CyberTech Top Voice: Interview with AvePoint’s Dana Simberkoff 

Hello, CyberTech community. Welcome to our CyberTech Top Voice interview series.

The latest CyberTech Interview with AvePoint’s Dana Simberkoff is an interactive Q&A-styled conversation for the CIOs, CISOs, and security managers. October is the “Cybersecurity Awareness Month.” In this interview, Dana shares her views on creating “cybersecurity awareness” as a cultural exercise in modern organizations amid the ever-growing IT and security concerns. Currently, AvePoint’s offers the Confidence Platform to SecOps teams, empowering them to secure fast-evolving digital workplaces.

Join us in shaping the future of cybersecurity. Learn more about how AvePoint can help you achieve your goals.

Here’s what Dana had to say about the need to embrace cyber resilience to fast-track digital transformation journeys in 2024.

Please tell us a little bit about your journey as an IT and security professional. How did you start at AvePoint?

Dana Simberkoff: After attending law school at Suffolk University, I planned to become a practicing attorney. However, I had the opportunity to begin working for a software company focusing on regulatory compliance after graduating, and continued down this career path – and, I find that my law degree has been useful throughout my career in cybersecurity.

I got started in the cybersecurity field when my previous organization worked on operations security projects for our US Department of Defense customers. I researched and became the subject matter expert in DoD OpSec requirements (early precursors to today’s cybersecurity landscape). During this project, I learned about The Department of Navy’s Social Media handbook, named, “Loose tweets sink fleets” – providing guidance for posting, and reminding service members that the audience you reach online is always larger than you intend.

This discovery sparked my passion for cybersecurity and information risk and data protection. I originally joined AvePoint as Senior Director of Risk Management and Compliance in 2012, eventually becoming the company’s Chief Risk, Privacy and Information Security Officer in 2016 – where I currently lead our privacy, data protection, and security programs.

Latest CyberTech News: Thoughtworks and AI Singapore Team Up to Boost AI Reliability

October is Cybersecurity Awareness Month. Could you share your experience on promoting “cybersecurity awareness” as a cultural exercise in modern organizations?

Dana: In today’s digital workplace, cybersecurity is no longer just a C-suite concern.

As organizations’ data environments become increasingly complex to manage and govern, it only takes one person to unknowingly access and share confidential data with an external software tool or bad actor. Ultimately, this supports why proper access control policies are so critical for organizations to prioritize.

 

Cybersecurity must become an organization-wide and cultural priority and it starts at the C-level. That’s why we had our CEO Dr. Tianyi Jiang (TJ) lead this year’s cybersecurity training with me. When the top executive in your organization understands and endorses the value of upskilling colleagues on how to know and spot new cyberthreats, that sends a strong message through the organization.

What are your biggest IT and security concerns? What are your expectations from the current crop of threat intelligence solutions providers?

Dana: Moving into 2025, both AI-powered threats and advancing ransomware capabilities pose the biggest threats to organizations of all sizes. As AI technology evolves rapidly, so will bad actors – who will continue to use these advancements to carry out attacks. From voice impersonation of CEOs to highly targeted phishing schemes, we all need to be vigilant.

Exploration of evolving threats, recent attacks, and the regulatory environment must be a daily exercise for CISOs and security leaders to keep their organization safe.

Threat intelligence is also a key aspect of staying ahead of AI-powered and advanced threat. CISOs should prioritize deploying AI-powered software that can automate data governance, management, and access control – as well as tools that can automate the collection and analysis of threat data.

What is the best way to ensure 100% cyber resilience for today’s digital workplaces? 

Dana: Ensuring cyber resilience in today’s cybersecurity environment starts with implementing robust data governance, management, access, and information lifecycle management policies. Protecting your data environment from threat starts with making sure that information is automatically managed, organized and archived appropriately – reducing risk of potential breach and making it easier and safer for teams to collaborate and share information.

Recommended CyberTech News: CrowdStrike Expands Marketplace to Meet Demand for Cybersecurity

How should CISOs approach data resiliency and modernization goals for their cloud ecosystems? 

Dana: Setting achievable goals for data resiliency and modernization should start with auditing the current IT/data environment, to pinpoint areas of vulnerability – as well as assessing how well the data environment adheres to evolving regulatory frameworks (which should be done regularly). From here, CISOs and security leaders should focus on building highly automated and tailored data classification, lifecycle management, backup, and disaster recovery infrastructure to modernize their cloud ecosystem.

New-age AI platforms and labs have emerged as the biggest risk-centers in the cyber threat landscape. As a security leader, what would be your recommendations to AI organizations that are at risk?

Dana: New generative AI tools and open-source software are being rapidly created and shared every day, and many are being used without the right guardrails and education. In fact, AvePoint’s 2024 AI & Information Management Report reflects this – finding that only 46% of organizations offer AI-specific training, as AI investments continue to skyrocket.

Security leaders must do due diligence to educate employees on how to use these tools safely, how AI uses their data, and which tools are safe to share company information with.

Getting ahead of generative AI is now critical – employees are now adopting these tools, and providing proper use policies is the first step in preventing potential data breach.  

We hear a lot of discussion on cyber insurance and ransomware warranties. What kind of infrastructure and security framework should an organization adopt to successfully implement these security postures against risks?

Dana: While cyber insurance and ransomware warranties are valuable tools, they’re not substitutes for a robust security framework – this is because when data is returned, it’s often not returned in the proper format. Cloud backup tools like AvePoint’s are critical, to provide recovery from point in time that can be restored in its entirety (and to the right teams and channels).

Organizations should focus on building a comprehensive approach that includes strong data protection and backup, data governance, zero trust architecture, and regular risk assessments. It’s crucial to cultivate a security-aware culture through ongoing employee training and to have a well-tested incident response plan. Aligning with industry standards like NIST or ISO 27001 provides a solid foundation. Ultimately, the goal is to create a proactive, risk-based security posture that not only qualifies for better insurance terms but significantly reduces the likelihood of successful attacks.

Young IT professionals are exploring new avenues in the cybersecurity technology markets. What kind of certifications and skills would you likely advocate among these professionals:

Dana: Young security and IT professionals looking to make their resume stand out should definitely prioritize gaining relevant industry certifications, and joining industry associations and forums, to demonstrate their commitment to gaining relevant skills and education within the field.

Young professionals interested in cybersecurity should also always be aware of the current threat landscape, cyber hygiene practices, and evolving technology trends to show security awareness.

How should organizations attract and upskill the current workforce to fill cybersecurity gaps? 

Dana: When it comes to recruiting new talent, having a degree that specifically pertains to security is not as important as gaining hands on experience, and applying a candidate’s critical thinking to make an impact.

New cybersecurity roles should be marketed to applicants beyond computer science and security disciplines.

Organizations should consider qualified individuals from all backgrounds to provide interested candidates with the opportunity to enter the industry, while gaining a fresh perspective/viewpoint within the organization.

Additionally, upskilling your current workforce involves offering customized, constant cybersecurity trainings pertaining to the evolving threat/regulatory landscape, as well as subsidizing certifications for interested employees to gain new relevant skills.

Would you recommend any specific cybersecurity certifications for beginners, intermediate, and advanced-level professionals? 

Dana: Relevant certifications and industry organizations that any cybersecurity professional should prioritize include the Cloud Security Alliance (CSA), Information Systems Audit and Control Association (ISACA), Information Systems Security Association (ISSA) – and certifications including Certified Information Privacy Professional (CIPP), Certified Information Systems Security Professional (CISSP) and Certified Cloud Security Professional (CCSP) – all demonstrating commitment to advancing skills, knowledge and education within the field.

I am a firm believer in the constant pursuit of education and that we should always be learning.

What are your predictions for the upcoming year— which cyber technology buzzword would rule in 2025?

Dana: AI will continue to dominate the conversation in 2025.

As AI-powered threats advance, automated data protection and threat detection tools will continue to evolve in lockstep to safeguard organizations. In the coming year, organizations must balance speed of innovation with adoption – ensuring that new AI technology is implemented safely and responsibly to prevent data incidents.

Thank you so much, Dana, for your delightful insights. We look forward to having you again at the CyberTech Top Voice engagements.

Recommended CyberTech Insights: Fintech’s Digital Fortress Under Attack: Cybersecurity Challenges in 2025

To participate in our interviews, please write to our CyberTech Media Room at news@intentamplify.com