Cherise found her career path early, developing software for publicly traded companies as a teenager. It was no surprise, then, that she found a niche in cybersecurity soon after she graduated from college. Heavily recruited by a number of tech companies, Cherise began work as a “white hat” where she was paid to hack into corporate infrastructure to provide insights into their vulnerabilities. Becoming a cybersecurity professional at such a young age helped open the doors to a number of opportunities, notably moving to New York City to work for one of the Big Four consulting firms to lead multiple security operation centers (SOCs). Her staff of twenty technologists identified IT system vulnerabilities and supported a number of Fortune 500 companies. From there, Cherise embarked on a decade-and-a-half-long career in industrial critical systems (ICS), where she developed global cybersecurity programs for vulnerability management, incident response, and network architecture.
Certifying the World’s First Drilling Rigs for Cybersecurity
While leading a cybersecurity team at Noble Drilling, and a contractor for oil giant Shell, the team was informed that the fleet would have to earn Achilles Practice Certification (APC) in a year’s time or risk losing the Shell contract. To achieve this certification on rigs that spanned the globe was going to be a challenge—in fact, no fleet had ever achieved this before.
It was clear from the beginning of the project that coming into compliance with this standard would be no small feat. Like most compliance standards, APC was written in overbearing technical language that was sometimes very difficult to understand. Cherise realized quickly that in addition to the technical skills required to perform the tasks, her team needed to be able to interpret what the text required them to do. From there, her team had to distill the requirement and determine whether or not Noble Drilling was in compliance. This was a cumbersome process that involved taking the APC requirements, going out to the field to perform the assessment, and then collating the data manually to understand what should be fixed.
While other organizations spend millions on global risk and compliance (GRC) solutions, Cherise had built a team that had the cybersecurity and ICS backgrounds to do the work themselves. While she was fortunate to have this team at Noble Drilling, she realized that many of her peers in the critical infrastructure sectors didn’t have the same level of talent on their teams. Recognizing that the same challenge she’d experienced ten years prior at the Big Four consulting firm remained unsolved a decade later gave her the motivation to co-found SecurityGate.io.
Distilling Technical Jargon into Assessment Workflows for Critical Infrastructure
Cherise’s experience at Noble Drilling is not uncommon among vendors in the critical infrastructure sectors. Because there is minimal governmental regulation on cybersecurity, it is often client requirements that drive action. And if contractors cannot find a way to implement processes to meet the client’s standard, they are at risk of losing their contract. In co-founding SercurityGate.io, Cherise has built the tool that would have optimized her workflow at Noble Drilling in the following ways:
- Distilling technical requirements into actionable steps: SecurityGate.io eliminates the need for your team to spend time researching and interpreting compliance requirements. The platform translates technical jargon into straightforward statements and questions that are easy for your on-the-ground team to understand.
- Bridging the cybersecurity skills gap: Not all organizations in the critical infrastructure have dedicated OT cybersecurity professionals who understand ICS on their team. These specialists are hard to find and often very expensive to hire. SecurityGate.io bridges this skills gap by incorporating expertise from experienced cybersecurity professionals into the platform.
- Providing a cost-effective, easy-to-implement solution: GRC solutions often require a million-dollar budget and result in a lengthy assessment and remediation that may fail to meet the company’s needs. SecurityGate.io reduces the time needed to perform assessments from weeks to hours, and provides insights for the C-suite almost immediately.
Operational Technology is Part of the DNA at SecurityGate.io
As a former manager of a global team in the critical infrastructure sector, Cherise understands that many assessment solutions for operations professionals fall short. Often, these off-the-shelf solutions don’t speak the language or understand ICS requirements. This is the SecurityGate.io difference.
Cherise and her team have created a platform that is purpose-built for critical infrastructure. She notes that OT is in the very DNA of SecurityGate.io, as all of the team members who build, design, and implement the platform have a direct background in OT.
As IT further converges with OT, SecurityGate.io also directly benefits the C-suite by helping them understand their risk posture in an automated fashion. This helps the executive team bridge the gap between on-the-ground operations and the boardroom so executives can both ensure business continuity and prove to clients that their company is in compliance.
Cherise is the cofounder and Chief Product Officer for SecurityGate.io. A cybersecurity expert who has managed a number of CSOCs, Cherise led an implementation across a network of offshore drilling rigs to obtain the first Achilles Practice Certification for a global fleet.