Jane Harper, Senior Director of Information Security Risk Management and Business Engagement | Eli Lilly
The National Cyber Security Alliance is pleased to present the sixth edition of our Board Member Spotlight. Our Board member companies are leaders in cybersecurity education and awareness and are an integral part of making the organization a successful public-private partnership.
Get to know Jane Harper, Senior Director, Information Security Risk Management and Business Engagement at Eli Lilly, in this Board Member Spotlight.
You serve on the Executive Committee and this year, you were selected as Secretary of our Board of Directors. What does this new officer position entail and what does it mean to you?
I am very honored to have been nominated and endorsed to serve by my fellow board members. It is an opportunity to support the National Cyber Security Alliance by helping to govern and shape the future work which has been built on a great foundation.
Why are you a board member of the National Cyber Security Alliance?
The Information Security discipline spends a lot of time looking at shiny boxes and blinking lights. But people are the strongest and weakest link in the information security chain. It is impossible to enable and protect without people. The National Cyber Security Alliance recognizes this and has made it a priority. I am passionate about that priority and I fully support it.
Where do you see the National Cyber Security Alliance fitting in at the intersection of healthcare and technology?
I think we have great opportunities ahead of us. We have the opportunity to help translate what is going on in the industry for many types and sizes of organizations. I also think we have the opportunity to take security awareness and training to the next evolution which includes education and development as foundational competencies.
You hold several designations and certifications in risk management, compliance and security. Is there one that you are most proud of?
I am proud of each one, because each one focuses on a certain discipline. I didn’t grandfather into any of them – not that there is anything wrong with grandfathering, but the journey to get them and demonstrate proficiency was definitely part of the learnings for me.
Cybersecurity Awareness Month is a few weeks away! As you know, the theme for Week 3 is “Explore. Experience. Share” in honor of Cybersecurity Career Awareness Week. What made you want to join the cybersecurity field?
It is a way to give back. I resonate with the ideas of understanding what is valuable and how to protect what’s valuable because of my risk management background. I am also a techie which was the first discipline I added to my risk management background. I held bonafide operational risk roles within an enterprise risk management function in financial services, healthcare, and insurance. I enjoyed the learnings going from helpdesk level 1, to helpdesk level 2, to deskside support, network administrator, and then security analyst. Working with those two disciplines, it was so easy to see that the innovation is necessary but also introduces some risk that needed to be managed. This was a great foundation for my transition to information security. As I started leading infosec programs all over the world, I started focusing on and evangelizing integration of risk principles into information security. I mean we were working on these models back in 2002 but it took years for the industry to realize and catch up. We went from never seeing risk management mentioned in a JD for CISO to risk management being a key requirement. True risk management is a discipline that has been enabling people and companies to meet their goals and objectives for 100+ years. So for me, information security just became another risk to solve for.
What is something new you learned this year in information security/risk management? Are there any topics or trends in your field or work that you are especially focused on today?
I have published before, but I learned this year that publishing as an individual author rather than a co-author or contributor, is easier than I thought it would be. My book, Risk Management 101, will be released soon and writing it reminded me that risk is for everyone, and we all have been doing it since we were babies so I want to help tell that story.
What do you like most about your job?
My team, I really like developing people. It is a very serendipitous role as a leader. The team grows and benefits and you do as well. I have had the pleasure of partnering with and leading some of the most interesting, talented, and hardworking people in the industry and that has stretched me and grown me in ways I would have never imagine twenty years ago when I was starting out.
What was your favorite subject in school growing up?
It really wasn’t a normal class or offering, but two things stand out to me when I think about my education growing up. My grandfather encouraged my tinkering so anything that allowed me to take something apart and put it back together or to design or build was exciting to me. My uncle helped me be more strategic in my thinking by giving me what I thought were really weird puzzles as a kid but turned out to be very helpful when I was put in a special class led by my math teacher. It wasn’t the actual math class, it was an extra 30 minutes after that for a smaller group of us. Our math teacher would give us these complex scenario based word problems. Kind of like the escape rooms today, you would have to figure out the solution with a limited amount of information and deduction. As we got better at it, they wanted us to do it faster. I enjoyed the problem solving individually but especially when we would break out into teams and compete against one another.
If you could be anywhere right now, where would you be?
In Siena, Italy sitting in the Piazza del Campo with friends and family enjoying the culture, food and sites.