Being a leader requires many different traits. One of the most important traits is having a vision for the organization and executing on that vision. With passion, determination and knowledge, a leader can achieve their long-term goals. Anita D’Amico, Ph.D., CEO of Code Dx, Inc. is one such leader who envisions a future technology or process — particularly in cybersecurity, and is creating the technical road map to achieve that vision.
Below are the highlights of an interview conducted between CIO LOOK and Anita D’Amico:
Kindly take us through your journey on becoming a leader.
My journey began more than 35 years ago working in advanced technology and then more specifically cybersecurity. For the first half of my career, I worked in almost exclusively male fields; there were literally no women executives where I worked. So, I observed the men who were successful leaders, and even asked some to mentor me. I learned from them and then adapted those lessons into a style of leadership that suited me. Over the years, I have honed a way of asking questions, communicating, and working with others that is my own leadership style. Several men who were mentors influenced my growth as a leader. But I think my leadership style was molded from those early years when I was both trying to fit in, yet also stand out for my competence.
My background in experimental psychology gives me a unique perspective on cybersecurity, and affected the technical and leadership roles I’ve taken on. As a human factors psychologist, I have a passion for helping security professionals better understand the state of their cybersecurity, streamline their workflow and be able to make more effective and efficient decisions.
My leadership of Code Dx is representative of that. Our Code Dx Enterprise Application Security Management System automates labor-intensive Application Security (AppSec) processes and provides security analysts with a cohesive set of information they can use to make faster and more effective decisions about prioritizing and remediating software vulnerabilities.
How do you diversify your organization’s offerings to appeal to the target audience?
Our target audience includes software developers and security professionals. These individuals are faced with the challenge of ensuring that their organization’s applications are secure; however, the tools and processes available to them are disjointed and labor-intensive. They typically work with several point solution products designed for static code analysis, dynamic application penetration testing, and software composition analysis. And they engage in time-consuming processes for AppSec testing, correlation of results, triage, prioritization, remediation, reporting, and compliance verification.
Code Dx Enterprise is different because it brings all these fragmented tools and processes together into a single platform and automates many of the processes. So, wherever a user is in the AppSec workflow, there’s a good chance that Code Dx is offering a capability that makes them more effective or efficient. For example, Code Dx automates the correlation and de-duplication of results from many different AppSec testing tools; it also creates a unified, correlated view of application security that can be used for prioritizing vulnerabilities for remediation; it tracks remediation progress; and offers multi-level reports of software security status. With Code Dx Enterprise, the AppSec process can be accelerated, vulnerabilities fixed faster, and costs reduced.
What are the crucial traits which every CEO must possess?
There are a number of traits CEOs must possess in order to be successful leaders. First, a CEO must have the ability to motivate his or her team.
I also believe a CEO must be able to build trusting relationships with other organizations. Building strong relationships with clients is essential to the growth of the organization. Building trust with technical partners expands market opportunities. And building trust with those who support the company’s infrastructure, such as financial and technology providers, gives the organization a solid foundation in which to operate. Furthermore, there is no question that CEOs must have the ability to communicate to a variety of audiences. They must be able to represent the company at different levels of abstraction from a more visionary, strategic level down to a more granular level.
Lastly, an essential trait of a CEO is that he or she must be able to stay focused on the big picture and not react too quickly to smaller incidents or opportunities – always keeping the larger vision in mind.
As per your opinion, what roadblocks or challenges are faced by CEOs in business? And what is your advice to overcome them?
Being a startup in an emerging market can pose many challenges. Code Dx fits into two emerging markets as defined by Gartner: Application Vulnerability Correlation and Application Security Testing Orchestration. In this earlier stage of market maturity, there is typically no consensus on all the technical capabilities that a product or solution should offer; what customers consider essential capabilities evolves over time. As the market matures, the sophistication of the customers and the solutions grow.
This is the situation in which Code Dx happily finds itself. As customers use products like Code Dx Enterprise, they get hooked on what it offers and they want more. So, the challenge we continually face is keeping up with and predicting what the market expects to see in the next versions of our solution, whether it’s next year or years down the road. The way we address this challenge is having a very nimble way of responding to requirements. Our process is to first develop a quick prototype of the capability and get it into the hands of our customers to evaluate. We then build that capability out as there is increasing demand from the market. Being agile is key.
Another big challenge for any startup is generating revenue. Startups live and die based on revenue generation whether they are funded or not. My advice to overcome this challenge is to use multiple avenues for generating sales. At Code Dx, we make our product available for sale through many channels: direct sales, resellers, partners and OEMs. It’s particularly important to build strong relationships with resellers and service partners, as they are force multipliers. We feed opportunities to our overseas resellers and partners, who are better positioned to engage with customers. I believe it is important to support and respect our channel partners.
How do you upgrade yourself with ever-evolving technological trends to boost your personal and company’s growth?
To be successful and to grow, it is important to be open to new ideas. I come from an R&D background. Our company was actually spun out of Secure Decisions, the cybersecurity R&D division of Applied Visions, Inc. In my 20 years in cybersecurity R&D, I’ve been able to keep my thumb on the pulse of what is in the laboratories, because I continue to look at what’s happening in R&D. I also follow what’s being funded and what’s being published by university researchers.
As an automated security solution provider, what is your contribution in evolving industry of security services?
Our contribution to the AppSec industry is our dedication to understanding the barriers software developers and security analysts face in producing secure software, and developing solutions to overcome those barriers. By automating many different disjointed processes and point solution products on the market, we make sure that everyone engaged in AppSec gets more value out of the processes and products they use, and save time and money throughout the software development lifecycle.
What will be your future endeavors and/or where do you see yourself in the near future?
Right now, the AppSec market is siloed from the network security market. I see Code Dx as bridging that gap in the near future. We are already starting to move in that direction by adding information about infrastructure vulnerabilities into our application security management system. This will enable security analysts and CISOs to more clearly understand the security risk that is posed to an entire application whether it originates from the application’s code or from the various computing assets (i.e. server, workstation) on which that code resides.