Level up: From hostage negotiator to business leader – Sandy Dunn.

December 25, 2023
1 min read

In this article, Sandy Dunn, CISO at Health Payer Idaho, discusses her journey from being a “hostage negotiator” between the business teams and the security team to becoming a business leader in the field of cybersecurity. Dunn emphasizes the importance of maturing and refining skills in the field and shares insights on simplifying knowledge management and becoming a “business listener”.

  • Sandy Dunn has 20 years of experience in cybersecurity
  • She started as a “hostage negotiator” between the business teams and the security team
  • As she matured, her approach to security evolved
  • Dunn emphasizes the importance of simplifying knowledge management
  • She believes in becoming a “business listener” to make the right decisions

Throughout her career in cybersecurity, Sandy Dunn has continually matured and refined her skills. She initially started out as a “hostage negotiator”, constantly negotiating between the business teams and the security team. However, as she matured in her career, her approach to security also evolved.

One of the key insights Dunn shares is the importance of simplifying knowledge management in the field of cybersecurity. She believes that making security easy to understand for all stakeholders is crucial for effective security practices. By simplifying knowledge management, organizations can ensure that security is not seen as a burden or an obstacle, but rather as an essential component of the business.

Furthermore, Dunn highlights the importance of becoming a “business listener” in order to make the right decisions. This means understanding the goals and priorities of the business and aligning security practices accordingly. By actively listening to the needs and concerns of the business teams, security professionals can make informed decisions that support the overall objectives of the organization.

Throughout her career, Dunn has held various roles in cybersecurity, including Competitive Intelligence, Security Engineer, Information Security Officer, Senior Security Strategist, and IT Security Architect. She has also prioritized a risk-based, business-focused approach to cybersecurity, using processes, standards, and threat intelligence to drive strategic security decisions.

It is worth noting that Dunn has a Masters in Information Security Management from SANS and holds several certifications in the field, including CISSP, SANS GSEC, GWAPT, GCPM, GCCC, GCIH, GLEG, GSNA, GSLC, GCPM, Security+, ISTQB, and FAIR. She is recognized as an experienced cybersecurity professional and is an Adjunct Professor at BSU in their Cybersecurity program.

In conclusion, Sandy Dunn’s journey from being a “hostage negotiator” to a business leader in the field of cybersecurity highlights the importance of maturing and refining skills in the industry. By simplifying knowledge management and becoming a “business listener”, security professionals can effectively align security practices with the goals and priorities of the organization, ultimately enhancing overall security maturity.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and