned?

0:02:34.7 Jadee Hanson: Yeah, I think many of the listeners probably know that CIOs are sort of like always pushing new technology investments while the CISO role is cautiously bringing up risks with new technologies. And so my running joke was that holding both roles, I was able to have an internal argument with myself every day, but CIO roles and the CIO role that I held is really a strategic business leader role. And I think that is how my boss saw me while I was at Code 42 leading the security team. So while I was the CISO at code 42, I was reporting directly to our CEO and I had a chance to be part of many of the strategic business decisions being made. And I think my leader at the time saw me beyond a cyber leader and recognized that I had a strong business sense and that is what ultimately ended up getting me the CIO role. And I do think that the CIO role and the CISO role are more alike than they probably are different both c-level roles in an organization. And in that regard, both roles should be focused on having that strong business sense and the strong ability to evaluate risk to make sure that you're making the right technology decisions for the organization.

0:04:01.5 Max Havey: And so I think I maybe was a little bit leading in my question before, but so in taking on both of those roles then, did you run into that sort of opposing forces the way that technology teams are trying to optimize for performance a lot of the time or securities trying to make sure there are proper controls around it? Were you running into those sorts of issues as you were doing those two roles concurrently?

0:04:19.9 Jadee Hanson: Yeah, I mean I think it's trade-offs, it's 100% trade-offs and understanding and evaluating each technology decision from like a cost benefit analysis, risk outcome analysis to really make the best decision and having both roles report directly to me. I think that certainly helped bridge that gap at Code 42 and then as well at Vanta, I do have the IT teams reporting directly to me, and I think it's a model that a lot of CISOs in smaller companies have in place today that certainly I think works really well. If you're doing the CISO role correctly, you're ultimately trying to identify business initiatives that drive success for the organization, which is really not that different than the CIO role itself. And if you can align the CISO function and the CIO function together to address those agreed upon business objectives, the teams working underneath you, I think do a great job coming together to address common outcomes.

0:05:27.8 Max Havey: Absolutely. And in that same vein, what are some strategies that you came across while having these dual roles that you'd recommend other CISOs who are looking to bridge that gap within their organization as well? What sorts of strategies or advice would you offer to them around that?

0:05:40.3 Jadee Hanson: Yeah. I think one of the most impactful strategies that I pushed within the teams is the concept of integrated processes. So there are many different desired outcomes that require the participation of security and IT, and by developing this like joint process to deliver the outcomes, you find that the teams really come together. It's much like I said before in terms of finding joint goals so that each team is committed to the final outcome or the final success. Simple example would be like a zero day patching process. Security certainly has a vested interest that things get patched and get completed, but they definitely need to rely on IT to make it happen. And so by implementing like a framework and a process where both parties are involved and held accountable to the final outcome, you see the teams work a lot closer together.

0:06:38.8 Max Havey: Absolutely. That equal accountability, I think cross-functionality is a word that gets thrown around in that as well. And last season our theme was around the idea of security as a team sport. And I think bringing it together in that sort of way and thinking toward those joint goals is a great way to think about security and infrastructure as a team sport.

Max Havey: Definitely. It's the same sort of cross-functional thinking and working cross-functionally while also working independently and finding a way to bring those things together so that you can do this in the best possible way and get the best possible outcome.

0:06:55.0 Jadee Hanson: Yeah, absolutely. We're in large part influencing without authority and so trying to get everybody accountable to security and many times I say to the Vanta organization, Security is everyone's responsibility and really does require everyone's participation.

0:07:14.1 Max Havey: As someone who does have years of CIO experience too, how is that sort of influencing the way that you are approaching your role as a CISO now?

0:07:21.0 Jadee Hanson: Yeah, again, I'll go back to the concept of the CISO role is really a strategic leader role within the organization and we want the best for the business and we want the best business outcomes. And that's no different than the CIO role. And so when I think about like the CIO role, my job previously was to choose all the right technology for the organization, make sure we're making all the right trade-off choices, make sure we're financially responsible. The CISO role that I have today, I have elements of IT as part of that, but it really is very similar in the sense that from a security perspective, I wanna influence in the right places so that we have the right business outcomes. I want to make sure that we're like applying the right security practices in place in order to make sure that we don't have any sort of ancillary impact of event. And so I don't see it really that different. I think many of the c-level roles in an organization have their area of expertise, but at the end of the day, really it's about like strategic decision making to impact the business in a positive way.

0:08:34.8 Max Havey: Absolutely. To an extent you are finding ways to help make those decisions regardless of your role, whether you're a CISO or a CIO, you are still making those business level decisions and helping to enable the business at large regardless of whether you're talking about security or the technology or some amalgam of both.

0:08:50.5 Jadee Hanson: Yeah, absolutely.

0:08:53.8 Max Havey: A word you keep saying that I kinda wanna double click on here. As you talk about the idea of creating influence in between all of these different teams and working cross-functionally, what are some ways that you create that influence to try and help folks to better understand the needs of say like a technology team or of a security team to get them to see why this is an important thing they should be taking seriously?

0:09:11.0 Jadee Hanson: Yeah I think a lot of it has to do with like approach. And so as I think about the way that we work at Vanta, we focus very much on principles of being approachable and being a partner and collaborating and certainly not being the department of no, but the department of come to us with a problem and let's help get to the best outcome for the organization. I think that having that type of approach across the organization ends up getting us the right impact. Again, I'll go back to the fact that we really are influencing without authority. We don't get to make the decisions in every organization. And so some of our most important work is getting the right influence into the organization, educating them with the right education aspects that they need to making sure that we take the time to explain the why. Not everybody sees what we're seeing from the external landscape. And so taking time to make sure they understand, hey, these are the threats that we're seeing externally that may impact what you're doing. And describing that so that we're not coming in and just saying it must be done this way, but we're really educating as part of that.

0:10:28.7 Max Havey: That education part seems especially important as we talk about the idea of CISO becoming more prevalent in the boardrooms and being more prevalent, talking to like higher level executives within a company. I think being able to influence and to educate the folks who who are not technical, who don't have that sort of background with security or with technology to help them to understand, I think that's a key to all of this.

0:10:48.6 Jadee Hanson: Yeah, absolutely. Our job is really to take the concepts that we know and turn them into like higher level business language that turns into like impact for them. Like how could this impact your ultimate objectives?

0:11:05.3 Max Havey: Absolutely. And thinking a bit bigger thinking, further down the line here, the idea of convergence gets talked about a lot when you talk about CISOs and CIO roles. What sort of your vision as you're looking at the future of these sorts of roles, what sorts of changes do you believe are in store for the CISO role over the coming years as it relates to the technology side of things?

0:11:27.3 Jadee Hanson: In terms of the CIO role and the CISO role convergence, let me address that first. I think in a lot of like smaller and mid-market companies, the CISO role will end up having responsibility over it. And so you could almost argue that it's somewhat of a combined role without like the named CIO aspect of it. In larger companies, I think it'll still stay largely separate, but I do see a world where these two organizations work very much hand in hand and are seen more as equal as it relates to the future of the CISO role for the coming years. I think it's important to remember that the CISO role is still a relatively new C-level role. So I think there's going to be constant changes as things move forward. That said, there are two primary changes I think that are in store for us more in the coming years and the first being an increased strategic importance or increased responsibility within the organization.

0:12:33.5 Jadee Hanson: So CISOs are starting to be seen more and more than just technology leaders in an organization and instead seen as one of the strategic leaders of the company that hold that collective interest for positive business outcomes among the rest of the leadership team. I think that is a very much a change from what we've seen in the past. CISOs are starting to play that like integral role in shaping business strategy, balancing the right like risks and then resilience as the company grows. And at the enterprise level we almost see this increased strategic importance being driven in large part by like all the aspects of what's happening with the SEC and the SEC holding large enterprise public companies accountable for CISO actions and CISOs are now at that level of being held accountable for key disclosures for shareholder requirements, which is certainly elevating the CISO role leading to just a much broader and more impactful role for that CISO.

0:13:40.2 Jadee Hanson: I think the second sort of change I see in the coming years for the CISO role is this shifting of the role from just that peer security play to that of like technology strategy and risk. So a little bit more of like that CIO convergence and a little bit more of like the chief risk officer convergence. So in many cases today's CISOs hold many of the same responsibilities as CIO and chief risk officer, we talked about this before, but many responsibilities for making key technology decisions within the organizations end up landing in the CISOs lab. And then the CISO role today has moved beyond just security and technology, but instead having a seat at the table to evaluate security as like solutions are being brought into the organization.

0:14:32.9 Max Havey: And having that visibility at the front end if CISOs are being held accountable for more things like around SEC filings and disclosures and things of that sort. I think being able to have that sort of vision into what technology is risky, what practices can we do to eliminate this risk, having those things on the front end versus when you find out about them as they're happening. I think that's a key strategy for making your security and your technology better at the same time I've heard from a lot of security leaders over the years of working on this show is that having a proactive approach is one of the keys to being a good CISO and to having a good security strategy as an organization.

0:15:11.1 Jadee Hanson: Yeah, 100%. As many times as we can get involved early, there's a bunch of studies out there of the cost of doing a security change early and even just like the development cycle versus trying to implement a change in a product after the product's been shipped. And certainly like the cost is incredibly low if you can get involved early and influence the right people to make the right decisions versus after the fact.

0:15:38.0 Max Havey: Absolutely. And I guess to wrap things up here, what excites you most as someone who's been in the security industry in CISOs and CIO roles? What excites you about seeing these sorts of roles converging and seeing the responsibilities coming together around technology and security?

0:15:53.6 Jadee Hanson: I think the thing that excites me is from a CISO perspective, we've been jumping up and down saying, Hey, pay attention to us for years and recently I think we've gotten a lot of limelight, a lot of spotlight sort of pointed on the CISO role. And I think that in many cases that's a good thing. Certainly we have more to do to make sure that government bodies understand our space really deeply. But that said, I think that having the visibility to the role and what we do and how we operate is really, really important. And that excites me. I think also what I'm seeing in the industry of like more and more technology decisions becoming part of the CISO role too. So you would think of like the CIO decision making on technology, and this partnership with like the CISO and now you sort of see like CISOs leading different technology teams and decision making happening at the CISO role, which I think is incredibly important. And it's really exciting because I think in that regard, the CISO's not just holding on and trying to catch up, but they're part of the decision making process.

0:17:12.8 Max Havey: Definitely no longer playing catch up and finally getting their time in the spotlight, their time to shine and their time to lead the pack.

0:17:18.0 Jadee Hanson: Absolutely.

0:17:18.9 Max Havey: Absolutely. Well, Jadee thank you so much for taking the time here today. This was an excellent conversation digging into sort of the dichotomy between the CIO and the CISO roles and how they converge. So thank you so much for taking the time. We really appreciate it.

0:17:30.2 Jadee Hanson: Yeah, absolutely. Thank you so much for having me.

0:17:32.7 Max Havey: Absolutely. And you've been listening to the Security Visionaries podcast. I've been your host, Max Havey, and if you've enjoyed this episode, share it with a friend and subscribe to Security Visionaries on your favorite podcast platform. There you can listen to our back catalog of episodes and keep an eye out for new ones, dropping every other week, hosted either by me or my co-host, the wonderful Emily Wearmouth. And with that, we'll catch you on the next episode.

Subscribe to the future of security transformation

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.